Nginx cannot access uWSGI unix socket on CentOS 7

I configured uWSGI to serve my Django application on a unix socket, and Nginx to serve as a proxy for that socket. The server is running CentOS 7. I think I have configured Nginx so that it has read / write permission to the uWSGI socket, but I am still getting permission denied. Why is Nginx unable to access uWSGI socket on CentOS 7?

[uwsgi]
socket=/socket/uwsgi.sock
virtualenv=/home/site/virtsite/
chdir=/home/site/wsgitest/
module=wsgitest.wsgi:application
vhost = true
master=True
workers=8
chmod-socket=666
pidfile=/home/site/wsgitest/uwsgi-master.pid
max-requests=5000
chown-socket=nginx:nginx
uid = nginx
gid = nginx
listen.owner = nginx
listen.group = nginx

      

server {
    listen 80;

    location / {
        uwsgi_pass unix:///home/site/wsgitest/uwsgi.sock;
        include uwsgi_params;
    }
}

      

uwsgi --ini uwsgi.ini (as root)

ls -l /home/site/wsgitest/uwsgi.sock
srwxrwxrwx. 1 nginx nginx 0 Oct 13 10:05 uwsgi.sock

      

2014/10/12 19:01:44 [crit] 19365#0: *10 connect() to unix:///socket/uwsgi.sock failed (13: Permission denied) while connecting to upstream, client: 2.191.102.217, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///socket/uwsgi.sock:", host: "179.227.126.222"

      

+3


source to share


3 answers


Nginx and uWSGI config are correct. The problem is that selinux has been disabled by selinux for socket access. This results in a share denied error in the Nginx log, the important messages are actually in the selinux audit log.

# show the new rules to be generated
grep nginx /var/log/audit/audit.log | audit2allow

# show the full rules to be applied
grep nginx /var/log/audit/audit.log | audit2allow -m nginx

# generate the rules to be applied
grep nginx /var/log/audit/audit.log | audit2allow -M nginx

# apply the rules
semodule -i nginx.pp

      



You may have to create rules multiple times trying to access the site after each pass, as the first selinux error might not be the only one that might be generated.

These steps were taken from this blog post , which provides more details on how to research and what kind of outcome you will get.

+12


source


Configure uwsgi.ini with uid and gid.

#uwsgi.ini
uid = nginx
gid = nginx

      



Hello,

+1


source


I would like to comment :( Everything looks great from here except the unix socket path.

unix:///socket/uwsgi.sock failed (2: No such file or directory)

      

Docs says it only has one slash

uwsgi_pass unix:/tmp/uwsgi.socket;

      

0


source







All Articles