0

I'm starting with starlette and uvicorn. A RHEL8 EC2 server runs Nginx and then uvicorn. The (minimal) App is (note the two alternatives lines uvicorn.run(...)):

import uvicorn
from starlette.applications import Starlette
from starlette.responses import JSONResponse
from starlette.routing import Route

async def homepage(request):
    return JSONResponse({'hello': 'world'})


app = Starlette(debug=True, routes=[
    Route('/', homepage),
])
if __name__ == '__main__':
    #uvicorn.run(app, port=8000, host='127.0.0.1',uds='/tmp/uvicorn.sock')
    uvicorn.run(app, port=8000, host='127.0.0.1')

The /etc/nginx/nginx.conf looks like this:

events{}
http {
  server {
    listen 80;
    client_max_body_size 4G;

    server_name myserver.com;

    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_redirect off;
      proxy_buffering off;
      proxy_pass http://uvicorn;
    }

#    location /static {
#      # path for static files
#      root /path/to/app/static;
#    }
  }

  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }

  upstream uvicorn {
    server unix:/tmp/uvicorn.sock;
  }
}

The App starts:

INFO:     Started server process [126715]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
INFO:     127.0.0.1:42584 - "GET / HTTP/1.1" 200 OK

And curl yields:

[root@ip-xxx ~]# curl 127.0.0.1:8000
{"hello":"world"}[root@ip-xxx ~]#

Alternatively, running with the unix socket also starts:

[root@ip-xxx tstApp]# python3.7 example.py
INFO:     Started server process [126768]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on unix socket /tmp/uvicorn.sock (Press CTRL+C to quit)

But, if I connect to my server via Nginx... no way:

502 Bad Gateway

So the App, uvicorn and Nginx are running, but everything is not communicating together. What am I missing ? Any help would be welcome. In advance thank you.

EDITED:

nginx.service file:

[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
#PrivateTmp=true
PrivateTmp=false

[Install]
WantedBy=multi-user.target
Julien
  • 139
  • 13
  • Okay, what is happening when you do unix socket request with curl like this? `curl --unix-socket ///tmp/uvicorn.sock http://127.0.0.1:80` –  May 10 '22 at 21:57
  • Also check your `error.log`, I suppose you will find there exact reason, like non-existent `.sock` or `.sock` permissions problem. –  May 10 '22 at 22:03
  • @user973254 Thank you for your answers. To your first post: `[root@ip-xxx ~]# curl --unix-socket ///tmp/uvicorn.sock http://127.0.0.1:80` yields `{"hello":"world"}` To your second post, I found this: `2022/05/11 18:20:21 [crit] 122899#0: *615 connect() to unix:/tmp/uvicorn.sock failed (2: No such file or directory) while connecting to upstream, client: IP-yyy, server: myserver.com, request: "POST / HTTP/1.1", upstream: "http://unix:/tmp/uvicorn.sock:/", host: "IP of myserver"`. But in `/tmp/` I find a `uvicorn.sock` file. – Julien May 11 '22 at 18:57
  • this answer (change .sock location) might be helpful: https://stackoverflow.com/a/22277617/973254 –  May 11 '22 at 19:02
  • @user973254 Indeed, but now facing this: `2022/05/11 19:42:33 [crit] 131516#0: *3 connect() to unix:/data/tstApp/uvicorn.sock failed (13: Permission denied) while connecting to upstream, client: IP-zzz, server: myserver.com, request: "GET / HTTP/1.1", upstream: "http://unix:/data/tstApp/uvicorn.sock:/", host: "myserver.com"` and tried this post:https://stackoverflow.com/questions/65490023/nginx-connet-to-sock-failed-13permission-denied-502-bad-gateway but still no way – Julien May 11 '22 at 19:50
  • now `nginx` doesn't have permissions to access your socket, it's written there: `13: Permission denied`. –  May 11 '22 at 21:49
  • also what is content of `/etc/systemd/system/gunicorn.service`? Is there `PrivateTmp` variable is set? Also, please show content of `/etc/systemd/system/gunicorn.socket` and tell which user privileges your nginx has? –  May 11 '22 at 21:51
  • 1
    @user973254 I made it ! SElinux was blocking the directory containing the socket. I did stay focus on the socket itself... Thank you for the support. – Julien May 14 '22 at 18:00

1 Answers1

0

During tests, disabling SElinux solves the problem.

SELINUX=disabled
Julien
  • 139
  • 13