uwsgi + nginx... mistake after mistake in options

Question

I think it's a second week started since I'm trying to start the server for Django app, first with Apache, second with gunicorn and now uwsgi + nginx... I'm very thankful for the help on my previous post... nginx with gunicorn and django on centos 7 It pushed me into the right direction...

I don't know why, but most of guides for the django and server are incomplete and don't include settings tuning for the engines like gunicorn and nginx... there are some... and I tried to follow them, but end up with bunch of mistakes. I followed: http://michal.karzynski.pl/blog/2013/06/09/django-nginx-gunicorn-virtualenv-supervisor/ and https://youtu.be/DzXCHAuHf0I . Very good guides, but I ended up with the bunch of mistakes, which I'm trying to fix. Any help guys?

Virtual environment installed at: /opt/venv the way to activate virtual environment at: /opt/venv/sc/bin/activate

Users added for both nginx and uwsgi: useradd -s /bin/false nginx/uwsgi

nginx.conf:

include /etc/nginx/conf.d/*.conf;

virtual.conf:

server {
    listen 80;
    server_name site's_ip domain_name;
    error_log /srv/www/sc/logs/error.log;
    access_log /srv/www/sc/logs/access.log;
    charset utf-8;

    location /static/ {
        alias /srv/www/sc/static/;
    }

    location /media/ {
        alias /srv/www/sc/media/;
    }

    location / {
        uwsgi_pass unix:/opt/uwsgi/sock/sc.sock;
        include uwsgi_params;
    }
}

emperor.ini:

[uwsgi]
emperor = /etc/uwsgi/vassals
uid = uwsgi
gid = uwsgi
logto = /etc/uwsgi/log

sc.ini:

http = :8000
socket = /opt/uwsgi/sock/sc.sock
chdir = /srv/www/sc
pythonpath = /srv/www/sc/sc
home = /opt/venv/sc
module = sc.wsgi
uid = uwsgi
chmod-socket = 664
chown-socket = uwsgi

uwsgi.service:

[Unit]
Description=uWSGI Emperor
After=syslog.target

[Service]
ExecStart=/opt/venv/sc/bin/uwsgi --ini /etc/uwsgi/emperor.ini
ExecStop = kill -INT 'cat /run/uwsgi.pid'
ExecReload = kill -TERM 'cat /run/uwsgi.pid'
Restart = always
Type = notify
NotifyAccess = main
PIDFile = /run/uwsgi.pid

[Install]
WantedBy=multi-user.target

When I go to the site it shows: 502 Bad Gateway. Although nginx is active and running and uwsgi is active and running. That is the log for errors, which I have/had:

2020/09/18 08:40:02 [crit] 25458#0: *1 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /whm-server-status HTTP/1.0", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:"
2020/09/18 08:40:02 [crit] 25458#0: *3 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: "www...."
2020/09/18 08:40:04 [crit] 25458#0: *3 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: "www....", referrer: "http://www..../"
2020/09/18 08:45:44 [crit] 26001#0: *1 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: "www...."
2020/09/18 08:45:45 [crit] 26001#0: *1 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: "www....", referrer: "http://www..../"
2020/09/18 08:45:54 [crit] 26001#0: *5 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: "www...."
2020/09/18 08:45:54 [crit] 26001#0: *5 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: "www....", referrer: "http://www..../"
2020/09/18 08:46:00 [crit] 26001#0: *1 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: "www...."
2020/09/18 08:46:00 [crit] 26001#0: *1 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: "www....", referrer: "http://www..../"

I removed all sites references and ips...

Also if I run systemctl status uwsgi:

Sep 18 09:02:08  systemd[1]: [/etc/systemd/system/uwsgi.service:7] Executable path is not absolute, ignoring: kill -INT 'cat /run/uwsgi.pid'
Sep 18 09:02:08  systemd[1]: [/etc/systemd/system/uwsgi.service:8] Executable path is not absolute, ignoring: kill -TERM 'cat /run/uwsgi.pid'
Sep 18 09:02:08  systemd[1]: Starting uWSGI Emperor...
Sep 18 09:02:08  uwsgi[27421]: [uWSGI] getting INI configuration from /etc/uwsgi/emperor.ini
Sep 18 09:02:08  systemd[1]: Started uWSGI Emperor.

