Python 连接到上游时,Docker:connect()到unix:/tmp/Gunicorn.sock中NGINX和Gunicorn的权限错误(13:权限被拒绝)
我有一个运行了Gunicorn、NGINX和Docker compose的Python Flask应用程序。我在提交HTTP帖子时遇到以下错误。我在LinuxMint主机上运行这个Python 连接到上游时,Docker:connect()到unix:/tmp/Gunicorn.sock中NGINX和Gunicorn的权限错误(13:权限被拒绝),python,docker,nginx,gunicorn,Python,Docker,Nginx,Gunicorn,我有一个运行了Gunicorn、NGINX和Docker compose的Python Flask应用程序。我在提交HTTP帖子时遇到以下错误。我在LinuxMint主机上运行这个 nginx_1 | 127.0.0.1 - - [18/Oct/2019:20:49:47 +0000] "GET /v1/simulations HTTP/1.1" 502 157 "-" "PostmanRuntime/7.18.0" nginx_1 | 2019/10/18 20:49:47 [crit
nginx_1 | 127.0.0.1 - - [18/Oct/2019:20:49:47 +0000] "GET /v1/simulations HTTP/1.1" 502 157 "-" "PostmanRuntime/7.18.0"
nginx_1 | 2019/10/18 20:49:47 [crit] 6#6: *1 connect() to unix:/tmp/gunicorn.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: example.com, request: "GET /v1/simulations HTTP/1.1", upstream: "http://unix:/tmp/gunicorn.sock:/v1/simulations", host: "localhost:5000"
version: "3"
services:
server:
image: grip-server_server
build:
context: .
args:
GRIP_ENVSET: ${GRIP_ENV}
volumes:
- ".:/gripcode"
- "/tmp:/tmp"
# Mount the Docker socket so that other Docker images can be started up.
- "/var/run/docker.sock:/var/run/docker.sock"
- "/tmp/gunicorn.sock:/tmp/gunicorn.sock"
environment:
- PORT=5005
- GRIP_ENV=${GRIP_ENV}
- JWT_ACCESS_TOKEN_EXPIRES=${JWT_ACCESS_TOKEN_EXPIRES}
- JWT_REFRESH_TOKEN_EXPIRES=${JWT_REFRESH_TOKEN_EXPIRES}
- DOCKER_HOST=${DOCKER_HOST}
network_mode: host
depends_on:
- redis
- celery
- nginx
# Listening on port 5005
nginx:
# restart: always
build: ./nginx
ports:
- "5000:5005"
volumes:
# - .:/www/static
# - web-data:gripcode
- ".:/gripcode"
- "/tmp:/tmp"
- "/tmp/gunicorn.sock:/tmp/gunicorn.sock"
network_mode: host
# Listening on port 5000
redis:
image: redis
restart: on-failure
container_name: redis
network_mode: host
# Listening on 6379
#rabbitmq:
# image: rabbitmq:3
# restart: on-failure
# container_name: redis
# network_mode: host
# # Listening on 5672 and 15672
# #environment:
# #- redis_DEFAULT_USER=user
# #- redis_DEFAULT_PASS=password
celery:
image: grip-server_celery
build: .
restart: on-failure
command: bash -c "bash ./bin/wait_for_broker.sh && bash ./bin/fix_celery_naming.sh && celery -E -A components.grip_sim_api_server.server.celery worker --pool gevent" # Debugging: -l debug
volumes:
- .:/gripcode
- "/tmp:/tmp"
- "/var/run/docker.sock:/var/run/docker.sock" # To be able to start the GridLAB-D docker image
network_mode: host
depends_on:
- redis
environment:
- CELERY_BROKER_URL=redis://127.0.0.1:6379
- CELERY_RESULT_BACKEND=redis://127.0.0.1:6379
#- CELERY_BROKER_URL=amqp://guest:guest@localhost:5672
#- CELERY_RESULT_BACKEND=amqp://localhost
- DOCKER_HOST=${DOCKER_HOST}
- DEBUG_CELERY=${DEBUG_CELERY} # True to enable remote debugging
- CELERY_RDB_PORT=${CELERY_RDB_PORT}
tty: true
omf:
image: presence/omf:latest
restart: on-failure
#build:
# context: .
# args:
# GRIP_ENVSET: ${GRIP_ENV}
working_dir: /home/omf/omf/scratch/GRIP
command: grip.py
network_mode: host
# Listening on port 5100
flower:
#image: mher/flower
image: grip-server_flower
build: .
