0

I have a config like this :

CentOS 7 - Varnish ( cache server ) / Nginx ( reverse proxy ) / Apache

And it's my Django configuration :

WSGISocketPrefix /var/run/wsgi

<VirtualHost ip:8181>
    ServerName domain.ir
    ServerAlias www.domain.ir
    ServerAdmin info@domain.ir
    DocumentRoot /var/www/DjangoProject
    UseCanonicalName On
    ScriptAlias /cgi-bin/ /var/www/DjangoProject/cgi-bin/

    <Directory /var/www/DjangoProject/DjangoProject>
        <Files wsgi.py>
            Require all granted
        </Files>
    </Directory>

    Alias /statics/ "/var/www/DjangoProject/statics/"
    <Directory "/var/www/DjangoProject/statics">
        Require all granted
    </Directory>

    WSGIDaemonProcess DjangoProject python-path=/usr/lib/python3.4/site-packages python-home=/var/www/DjangoProject user=djangouser socket-user=djangouser
    WSGIProcessGroup DjangoProject
    WSGIApplicationGroup %{GLOBAL}
    WSGIScriptAlias / /var/www/DjangoProject/DjangoProject/wsgi.py

    ErrorLog /var/log/apache/django-error.log

</VirtualHost>

When i want to open my website there is a permission denied error in apache log :

[wsgi:error] [pid 2131:tid 140344565954304] (13)Permission denied: [client 77.104.92.126:38982] mod_wsgi (pid=2131): Unable to connect to WSGI daemon process 'TiTar_API' on '/var/run/wsgi.2128.0.1.sock' as user with uid=99.

I know that uid=99 is nobody user. What's going on here? Why this user want to connect WSGI socket? What is the purpose of user and socket-user attributes in WSGIDaemonProcess?

Edit : I saw other questions too, but i think there is another problem ( nobody user )

Django-WSGI setup causing permission denied issues on CentOS 7

Django + Apache + mod_wsgi permission denied

https://serverfault.com/questions/357804/apache2-mod-wsgi-django-named-virtual-servers

Arash Hatami
  • 5,297
  • 5
  • 39
  • 59
  • And what if you don't set ``socket-user=djangouser``, which you shouldn't be setting except in very special circumstances. Generic instructions would not tell you to set ``socket-user=djangouser``. – Graham Dumpleton Aug 12 '18 at 09:03
  • Nothing changed ... @GrahamDumpleton – Arash Hatami Aug 12 '18 at 09:08
  • What do you get for ``ls -las /var/run``? – Graham Dumpleton Aug 12 '18 at 09:53
  • It's `djangouser:root` @GrahamDumpleton – Arash Hatami Aug 12 '18 at 09:54
  • 1
    I wanted the permissions on the directory, not the ``wsgi`` socket file. If you are seeing the owner of the ``wsgi`` socket file as being ``djangouser``, then ``socket-user`` can't have been removed and Apache restarted. Suggest you do a stop of Apache. Remove any ``wsgi`` socket file as ``root`` to be sure none there. Then start Apache again and see what permissions are on the ``wsgi`` socket file. It should be owned by user that Apache runs as. The directory ``/var/run`` must be accessible to other users. – Graham Dumpleton Aug 12 '18 at 10:35

0 Answers0