1

I'm trying to setup a simple django app on nginx with uswgi. When I send a request, it returns a 502 bad gateway.

Here is my uwsgi.ini

[uwsgi]
master = true
socket = /usr/share/nginx/firstsite/nginx.sock
chdir = /usr/share/nginx/firstsite
wsgi-file = /usr/share/nginx/firstsite/firstsite/wsgi.py
chmod-socket = 664
vacuum = true

uwsgi output:

uwsgi --ini uwsgi.ini
[uWSGI] getting INI configuration from uwsgi.ini
*** Starting uWSGI 2.0.11.2 (64bit) on [Sat Jun 18 15:09:30 2016] ***
compiled with version: 4.8.3 20140911 (Red Hat 4.8.3-9) on 02 December 2015 19:47:02
os: Linux-3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 UTC 2016
nodename: centos_prod
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 8
current working directory: /usr/share/nginx/firstsite
detected binary path: /root/venv/bin/uwsgi
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
chdir() to /usr/share/nginx/firstsite
your processes number limit is 94006
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /usr/share/nginx/firstsite/nginx.sock fd 3
Python version: 2.7.5 (default, Nov 20 2015, 02:00:19)  [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x21f6ce0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 145536 bytes (142 KB) for 1 cores
*** Operational MODE: single process ***
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x21f6ce0 pid: 3421 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 3421)
spawned uWSGI worker 1 (pid: 3426, cores: 1)

nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;

    upstream django {
        server unix:///usr/share/nginx/firstsite/nginx.sock;
    }
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/firstsite;

        client_max_body_size 300M;   # adjust to taste

        location /media  {
            alias /usr/share/nginx/firstsite/media;
        }

        location /static {
            alias /usr/share/nginx/firstsite/static;
        }

        # Finally, send all non-media requests to the Django server.
        location / {
            uwsgi_pass  django;
            include     /usr/share/nginx/firstsite/uwsgi_params; # the uwsgi_params file you installed
        }
    }
}

I'm not using a virtualenv and my manage.py is in /usr/share/nginx/firstsite/ I'm able to run the app without nginx on uwsgi with:

uwsgi --wsgi-file /usr/share/nginx/firstsite/firstsite/wsgi.py --http :80

but what I'm trying to do is let nginx use port 80 and uwsgi use file socket. Please help.

Update: I don't know why I was not seeing any error before, but now nginx error log says:

nginx Permission denied while connecting to upstream

so looking at this

I tried adding these options to uwsgi:

--uid root --gid www-data

so the socket file is owned by root which is part of the www-data group. I'm still getting a permission error.

[crit] 6804#0: *1 connect() to unix:///usr/share/nginx/firstsite/nginx.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.168.201, server: _, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/firstsite/nginx.sock:"

Update:

I'm still running into permission issue. I created a django user and a django group. Both nginx and django users are members of django group. Changed ownership of all the folders under /usr/share/nginx/firstsite owned by django. set --gid and --uid to django. ran

uwsgi --ini /usr/share/nginx/firstsite/uwsgi.ini

as root. I got the permission error. ran:

runuser -l django -c "uwsgi --ini /usr/share/nginx/firstsite/uwsgi.ini"

the same. Note that /usr/share/nginx is owned by root. I tried changing the nginx config file:

uwsgi_pass unix:///usr/share/nginx/firstsite/nginx.sock;

restarted nginx and ran uwsgi. I'm getting this error:

connect() to unix:///usr/share/nginx/firstsite/nginx.sock failed (13: Permission denied) while connecting to upstream, client: 192.123.123.123, server: _, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/firstsite/nginx.sock:"

I also had to setup a python virtualenv and set home in uwsgi.ini to detect django but I cannot get passed this socket failure.

Community
  • 1
  • 1
max
  • 9,708
  • 15
  • 89
  • 144
  • If you set if up so that uwsgi serves the content directly, does that work? – John Yetter Jun 18 '16 at 23:39
  • Yes. I posted an update. – max Jun 19 '16 at 00:08
  • actually I'm getting a permission denied for the socket file even though root is running it and root belongs to www-data group. – max Jun 19 '16 at 00:49
  • 1
    What is the mode of `/usr/share/nginx/firstsite/nginx.sock` and **of every directory on that path**? `uwsgi` creates directories on the path to the socket as `drwxrwx---`, if `nginx` workers are not running as the same user or at least same group it definitely get a permission denied. – grochmal Jun 19 '16 at 01:19
  • The file was owned by root while nginx processes were running as nginx. I changed the ownership of nginx.sock and the error went away, but I still keep getting a 502 response. – max Jun 19 '16 at 07:32
  • Good, next. Is the `nginx` user in the `www-data` group? When i deploy django+uwsgi+nginx i normally create a user by hand called `django` and also a group called `django`, then add the `nginx` user to the `django` group. – grochmal Jun 20 '16 at 01:09
  • @grochmal thanks. I tried it your way as updated in the post. Used the django user and group but still get permission errors. – max Jun 21 '16 at 08:05
  • (Probably you already did it) have you checked deploying your django app on debug mode `DEBUG=True`? – pleasedontbelong Jun 21 '16 at 09:00
  • Heh, you do not need `runuser`. Same as `nginx` `uwsgi` has a master and workers. `--uid` is the option used to set the user for workers. What are the groups of the user `nginx` and the user `django`? And again, what are the permissions of the entire path to the socket (keep rechecking that every time you change something)? @pleasedontbelong - This has never ever loaded django files, django never returns `502`s. – grochmal Jun 21 '16 at 13:20

0 Answers0