Why am I getting 502 Bad Gateway on Django app with Nginx and Gunicorn?

Question

I have been trying to deploy a demo app with this tutorial. I am doing this on a CentOS 7 in Virtualbox.

However, I am getting 502 Bad Gateway. How can I fix this?

server {} block in nginx.conf file

server {
        listen 80;
        server_name 172.16.16.215;

        location = /favicon.ico { access_log off; log_not_found off; }
        location /static/ {
            root /home/michel/myproject;
        }

        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://unix:/home/michel/myproject/myproject.sock;
        }
    }

gunicorn.service file

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
User=michel
Group=nginx
WorkingDirectory=/home/michel/myproject
ExecStart=/home/michel/myproject/myprojectenv/bin/gunicorn --workers 3 --bind unix:/home/michel/myproject/myproject.sock myproject.wsgi:application

[Install]
WantedBy=multi-user.target

var/logs/nginx/error.log

2016/08/28 18:55:14 [crit] 17557#0: *4 connect() to unix:/home/michel/myproject/myproject.sock failed (13: Permission denied) while connecting to upstream, client: 172.16.16.23, server: 172.16.16.217, request: "GET / HTTP/1.1", upstream: "http://unix:/home/michel/myproject/myproject.sock:/", host: "172.16.16.217"

Would you mind look at the nginx error message? Maybe in var/logs/nginx/error.log — Windsooon, Aug 28 '16 at 09:05
@Aison `2016/08/28 14:11:35 [crit] 2181#0: *15 connect() to unix:/root/myproject/myproject.sock failed (2: No such file or directory) while connecting to upstream, client: 172.16.16.23, server: 172.16.16.215, request: "GET / HTTP/1.1", upstream: "http://unix:/root/myproject/myproject.sock:/", host: "172.16.16.215"` — MiniGunnR, Aug 28 '16 at 09:21
It tells you nginx can't find your sock file. I guess the SOCKET PATH of your gunicorn or supervisors is wrong. — Windsooon, Aug 28 '16 at 09:30
@Aison Is the sock file auto created? Or do I have to create it manually? — MiniGunnR, Aug 28 '16 at 09:53
Check the gunicorn log and it should have the errors why sock file creation failed. — Siva Arunachalam, Aug 28 '16 at 10:23
@Aison I got the sock file to be created, but now it shows permission error. I have updated my question. Also, the sock file (symlink) has 777 permission, so I don't know why it can't be read. — MiniGunnR, Aug 29 '16 at 04:34

score 1 · Answer 1 · answered Aug 28 '16 at 15:24

1

Gunicorn does not have right to save .sock file, or nginx does not have right to read .sock file.

Move this file to /tmp/ folder:

nginx.conf

proxy_pass http://unix:/tmp/myproject.sock:/;

gunicorn.service

ExecStart=/home/michel/myproject/myprojectenv/bin/gunicorn --workers 3 --bind unix:/tmp/myproject.sock myproject.wsgi:application

answered Aug 28 '16 at 15:24

Tomasz Jakub Rup

10,502
7
48
49

`srwxrwxrwx. 1 michel nginx 0 Aug 28 18:48 myproject.sock` this is the permission for the sock file. I don't think moving it to /tmp folder will do any good if it has 777 permission, will it? – MiniGunnR Aug 29 '16 at 04:30
Look at this: http://unix.stackexchange.com/questions/88083/idiomatic-location-for-file-based-sockets-on-debian-systems `/tmp` is the best choice. – Tomasz Jakub Rup Aug 29 '16 at 05:24
I've disabled SELinux and it works now. However, I will take a look at your link. – MiniGunnR Aug 29 '16 at 05:26
If You don't care about security... ok, but none of administrators would not agree to it. – Tomasz Jakub Rup Aug 29 '16 at 05:31

score 1 · Accepted Answer · edited May 23 '17 at 12:17

1

sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
sudo semodule -i mynginx.pp

This was copied from this answer.

edited May 23 '17 at 12:17

Community

1
1

answered Sep 01 '16 at 05:48

MiniGunnR

5,590
8
42
66

score 0 · Answer 3 · answered Nov 13 '18 at 21:30

I ran into this issue as well. What solved the issue for me was running:

chmod 711 on the home directory

This allowed nginx to access the .sock file in the run folder. This permission error did not happen to me on Ubuntu, but was present on Amazon Linux 2, which is derived from Cent OS. These django deployment scripts may help others facing this issue.

santhosh_dj · Answer 4 · 2019-09-25T05:39:42.047

0

There are many possibilities to get 502 badgateway , check with below cmds..

sudo systemctl status gunicorn
sudo systemctl status nginx
gunicorn --log-file=- projectname.wsgi:application

These above result should be in active mode

edited Sep 25 '19 at 05:39

answered Jul 30 '19 at 06:47

santhosh_dj

405
5
10

score -2 · Answer 5 · answered Aug 29 '16 at 04:43

-2

I disabled SELinux and the application worked.

sudo vi /etc/sysconfig/selinux

Set SELINUX=disabled.

Save and exit. RESTART.

answered Aug 29 '16 at 04:43

MiniGunnR

5,590
8
42
66

Better way is understand why You don't have permissions. Read some tutorials. – Tomasz Jakub Rup Aug 29 '16 at 05:29
SELinux handles the internal security. You shouldn't disable this. Instead, you should use something like `audit2allow` and have that generate a SELinux policy to allow binding to sockets. – Keenan Lawrence Aug 29 '16 at 10:59
Fixed it without disabling SELinux. Check my other answer. – MiniGunnR Sep 01 '16 at 05:46

Why am I getting 502 Bad Gateway on Django app with Nginx and Gunicorn?

5 Answers5