nginx error: (13: Permission denied) while connecting to upstream)

≡放荡痞女 提交于 2019-12-12 09:39:10

问题


I am running rails app with puma, capistrano, and nginx on a google compute engine VM with ubuntu 14.04 LTS.

I have the nginx running on the external IP. And when I visit it I get two nginx errors in the log:

2016/02/03 11:58:07 [info] 19754#0: *73 client closed connection while waiting for request, client: ###.##.##.###, server: 0.0.0.0:443

2016/02/03 11:58:07 [crit] 19754#0: *74 connect() to unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock failed (13: Permission denied) while connecting to upstream, client: ###.##.##.###, server: , 
request: "GET / HTTP/1.1", upstream: "http://unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock:/", host: "###.###.###.###"

Note: the last ###.###.###.### is the external IP of the google compute VM that the code is running on. I believe the 1st two IP's are my home IP.

I have tried: setsebool httpd_can_network_connect on as suggested here: (13: Permission denied) while connecting to upstream:[nginx] And it returned: setsebool: SELinux is disabled. But the problem persists.

I have looked at (13: Permission denied) while connecting to upstream:[nginx] as well, but it seems to be particular to uwsgi

Here is my nginx.conf

upstream puma {
  server unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock;
}
server {
  listen 80 default_server deferred;
  listen 443 ssl;
  # server_name example.com;
  ssl_certificate /etc/ssl/my-web-app/my-web-app.com.chained.crt;
  ssl_certificate_key /etc/ssl/my-web-app/my-web-app.key;
  root /home/my-web-app/apps/my-web-app/current/public;
  access_log /home/my-user-name/apps/my-web-app/current/log/nginx.access.log;
  error_log /home/my-user-name/apps/my-web-app/current/log/nginx.error.log info;
  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }
  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://puma;
  }
  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  keepalive_timeout 10;
}

I run nginx with sudo service nginx restart Then I run puma with: RACK_ENV=production bundle exec puma -p 3000 and it returns:

Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:3000
Use Ctrl-C to stop

EDIT 1

It was suggested that I run puma on unix not tcp 3000 so that it'd match nginx

I have tried running puma on unix via the command:

RACK_ENV=production bundle exec puma -d -b unix:///tmp/my-web-app.sock --pidfile /tmp/puma.pid

which gave:

Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Daemonizing...

It reads the above text, but it does not linger, the command prompt occurs again immediately despite the '...' at the end.

This command seemingly does not work, so if anyone can suggest how to run puma on unix and not tcp 3000, then I could complete the suggestion. (Though I suspect there is a configuring nginx issue that may be occuring before anything that has to do with puma)

EDIT 2 Attaching puma.rb

#!/usr/bin/env puma
directory '/home/my-user-name/apps/my-web-app/current'
rackup "/home/my-user-name/apps/my-web-app/current/config.ru"
environment 'production'
pidfile "/home/my-user-name/apps/my-web-app/shared/tmp/pids/puma.pid"
state_path "/home/my-user-name/apps/my-web-app/shared/tmp/pids/puma.state"
stdout_redirect '/home/my-user-name/apps/my-web-app/current/log/puma.error.log', '/home/my-user-name/apps/my-web-app/current/log/puma.access.log', true
threads 2,8
bind 'unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock'
workers 1
preload_app!
on_restart do
  puts 'Refreshing Gemfile'
  ENV["BUNDLE_GEMFILE"] = "/home/my-user-name/apps/my-web-app/current/Gemfile"
end
on_worker_boot do
  ActiveSupport.on_load(:active_record) do
    ActiveRecord::Base.establish_connection
  end
end

EDIT 3

I now tried just running the rails server on port 80 directly. I typed: rvmsudo rails server -p 80 and it returned:

=> Booting Puma
=> Rails 4.2.4 application starting in development on http://localhost:80
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:80
Exiting
/home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `initialize': Address already in use - bind(2) for "localhost" port 80 (Errno::EADDRINUSE)
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `new'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `add_tcp_listener'
        from (eval):2:in `add_tcp_listener'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/rack/handler/puma.rb:33:in `run'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/rack-1.6.4/lib/rack/server.rb:286:in `start'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/server.rb:80:in `start'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:80:in `block in server'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:75:in `tap'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:75:in `server'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands.rb:17:in `<top (required)>'
        from bin/rails:4:in `require'
        from bin/rails:4:in `<main>'

EDIT 4

If I run sudo service nginx stop then run rvmsudo rails server -p 80 again it returns:

=> Booting Puma
=> Rails 4.2.4 application starting in development on http://localhost:80
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:80

That means that approach was incorrect since without nginx when I visit the external IP nothing its now returns The server refused the connection. as opposed to the original:

We're sorry, but something went wrong.

If you are the application owner check the logs for more information.

If anyone knows how to prevent the original error, any suggestions would be much appreciated.

EDIT 5 The original question remains, but can anyone tell me if this is an https problem or an ssl problem?

EDIT 6

I have tried running puma directly on 80 and am getting a permission error on 80.

I try: RACK_ENV=production bundle exec puma -p 80 and get:

Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
/home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `initialize': Permission denied - bind(2) for "0.0.0.0" port 80 (Errno::EACCES)
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `new'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `add_tcp_listener'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:98:in `block in parse'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:84:in `each'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:84:in `parse'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/runner.rb:119:in `load_and_bind'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/single.rb:79:in `run'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/cli.rb:215:in `run'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/bin/puma:10:in `<top (required)>'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/bin/puma:23:in `load'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/bin/puma:23:in `<main>'

I believe that this is caused because port 80 has higher permissions than others. So, I ran sudo RACK_ENV=production bundle exec puma -p 80 but that just returned: Your Ruby version is 1.9.3, but your Gemfile specified 2.1.7


回答1:


I got the same error with you, I got a solution but don't know should it be right. Change the first line of file /etc/nginx/nginx.conf

user www-data;
to
user root;

Then restart the nginx using:

service nginx restart OR systemctl restart nginx

Works well!




回答2:


Take a look at your puma.error.log file for your application.

Mine was complaining about a small syntax error in a config block on production environment.



来源:https://stackoverflow.com/questions/35177177/nginx-error-13-permission-denied-while-connecting-to-upstream

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!