restart: on-failure
command: bash -c "bash ./bin/wait_for_broker.sh && flower -A components.grip_sim_api_server.server.celery worker --address=0.0.0.0 --port=5555 --logging=debug --pool gevent"
working_dir: /gripcode
volumes:
- .:/gripcode
depends_on:
- redis
- celery
environment:
- CELERY_BROKER_URL=redis://127.0.0.1:6379
- CELERY_RESULT_BACKEND=redis://127.0.0.1:6379
#- CELERY_BROKER_URL=amqp://guest:guest@localhost:5672
#- CELERY_RESULT_BACKEND=amqp://guest:guest@localhost:5672
network_mode: host
# Listening on port 5555
network_mode: host
FROM library/python:3.7-stretch
RUN apt-get update && apt-get install -y python3 python3-pip \
postgresql-client \
# TODO - Might not need this any longer with GridLAB-D on its own container
# GridLAB-D requires this library
# libxerces-c-dev \
# For VIM
apt-file \
vim \
#for Docker (spin up another Docker container sibling from inside this container)
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common \
#python3-distutils
python-distutils-extra
#RUN yes | apt-get install rabbitmq-server
# Install Docker, to be able to run sibling docker containers
RUN add-apt-repository \
#FROM tutum/nginx
FROM nginx:1.17.4
#RUN rm /etc/nginx/sites-enabled/default
#COPY sites-enabled/ /etc/nginx/sites-enabled
COPY nginx.conf /etc/nginx
# RUN chown -R nginx:nginx /etc/nginx
RUN chown -R ${USER}:${USER} /etc/nginx
FROM library/python:3.7-stretch
RUN apt-get update && apt-get install -y python3 python3-pip \
postgresql-client \
# TODO - Might not need this any longer with GridLAB-D on its own container
# GridLAB-D requires this library
# libxerces-c-dev \
# For VIM
apt-file \
vim \
#for Docker (spin up another Docker container sibling from inside this container)
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common \
#python3-distutils
python-distutils-extra
#RUN yes | apt-get install rabbitmq-server
# Install Docker, to be able to run sibling docker containers
RUN add-apt-repository \
#FROM tutum/nginx
FROM nginx:1.17.4
#RUN rm /etc/nginx/sites-enabled/default
#COPY sites-enabled/ /etc/nginx/sites-enabled
COPY nginx.conf /etc/nginx
# RUN chown -R nginx:nginx /etc/nginx
RUN chown -R ${USER}:${USER} /etc/nginx
worker_processes 1;
user nobody nogroup;
# 'user nobody nobody;' for systems with 'nobody' as a group instead
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # set to 'on' if nginx worker_processes > 1
# 'use epoll;' to enable for Linux 2.6+
# 'use kqueue;' to enable for FreeBSD, OSX
}
http {
include mime.types;
# fallback in case we can't determine a type
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
sendfile on;
upstream app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
# for UNIX domain socket setups
server unix:/tmp/gunicorn.sock fail_timeout=0;
# for a TCP configuration
# server 192.168.0.7:8000 fail_timeout=0;
}
#server {
# # if no Host match, close the connection to prevent host spoofing
# listen 80 default_server;
# return 444;
#}
server {
# use 'listen 80 deferred;' for Linux
# use 'listen 80 accept_filter=httpready;' for FreeBSD
listen 5000;
client_max_body_size 4G;
# set the correct host(s) for your site
server_name example.com www.example.com;
keepalive_timeout 5;
# path for static files
# root /path/to/app/current/public;
location / {
# checks for static file, if not found proxy to app
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
proxy_buffering off;
proxy_pass http://app_server;
}
# error_page 500 502 503 504 /500.html;
# location = /500.html {
# root /path/to/app/current/public;
#}
}
}
我在主Docker compose文件中配置了端口绑定(“5000:5005”)和主机网络。我在Mac上工作的方法是删除主文件中的端口绑定,只在主文件中保留主机网络,然后在Mac Docker Compose override文件中使用默认网桥网络覆盖主机网络,然后在Mac override Docker Compose文件中添加端口绑定
另一个问题是,我试图在Docker Compose中实现端口5000到端口5005的映射,但这实际上是NGINX配置的责任。我在Docker中需要做的就是公开NGINX和Flask/Gunicorn应用程序的端口。这是通过主文件中的主机网络隐式完成的(5000:5000,因为我使用的是非默认的NGINX端口),并通过端口绑定显式地在Mac Docker Compose override文件中完成的(5005:5005,对于Gunicorn/Flask,也是非默认端口)。然后,NGINX本身根据NGINX配置将代理从5000(NGINX)反转为5005(Gunicorn)。这是跨Docker容器的。我在Docker主文件中配置了端口绑定(“5000:5005”)和主机网络。我在Mac上工作的方法是删除主文件中的端口绑定,只在主文件中保留主机网络,然后在Mac Docker Compose override文件中使用默认网桥网络覆盖主机网络,然后在Mac override Docker Compose文件中添加端口绑定
另一个问题是,我试图在Docker Compose中实现端口5000到端口5005的映射,但这实际上是NGINX配置的责任。我在Docker中需要做的就是公开NGINX和Flask/Gunicorn应用程序的端口。这是通过主文件中的主机网络隐式完成的(5000:5000,因为我使用的是非默认的NGINX端口),并通过端口绑定显式地在Mac Docker Compose override文件中完成的(5005:5005,对于Gunicorn/Flask,也是非默认端口)。然后,NGINX本身根据NGINX配置将代理从5000(NGINX)反转为5005(Gunicorn)。这是Docker集装箱的问题。你能解释更多吗?我的错误是“gunicorn.sock失败没有这样的文件或目录”,你能解释更多吗?我的错误是“gunicorn.sock失败,没有这样的文件或目录”