I followed this tutorial:
https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-22-04
Everything is working (static files are served etc) but by user uploaded media files show a ‘permission denied’ when trying to access the image:
2023/01/21 09:50:01 [error] 12912#12912: *266 open() "/home/hvn/intranet/intranet/media/images/werkstujk_1_Far44Li.2e16d0ba.fill-322x247-c100.jpg" failed (13: Permission denied), client: xxx.xxx.xxx.xxx, server: xxxxx.net, request: "GET /media/images/werkstujk_1_Far44Li.2e16d0ba.fill-322x247-c100.jpg HTTP/1.1", host: "www.xxxxxx.net", referrer: "https://www.xxxxx.net/blogs/"
I’m using wagtail as cms system.
The Gunicorn socket is running under user ‘hvn’ and group ‘www-data’.
The directory and filepermissions are like:
750 for dirs and 644 for files:
ll | grep media
drwxr-xr-x 5 hvn www-data 4096 Jan 17 22:36 media/
-rw-r--r-- 1 hvn www-data 33857 Jan 21 00:24 werkstujk_1_Far44Li.2e16d0ba.fill-322x247-c100.jpg
My nginx config file is serving the media folder:
location /media/ {
root /home/hvn/intranet/intranet;
}
/etc/nginx/sites-enabled/xxx.xx
server {
server_name xxx.xx *.xxx.xx;
location = /favicon.ico { access_log off; log_not_found off; }
location /collectstatic/ {
root /home/hvn/intranet/intranet;
}
location /media/ {
root /home/hvn/intranet/intranet;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx.xx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxx.xx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.xxxx.xx) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = xxx.xx) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name xxx.net *.xxx.xx;
return 404; # managed by Certbot
What am I doing wrong?
Please help me. Thnx in advanced.
Solved it:
Had to set in the nginx.conf that nginx runs on the same user that is serving the website:
Check the user in /etc/nginx/nginx.conf
Change ownership to user.
sudo chown -R nginx:nginx /var/lib/nginx
Related
I have Django website hosted to DigitalOcean , i'm using postgres db , nginx , gunicorn and ubuntu 18.04. I'm using django authentication system, i created normal user, but i could logged in successfully only few times after creating the new account after that i got Bad Request (400) , and the admin was running with css style but now only html in rendered , but the style in other pages that users can visit are working fine with style. the two problems appears in the same time.
when i turn debug to true i got :
SuspiciousFileOperation at /fr/account/login/
Storage can not find an available filename for "users/2020/07/03/users/2020/07/03/users/2020/07/03/users/2020/07/03/users/2020/07/03/users/2020/07/03/no__QKvIRQ8_2N3XJKL.png". Please make sure that the corresponding file field allows sufficient "max_length".
This is my nginx configuration
Please help me
Thanks in advance
server {
server_name server_domain_or_IP;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/sammy/myprojectdir;
}
location /media/ {
root /home/sammy/myprojectdir;
image_filter_buffer 10M;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
client_max_body_size 100M;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/server_domain_or_IP/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/server_domain_or_IP/privkey.pem; # manage$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = server_domain_or_IP) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = server_domain_or_IP) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name server_domain_or_IP;
return 404; # managed by Certbot
client_max_body_size 100M;
}
my Django deployment with ec2, nginx and gunicorn went well beside that my staticfiles are not loading, browser show a 404 error. And this is because nginx looks in a completely different place than statics.
At this point I have tried a lot of configurations and nothing does the trick. I am wondering if a pair of fresh eyes can spot a mistake here that I do not.
/sites-enabled/django.conf:
server {
server_name site.net www.site.net;
location /static/ {
autoindex on;
alias /home/ubuntu/saas/static/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/saas/app.sock;
}
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.site.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = site.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name site.net www.site.net;
return 404; # managed by Certbot
}
and my django settings.py look like this and collectstatics works fine.
STATIC_URL = '/static/'
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'staticfiles')
]
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
I have deleted the default file but it stills seems that nginx looks for the staticfiles in the wrong place according to this error.log:
2020/05/01 19:57:45 [error] 3502#3502: *6 open() "/usr/share/nginx/html/static/css/custom.css" failed (2: No such file or directory), client: 86.221.78.105, server: site.net, request: "GET /static/cs$
I have rebooted the server, reload nginx, nothing seems to work out. Would someone has an idea of what I could try at that point?
There's usually a default.conf file that gets installed with nginx when you install with yum or apt. It will either be in /etc/nginx/conf.d/default.conf or /etc/nginx/sites-enabled/default.conf. Delete that file and reload nginx with sudo systemctl reload nginx, and you should be good to go absent there being another configuration file on your server that you don't know about.
