我的nginx-error.log文件中出现此错误:
2014/02/17 03:42:20 [crit] 5455#0: *1 connect() to unix:/tmp/uwsgi.sock failed (13: Permission denied) while connecting to upstream, client: xx.xx.x.xxx, server: localhost, request: "GET /users HTTP/1.1", upstream: "uwsgi://unix:/tmp/uwsgi.sock:", host: "EC2.amazonaws.com"
浏览器还显示502错误网关错误。a的输出curl相同,Bad Gateway html
我试图通过将/tmp/uwsgi.sock777的权限更改为修复它。这没有用。我也将自己加入了www-data小组(几个看起来相似的问题表明了这一点)。另外,没有骰子。
/tmp/uwsgi.sock777
www-data
这是我的nginx.conf文件:
nginx.conf
nginx.conf worker_processes 1; worker_rlimit_nofile 8192; events { worker_connections 3000; } error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }
我正在用Nginsx和Uwsgi运行Flask应用程序,只是为了解释的透彻。如果有人有任何想法,我将不胜感激。
编辑
我被要求提供我的uwsgi配置文件。因此,我从来没有亲自写过我的nginx或uwsgi文件。我遵循了此处的指南,该指南使用ansible-playbook进行了所有设置。该nginx.conf文件是自动生成的,但是/etc/uwsgi除了和文件夹中的README文件外,什么都没有。我需要为uwsgi创建自己的配置文件吗?我的印象是ansible负责所有这些事情。apps-enabledapps-available
nginx
uwsgi
/etc/uwsgi
ansible
apps-enabledapps-available
我相信ansible-playbook自从我运行此命令以来,就算出了我的uwsgi配置
ansible-playbook
uwsgi -s /tmp/uwsgi.sock -w my_app:app
它启动并输出以下内容:
*** Starting uWSGI 2.0.1 (64bit) on [Mon Feb 17 20:03:08 2014] *** compiled with version: 4.7.3 on 10 February 2014 18:26:16 os: Linux-3.11.0-15-generic #25-Ubuntu SMP Thu Jan 30 17:22:01 UTC 2014 nodename: ip-10-9-xxx-xxx machine: x86_64 clock source: unix detected number of CPU cores: 1 current working directory: /home/username/Project detected binary path: /usr/local/bin/uwsgi !!! no internal routing support, rebuild with pcre support !!! *** WARNING: you are running uWSGI without its master process manager *** your processes number limit is 4548 your memory page size is 4096 bytes detected max file descriptor number: 1024 lock engine: pthread robust mutexes thunder lock: disabled (you can enable it with --thunder-lock) uwsgi socket 0 bound to UNIX address /tmp/uwsgi.sock fd 3 Python version: 2.7.5+ (default, Sep 19 2013, 13:52:09) [GCC 4.8.1] *** Python threads support is disabled. You can enable it with --enable-threads *** Python main interpreter initialized at 0x1f60260 your server socket listen backlog is limited to 100 connections your mercy for graceful operations on workers is 60 seconds mapped 72760 bytes (71 KB) for 1 cores *** Operational MODE: single process *** WSGI app 0 (mountpoint='') ready in 3 seconds on interpreter 0x1f60260 pid: 26790 (default app) *** uWSGI is running in multiple interpreter mode *** spawned uWSGI worker 1 (and the only) (pid: 26790, cores: 1)
发生权限问题是因为uwsgi将/tmp/uwsgi.sock的所有权和权限重置为755,并且每次uwsgi启动时用户都运行uwsgi。
解决问题的正确方法是使uwsgi更改/tmp/uwsgi.sock的所有权和/或权限,以便nginx可以写入此套接字。因此,有三种可能的解决方案。
uwsgi -s /tmp/uwsgi.sock -w my_app:app --uid www-data --gid www-data
uwsgi -s /tmp/uwsgi.sock -w my_app:app --chown-socket=www-data:www-data
uwsgi -s /tmp/uwsgi.sock -w my_app:app --chmod-socket=666
我更喜欢第一种方法,因为它不会让uwsgi以root身份运行。
前两个命令需要以root用户身份运行。第三个命令不需要以root用户身份运行。
第一个命令使uwsgi以www-data用户身份运行。第二和第三个命令使uwsgi以运行该命令的实际用户身份运行。
第一个和第二个命令仅允许www数据用户写入套接字。第三个命令允许任何用户写入套接字。
我更喜欢第一种方法,因为它不会让uwsgi以root用户身份运行,并且不会使套接字文件成为世界可写的。