And if I run uwsgi from the command line, I notice it tells following:

[uWSGI] getting INI configuration from /etc/uwsgi/vassals/sc.ini
*** Starting uWSGI 2.0.19.1 (64bit) on [Fri Sep 18 09:10:22 2020] ***
compiled with version: 4.8.5 20150623 (Red Hat 4.8.5-39) on 17 September 2020 10:27:10
os: Linux-3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020
nodename: 
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /opt/venv/sc/bin
detected binary path: /opt/venv/sc/bin/uwsgi
chdir() to /srv/www/sc
*** WARNING: you are running uWSGI without its master process manager ***
your memory page size is 4096 bytes
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uWSGI http bound on :8000 fd 3
spawned uWSGI http 1 (pid: 27880)
uwsgi socket 0 bound to UNIX address /opt/uwsgi/sock/sc.sock fd 6
setuid() to 985
Python version: 3.6.8 (default, Apr  2 2020, 13:34:55)  [GCC  (Red Hat )]
PEP 405 virtualenv detected: /opt/venv/sc
Set PythonHome to /opt/venv/sc
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x1669d00
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 72920 bytes (71 KB) for 1 cores
*** Operational MODE: single process ***
added /srv/www/sc/sc/ to pythonpath.
Traceback (most recent call last):
  File "./sc/wsgi.py", line 16, in <module>
    application = get_wsgi_application()
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/core/wsgi.py", line 12, in get_wsgi_application
    django.setup(set_prefix=False)
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/__init__.py",line 24, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/apps/registry.py", line 114, in populate
    app_config.import_models()
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/apps/config.py", line 211, in import_models
    self.models_module = import_module(models_module_name)
  File "/usr/lib64/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/contrib/auth/models.py", line 2, in <module>
    from django.contrib.auth.base_user import AbstractBaseUser, BaseUserManager
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/contrib/auth/base_user.py", line 48, in <module>
    class AbstractBaseUser(models.Model):
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/db/models/base.py", line 122, in __new__
    new_class.add_to_class('_meta', Options(meta, app_label))
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/db/models/base.py", line 326, in add_to_class
    value.contribute_to_class(cls, name)
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/db/models/options.py", line 206, in contribute_to_class
    self.db_table = truncate_name(self.db_table, connection.ops.max_name_length())
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/db/__init__.py", line 28, in __getattr__
    return getattr(connections[DEFAULT_DB_ALIAS], item)
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/db/utils.py",line 214, in __getitem__
    backend = load_backend(db['ENGINE'])
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/db/utils.py",line 111, in load_backend
    return import_module('%s.base' % backend_name)
  File "/usr/lib64/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/db/backends/sqlite3/base.py", line 70, in <module>
    check_sqlite_version()
  File "/opt/venv/sc/lib64/python3.6/site-packages/django/db/backends/sqlite3/base.py", line 67, in check_sqlite_version
    raise ImproperlyConfigured('SQLite 3.8.3 or later is required (found %s).' % Database.sqlite_version)
django.core.exceptions.ImproperlyConfigured: SQLite 3.8.3 or later is required (found 3.7.17).
unable to load app 0 (mountpoint='') (callable not found or import error)
*** no app loaded. going in full dynamic mode ***
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI worker 1 (and the only) (pid: 27879, cores: 1)

UPDATE I tried "chmod 755 uwsgi" like it was explaned in this article: chmod 755 directory_name And I also tried: chown uwsgi:uwsgi -R uwsgi

I still have faults, but much lesser then I had:

2020/09/18 11:34:52 [crit] 3080#0: *1 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: ""
2020/09/18 11:35:01 [crit] 3080#0: *4 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /whm-server-status HTTP/1.0", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:"
2020/09/18 11:35:02 [crit] 3080#0: *6 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:", host: ""

Update added chmod command to the opt directory... One more fault is gone... Only two left, but somehow they relate to the same folder which I already gave the permission... It feels that I'm giving wrong permissions?

