I am trying to deploy my Django website to a Ubuntu server. I am following this tutorial: linuxhint.com/create_django_app_ubuntu/. However, the Gunicorn service doesn't work.
I have my site at /home/django/blog.
My Python 3.6 virtualenv is activated at /home/django/.venv/bin/activate (-rwxr-xr-x 1 django root 2207 Sep 21 14:07 activate).
The script for starting the server is at /home/django/bin/start-server.sh (-rwxr-xr-x 1 django root 69 Sep 21 15:50 start-server.sh), with the following content:
cd /home/django
source .venv/bin/activate
cd blog
gunicorn blog.wsgi
Running this script manually works just fine.
The Gunicorn service is at /etc/systemd/system/gunicorn.service, with this content:
[Unit]
Description=Gunicorn
After=network.target
[Service]
Type=simple
User=django
ExecStart=/home/django/bin/start-server.sh
Restart=on-failure
[Install]
WantedBy=multi-user.target
Running systemctl status gunicorn.service gives this:
● gunicorn.service - Gunicorn
Loaded: loaded (/etc/systemd/system/gunicorn.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-09-21 16:15:17 UTC; 6s ago
Process: 1114 ExecStart=/home/django/bin/start-server.sh (code=exited, status=203/EXEC)
Main PID: 1114 (code=exited, status=203/EXEC)
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Failed with result 'exit-code'.
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Service hold-off time over, scheduling restart.
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Scheduled restart job, restart counter is at 5.
Sep 21 16:15:17 example.com systemd[1]: Stopped Gunicorn.
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Start request repeated too quickly.
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Failed with result 'exit-code'.
Sep 21 16:15:17 example.com systemd[1]: Failed to start Gunicorn.
Sep 21 16:15:18 example.com systemd[1]: gunicorn.service: Start request repeated too quickly.
Sep 21 16:15:18 example.com systemd[1]: gunicorn.service: Failed with result 'exit-code'.
Sep 21 16:15:18 example.com systemd[1]: Failed to start Gunicorn.
Sep 21 14:22:36 example.com systemd[7906]: gunicorn.service: Failed to execute command: Permission denied
Sep 21 14:22:36 example.com systemd[7906]: gunicorn.service: Failed at step EXEC spawning /home/django/bin/start-server.sh: Permission denied
Sep 21 14:23:40 example.com systemd[7940]: gunicorn.service: Failed to execute command: Permission denied
Sep 21 14:23:40 example.com systemd[7940]: gunicorn.service: Failed at step EXEC spawning /home/django/bin/start-server.sh: Permission denied
Sep 21 14:24:47 example.com systemd[7958]: gunicorn.service: Failed to execute command: Permission denied
Sep 21 14:24:47 example.com systemd[7958]: gunicorn.service: Failed at step EXEC spawning /home/django/bin/start-server.sh: Permission denied
Permission denied
.
.
.
I ran chown -R django:django /home/django. Now, the output of ls -lah /home/django is:
total 32K
drwxr-xr-x 5 django django 4.0K Sep 21 14:19 .
drwxr-xr-x 3 root root 4.0K Sep 21 14:04 ..
-rw-r--r-- 1 django django 220 Apr 4 2018 .bash_logout
-rw-r--r-- 1 django django 3.7K Apr 4 2018 .bashrc
-rw-r--r-- 1 django django 807 Apr 4 2018 .profile
drwxr-xr-x 4 django django 4.0K Sep 21 14:07 .venv
drwxr-xr-x 2 django django 4.0K Sep 21 15:58 bin
drwxr-xr-x 3 django django 4.0K Sep 21 14:08 blog
Solution
Thanks to Dmitry Belaventsev, the solution to this is to change
ExecStart=/home/django/bin/start-server.sh
to
ExecStart=/bin/bash /home/django/bin/start-server.sh
In the file /etc/systemd/system/gunicorn.service.
Your systemd service is setup to execute the script from behalf of django user. In the meantime:
ls -lah /home/django
total 32K
drwxr-xr-x 5 django django 4.0K Sep 21 14:19 .
drwxr-xr-x 3 root root 4.0K Sep 21 14:04 ..
-rw-r--r-- 1 django django 220 Apr 4 2018 .bash_logout
-rw-r--r-- 1 django django 3.7K Apr 4 2018 .bashrc
-rw-r--r-- 1 django django 807 Apr 4 2018 .profile
drwxr-xr-x 4 django root 4.0K Sep 21 14:07 .venv
drwxr-xr-x 2 root root 4.0K Sep 21 15:58 bin
drwxr-xr-x 3 root root 4.0K Sep 21 14:08 blog
As you can see:
drwxr-xr-x 3 root root 4.0K Sep 21 14:04 ..
and
drwxr-xr-x 2 root root 4.0K Sep 21 15:58 bin
which means:
/home directory belongs to root:root
/home/django/bin belongs to root:root
To let systemd execute a bash script from behalf of django user:
That script should be executable
All parent directories should have execution rights
All those directories and the script should be available for django user
The quickest solution:
chown -R /home/django django:django
Also you could play with group and group rights as well.
