Nginx cannot access uWSGI unix socket on CentOS 7

I configured uWSGI to serve my Django application on a unix socket, and Nginx to serve as a proxy for that socket. The server is running CentOS 7. I think I have configured Nginx so that it has read / write permission to the uWSGI socket, but I am still getting permission denied. Why is Nginx unable to access uWSGI socket on CentOS 7?

vhost = true
uid = nginx
gid = nginx
listen.owner = nginx = nginx


server {
    listen 80;

    location / {
        uwsgi_pass unix:///home/site/wsgitest/uwsgi.sock;
        include uwsgi_params;


uwsgi --ini uwsgi.ini (as root)

ls -l /home/site/wsgitest/uwsgi.sock
srwxrwxrwx. 1 nginx nginx 0 Oct 13 10:05 uwsgi.sock


2014/10/12 19:01:44 [crit] 19365#0: *10 connect() to unix:///socket/uwsgi.sock failed (13: Permission denied) while connecting to upstream, client:, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///socket/uwsgi.sock:", host: ""



source to share

3 answers

Nginx and uWSGI config are correct. The problem is that selinux has been disabled by selinux for socket access. This results in a share denied error in the Nginx log, the important messages are actually in the selinux audit log.

# show the new rules to be generated
grep nginx /var/log/audit/audit.log | audit2allow

# show the full rules to be applied
grep nginx /var/log/audit/audit.log | audit2allow -m nginx

# generate the rules to be applied
grep nginx /var/log/audit/audit.log | audit2allow -M nginx

# apply the rules
semodule -i nginx.pp


You may have to create rules multiple times trying to access the site after each pass, as the first selinux error might not be the only one that might be generated.

These steps were taken from this blog post , which provides more details on how to research and what kind of outcome you will get.



Configure uwsgi.ini with uid and gid.

uid = nginx
gid = nginx





I would like to comment :( Everything looks great from here except the unix socket path.

unix:///socket/uwsgi.sock failed (2: No such file or directory)


Docs says it only has one slash

uwsgi_pass unix:/tmp/uwsgi.socket;




All Articles