2020/09/18 11:49:44 [crit] 3833#0: *1 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: , server: , request: "GET / HTTP/1.0", upstream: "uwsgi://unix:/opt/uwsgi/sock/sc.sock:"
2020/09/18 11:49:46 [crit] 3834#0: *3 connect() to unix:/opt/uwsgi/sock/sc.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.0", upstream:"uwsgi://unix:/opt/uwsgi/sock/sc.sock:"

score 2 · Answer 1 · answered Sep 18 '20 at 11:57

2

A couple of things I'd recommend as a seasoned uWSGI user (and uWSGI documentation author):

Unless you're planning on hosting a massive number of different services and need to manage them dynamically, don't use the Emperor/Vassal system. Just use a Systemd service per app.
Install uWSGI into the virtualenv your app is in, not system-wide.
If you can trust all of the users on the box your app(s) run on, don't bother with Unix sockets but just use TCP sockets bound on localhost. (If you can't, then UNIX sockets are better with their permission system.)
If possible, give each app their own user instead of sharing a single uwsgi user.

With that in mind, you might adapt from:

uwsgi ini

strict  # die on config errors
master  # use master process
need-app  # die if the app fails to load
die-on-term  # obey SIGTERM
socket = 127.0.0.1:50000
chdir = /srv/www/sc/app  # or wherever
virtualenv = /opt/venv/sc  # or wherever
module = sc.wsgi

nginx configuration

server {
    listen 80;
    server_name site's_ip domain_name;
    error_log /srv/www/sc/logs/error.log;
    access_log /srv/www/sc/logs/access.log;
    charset utf-8;

    location /static/ {
        alias /srv/www/sc/static/;
    }

    location /media/ {
        alias /srv/www/sc/media/;
    }

    location / {
        uwsgi_pass 127.0.0.1:50000;
        include uwsgi_params;
    }
}

systemd unit file

[Unit]
Description=uWSGI for SC app
After=syslog.target

[Service]
ExecStart = /opt/venv/sc/bin/uwsgi --ini that-uwsgi-ini
User = uwsgi
Group = uwsgi
Restart = always
Type = notify
NotifyAccess = main

[Install]
WantedBy=multi-user.target

answered Sep 18 '20 at 11:57

AKX

152,115
15
115
172

Thank you for sharing experience. I will look up and try to use your advises... I just so much want to make it at least to run for right now... It feels like I'm running marathon, around the uwsgi along with nginx. I will look up if any of my settings are different from your example... – bugthefifth Sep 18 '20 at 12:06
1

Toss the Emperor if you just want to make it run. Heck, you can toss the Systemd unit too for starters – just run `uwsgi` by hand and see if it your app responds correctly to begin with. – AKX Sep 18 '20 at 12:08
I completely committed to your solution in the comments, but right now, somehow it throws me back...Now uwsgi emperor fails to start... I think for right now I stick to the solution which gave me only 2 mistakes with permissions...and try to solve them... And then I try to understand your advises... And earlier I tried to run from the line command and it gave me 502 bad gateway with explanation in the log that it is problem with permissions. Thank you! – bugthefifth Sep 18 '20 at 14:27
The best case I had is 403 forbidden, as it was explained, because I have no index page, but basic django app does have basic starting page, so it also puzzles me... – bugthefifth Sep 18 '20 at 14:29
1

Don't use emperor unless you need to! – AKX Sep 18 '20 at 14:40
I totally hear you, I understand that's not good way. I will try to adjust, after it runs... I understand Emperor way is for the big systems and I will readjust as I understand more about uwsgi and nginx... Thank you! – bugthefifth Sep 18 '20 at 14:47
If you're getting an nginx 403 forbidden page for `/`, look at logs... If it's not attributed to nginx, look at your Django `ALLOWED_HOSTS`. – AKX Sep 18 '20 at 14:50
I would totally buy you a coffee... Logs were telling me about faults in the permissions... that's why I started to messing up with permissions, and eliminated like about 6 faults... But 2 of them just staying and are related to the same folders as previous faults... That confuses the hack out of me, like the moon in the rainy day :) – bugthefifth Sep 18 '20 at 14:54
I did gave peermissions to domain, localhost, and ip... Probably I didn't start with these permissions yet... – bugthefifth Sep 18 '20 at 15:00

uwsgi + nginx... mistake after mistake in options

1 Answers1

uwsgi ini

nginx configuration

systemd unit file