Related
I am trying to deploy my Django project through Ubuntu Apache2 but I am getting Forbidden You don't have permission to access this resource error. I cannot seem to find the solution
Error:
Server Error
My config file
`Alias /static /home/rapicare/rapid-care-website/rapidCare/static
<Directory /home/rapicare/rapid-care-website/rapidCare/static>
Require all granted
Alias /media /home/rapicare/rapid-care-website/rapidCare/media
<Directory /home/rapicare/rapid-care-website/rapidCare/media>
Require all granted
</Directory>
<Directory /home/rapicare/rapid-care-website/rapidCare/rapidCare>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess django_app python-path=/home/rapicare/rapid-care-website/rapidCare python-home=/home/rapicare/rapid-care-website/venv
WSGIProcessGroup django_app
WSGIScriptAlias / /home/rapicare/rapid-care-website/rapidCare/rapidCare/wsgi.py`
My Directoy permissions
rapidcare#rapidcare:~$ ls rapid-care-website -la total 28 drwxrwxr-x 5 rapidcare www-data 4096 Feb 5 09:11 . drwxr-x--x 5 rapidcare rapidcare 4096 Feb 5 16:48 .. -rw-rw-r-- 1 rapidcare rapidcare 0 Feb 4 11:52 .editorconfig drwxrwxr-x 8 rapidcare rapidcare 4096 Feb 5 09:14 .git -rw-rw-r-- 1 rapidcare rapidcare 651 Feb 4 11:52 .gitignore drwxrwxr-x 7 rapidcare www-data 4096 Feb 4 22:12 rapidCare -rw-rw-r-- 1 rapidcare rapidcare 249 Feb 4 11:52 requirements.txt drwxrwxr-x 5 rapidcare www-data 4096 Feb 4 22:12 venv
rapidcare#rapidcare:~/rapid-care-website$ ls -la rapidCare/ total 388 drwxrwxr-x 7 rapidcare www-data 4096 Feb 4 22:12 . drwxrwxr-x 5 rapidcare www-data 4096 Feb 5 09:11 .. -rw-rw-r-- 1 rapidcare www-data 360448 Feb 4 12:55 db.sqlite3 -rwxrwxr-x 1 rapidcare rapidcare 665 Feb 4 11:52 manage.py drwxrwxr-x 3 rapidcare www-data 4096 Feb 4 11:52 media drwxrwxr-x 3 rapidcare rapidcare 4096 Feb 5 16:42 rapidCare drwxrwxr-x 7 rapidcare rapidcare 4096 Feb 4 22:12 services drwxrwxr-x 8 rapidcare rapidcare 4096 Feb 4 22:12 static drwxrwxr-x 6 rapidcare rapidcare 4096 Feb 4 22:12 userAuth]]
My Apache Status
`● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Sun 2023-02-05 17:08:43 UTC; 8min ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 113195 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 113199 (apache2)
Tasks: 56 (limit: 1116)
Memory: 12.9M
CPU: 4.412s
CGroup: /system.slice/apache2.service
├─113199 /usr/sbin/apache2 -k start
├─113201 /usr/sbin/apache2 -k start
└─113202 /usr/sbin/apache2 -k start
Feb 05 17:08:43 rapidcare systemd[1]: Stopped The Apache HTTP Server.
Feb 05 17:08:43 rapidcare systemd[1]: apache2.service: Consumed 12.560s CPU time.
Feb 05 17:08:43 rapidcare systemd[1]: Starting The Apache HTTP Server...
Feb 05 17:08:43 rapidcare apachectl[113198]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 139.59.20.219. Set the 'ServerName' directive globally to suppress this message
Feb 05 17:08:43 rapidcare systemd[1]: Started The Apache HTTP Server.`
I am following https://www.youtube.com/watch?v=Sa_kQheCnds&list=PL-osiE80TeTtoQCKZ03TU5fNfx2UY6U4p&index=13&ab_channel=CoreySchafer tutorial. I have tried many other settings but it is still giving error. Someone suggested binding to ports under 1024 requires superuser privileges but I don't know how that works.
I'm trying to follow the tutorial, but facing the below error.
The error was disappeared when I changed the permissions of the parent folder and the db.sqlite3 file to 777, but that's not the good idea.
What's the alternative?