Here is what I did to resolve the problem. Getting rid of the default index.html in /usr/share/nginx/html/ and running the conf script as:
server {
server_name site.net www.site.net;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /static/ {
autoindex on;
alias /home/ubuntu/saas/static/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/saas/app.sock;
}
}
server {
if ($host = www.site.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = site.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name site.net www.site.net;
return 404; # managed by Certbot
}
Although this seems to be a workaround it makes the trick
I am trying to launch a django website and I want to install and make sure https connection works with let's encrypt for my site.
I followed DigitalOcean "How To Secure Nginx with Let's Encrypt on Ubuntu 18.04" tutorial on https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04. When my site works with http connection, after the installation of let's encrypt, neither http nor https connection works now.
My nginx/sites-available/mysite.com file code is shown below:
server {
server_name mysite.com www.mysite.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /root/project/app/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mysite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mysite.com www.mysite.com;
return 404; # managed by Certbot
}
Normally, my website with http works fine, yet when I follow the tutorial and try to connect my site, it does not load on browser. If I try with curl, I get response: curl: (7) Failed to connect to mysite.com port 443: Connection refused.
[SOLVED]
It caused by /etc/nginx/sites-enabled/default
default file already defines for in bound traffic, so when I delete it,It works fine.
I'm using Django/uwsgi/nginx.
And to access ssl, installed Lets encrypt.
Below source is nginx and uwsgi confirue file.
[project_rest.conf]
upstream django {t
server 127.0.0.1:8001;
}
server {
listen 8000;
server_name .mysitedomain.com;
charset utf-8;
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /home/app/project_rest/media; # your Django project's media files - amend as required
}
location /static {
alias /home/app/project_rest/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/app/project_rest/uwsgi_params; # the uwsgi_params file you installed
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
(I created project_rest.conf and link to /etc/nginx/sites-enabled/)
[/etc/nginx/sites-available/default]
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name mysitedomain.com www.mysitedomain.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysitedomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mysitedomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name mysitedomain.com www.mysitedomain.com;
return 404; # managed by Certbot
}
[uwsgi.ini]
[uwsgi]
# the base directory (full path)
chdir=/home/app/project_rest
# Django's wsgi file
module=project_rest.wsgi:application
master=true
# maximum number of worker processes
processes=10
# the socket (use the full path to be safe
socket=127.0.0.1:8001
chmod-socket=664
chown-socket=app:app
pidfile=/tmp/project_rest.pid
# clear environment on exit
vacuum=true
max-requests=5000
daemonize=project_rest.uwsgi.log
(I used vitualenv)
after entered "uwsgi --ini uwsgi.ini", I can access to mysitedomain.com:8000 to my django's site.
But I can't access to https://mysitedomain.com:8000 while can access to https://mysitedomain.com
I want to access https://mysitedomain.com:8000, How can it implement?
Thanks.
[SOLVED]
It caused by /etc/nginx/sites-enabled/default
default file already defines for in bound traffic, so when I delete it,
It works fine.
server {
listen 80;
server_name example.com;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name example.com;
access_log /var/log/nginx/example.com_access.log combined;
error_log /var/log/nginx/example.com_error.log error;
ssl_certificate /etc/letsencrypt/live/mysitedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysitedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /static/ {
alias /webapps/example/static/;
}
location /media/ {
alias /webapps/example/media/;
}
location / {
proxy_pass http://localhost:8000/;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Change the values with your domain and report feedback please
I have faced with strange issue. My API has endpoint on which i am using PATCH(tried also PUT and POST - same result) to send json with jsonarray(request body size typically is 40KB) from mobile phone. When i am doing this using Wi-Fi - all works fine. But if i am using mobile network, i am facing with SocketConnection Timeout(in Retrofit/Kotlin) with some phones(iOS works perfect).
From nginx access.log :
domain - - [21/Nov/2017:16:33:01 +0000] "PATCH /endpoint/ HTTP/1.1" 408 0 "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/M4B30Z)"
Nginx config :
server {
listen port;
server_name domain;
client_max_body_size 32m;
proxy_connect_timeout 75s;
proxy_read_timeout 300s;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user/apps/api;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/apps/api/api.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
Gunicorn config :
respawn
setuid root
setgid www-data
chdir /home/user/apps/api
exec /home/user/virtualenvs/apienv/bin/gunicorn --workers 3 --timeout=90 --bind unix://api.sock api.wsgi:application
The problem was in network connection. We changed location of our clouds from Frankfurt to Amsterdam and now all works perfect