Reference:
https://docs.djangoproject.com/en/3.2/intro/tutorial02/
Error:
OperationalError at /admin/logout/
attempt to write a readonly database
Request Method: GET
Request URL: http://x.x.x.x/admin/logout/
Django Version: 3.1.6
Exception Type: OperationalError
Exception Value:
attempt to write a readonly database
Exception Location: /opt/bitnami/python/lib/python3.8/site-packages/django/db/backends/sqlite3/base.py, line 413, in execute
Python Executable: /usr/bin/python3
Python Version: 3.8.7
Python Path:
['/opt/bitnami/python/lib/python38.zip',
'/opt/bitnami/python/lib/python3.8',
'/opt/bitnami/python/lib/python3.8/lib-dynload',
'/opt/bitnami/python/lib/python3.8/site-packages',
'/opt/bitnami/python/lib/python3.8/site-packages/setuptools-46.4.0-py3.8.egg',
'/opt/bitnami/python/lib/python3.8/site-packages/pip-20.3.4-py3.8.egg',
'/opt/bitnami/python/lib/python3.8/site-packages/virtualenv-20.4.2-py3.8.egg',
'/opt/bitnami/python/lib/python3.8/site-packages/six-1.15.0-py3.8.egg',
'/opt/bitnami/python/lib/python3.8/site-packages/filelock-3.0.12-py3.8.egg',
'/opt/bitnami/python/lib/python3.8/site-packages/distlib-0.3.1-py3.8.egg',
'/opt/bitnami/python/lib/python3.8/site-packages/appdirs-1.4.4-py3.8.egg',
'/opt/bitnami/apps/django/django_projects/tutorial']
Server time: Thu, 29 Apr 2021 06:17:14 +0000
Folder and file status:
bitnami#ip---:/opt/bitnami/apps/django/django_projects$ ls -al
total 12
drwxrwxr-x 3 root root 4096 Apr 22 05:09 .
drwxr-xr-x 3 root root 4096 Apr 22 05:09 ..
drwxrwxr-x 6 www-data www-data 4096 Apr 29 06:16 tutorial
bitnami#ip---:/opt/bitnami/apps/django/django_projects$ ls -al tutorial/
total 168
drwxrwxr-x 6 www-data www-data 4096 Apr 29 06:16 .
drwxrwxr-x 3 root root 4096 Apr 22 05:09 ..
drwxr-xr-x 2 www-data www-data 4096 Apr 22 05:45 conf
-rwxrwxrwx 1 www-data www-data 143360 Apr 29 06:16 db.sqlite3
drwxr-xr-x 4 www-data www-data 4096 Apr 28 16:08 hello_world
-rwxr-xr-x 1 www-data www-data 664 Apr 22 05:08 manage.py
drwxr-xr-x 4 www-data www-data 4096 Apr 28 18:04 polls
drwxr-xr-x 3 www-data www-data 4096 Apr 28 16:12 tutorial
Updated the solution by myself :
$ sudo chown daemon:daemon /opt/bitnami/apps/django/django_projects
$ sudo chown daemon:daemon /opt/bitnami/apps/django/django_projects/db.sqlite3
$ sudo chmod 775 /opt/bitnami/apps/django/django_projects
$ sudo chown 775 /opt/bitnami/apps/django/django_projects/db.sqlite3
Platform : AWS Lightsail
Finally it works!
i'm trying to deploy my first web app.
I'm using django + docker + nginx + uwsgi. Trying to deploy firstly in my laptop.
When i'm run my web application using django server everything ok, also it looks ok when i'm trying start web app with docker without nginx, but when i'm using with nginx proxy have a problem with writing data to DB (login/logout user sessions). If i go only to read pages, web app working fine with static files and crashing during user session changes (log in/log out)
Problem with rights of my default database
issue picture
app_1 | Internal Server Error: /logout/
app_1 | Traceback (most recent call last):
app_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/utils.py", line 84, in _execute
app_1 | return self.cursor.execute(sql, params)
app_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/sqlite3/base.py", line 413, in execute
app_1 | return Database.Cursor.execute(self, query, params)
app_1 | sqlite3.OperationalError: attempt to write a readonly database
(venv) yhobby#hp-probook-450-g5:~/PycharmProjects/web_naas$ ls -la
total 52
drwxrwsrwx 8 www-data yhobby 4096 Nov 19 15:16 .
drwsrwsrwt 9 yhobby yhobby 4096 Nov 18 16:09 ..
drwxrwsrwx 6 www-data yhobby 4096 Nov 19 13:59 app
-rwxrwxrwx 1 yhobby yhobby 293 Nov 19 14:51 docker-compose-deploy.yml
-rwxrwxrwx 1 yhobby yhobby 202 Nov 19 11:35 docker-compose.yml
-rwxrwxrwx 1 yhobby yhobby 701 Nov 19 15:16 Dockerfile
drwxrwsr-x 8 yhobby yhobby 4096 Nov 19 09:06 .git
-rw-rw-r-- 1 yhobby yhobby 100 Nov 19 08:40 .gitignore
drwxrwsr-x 3 yhobby yhobby 4096 Nov 19 15:28 .idea
drwxrwsrwx 2 yhobby yhobby 4096 Nov 19 15:11 proxy
-rwxrwxrwx 1 yhobby yhobby 29 Nov 18 16:09 README.md
drwxrwsrwx 2 yhobby yhobby 4096 Nov 18 18:40 scripts
drwxrwsrwx 6 yhobby yhobby 4096 Nov 18 16:13 venv
(venv) yhobby#hp-probook-450-g5:~/PycharmProjects/web_naas/app$ ls -la
total 17820
drwxrwsrwx 6 www-data yhobby 4096 Nov 19 13:59 .
drwxrwsrwx 8 www-data yhobby 4096 Nov 19 15:16 ..
drwxrwsrwx 7 yhobby yhobby 4096 Nov 19 12:13 dashboard
-rwxrwxrwx 1 yhobby yhobby 131072 Nov 19 13:59 db.sqlite3
drwxrwsrwx 8 yhobby yhobby 4096 Nov 19 08:43 .git
-rwxrwxrwx 1 yhobby yhobby 92 Nov 19 08:43 .gitignore
-rwxrwxrwx 1 yhobby yhobby 18075648 Oct 2 06:15 ip_core.db
-rwxrwxrwx 1 yhobby yhobby 660 Nov 19 08:43 manage.py
drwxrwsrwx 3 yhobby yhobby 4096 Nov 19 14:48 naas
-rwxrwxrwx 1 yhobby yhobby 29 Nov 19 08:43 README.md
-rwxrwxrwx 1 yhobby yhobby 187 Nov 19 08:43 requirements.txt
drwxrwsrwx 4 yhobby yhobby 4096 Nov 19 12:06 static
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': BASE_DIR / 'db.sqlite3',
},
'ip_core': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': BASE_DIR / 'ip_core.db',
}
}
web_naas/Dockerfile # root folder web_naas/
# pull official base image
FROM python:3.8-alpine
# set environment variables
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
ENV PATH="/scripts:${PATH}"
# install dependencies
COPY app/requirements.txt /requirements.txt
RUN apk add --update --no-cache --virtual .tmp gcc libc-dev linux-headers
RUN pip install -r /requirements.txt
RUN apk del .tmp
# copy directory
RUN mkdir /app
COPY ./app /app
# set work directory
WORKDIR /app
# copy directory
COPY ./scripts /scripts
RUN chmod +x /scripts/*
RUN chmod 777 /app/db.sqlite3
RUN mkdir -p /vol/web/media
RUN mkdir -p /vol/web/static
RUN adduser -D user
RUN chown -R user:user /vol
RUN chmod -R 777 /vol/web
USER user
CMD ["entrypoint.sh"]
web_naas/docker-compose.yml # root folder
version: '3.7'
services:
app:
build: .
ports:
- "8000:8000"
volumes:
- ./app:/app
command: sh -c "python manage.py runserver 0.0.0.0:8000"
environment:
- DEBUG=1
docker-compose-deploy.yml
version: '3.7'
services:
app:
build: .
volumes:
- static_data:/vol/web
environment:
- DEBUG=1
proxy:
build:
context: ./proxy
volumes:
- static_data:/vol/static
ports:
- "8080:8080"
depends_on:
- app
volumes:
static_data:
web_naas/proxy/Dockerfile
FROM nginxinc/nginx-unprivileged:1-alpine
COPY ./default.conf /etc/nginx/conf.d/default.conf
COPY ./uwsgi_params /etc/nginx/uwsgi_params
USER root
RUN mkdir -p /vol/static
RUN chmod 777 /vol/static
USER nginx
web_naas/proxy/default.conf
server {
listen 8080;
location /static {
alias /vol/static;
}
location / {
uwsgi_pass app:8000;
include /etc/nginx/uwsgi_params;
}
}
web_naas/scripts/entrypoint.sh
#!/bin/sh
set -e
python manage.py collectstatic --noinput
uwsgi --socket :8000 --master --enable-threads --module naas.wsgi
The problem was a lack of rights inside the docker container
Added the following line inside the file
web_naas/Dockerfile # root folder
RUN chown -R user:user /app
When I am loading my class directly from some location I am able to load it.
>>> import sys
>>> sys.path.append('/path/to/my/flask/application')
>>> from myfile import app as application
>>>
Now from wsgi when I am doing the same thing.. it's not loading.
[Sat Aug 19 07:41:18 2017] [info] mod_wsgi (pid=29177): Imported 'mod_wsgi'.
[Sat Aug 19 07:41:24 2017] [error] [client 129.91.63.143] mod_wsgi (pid=29172): Target WSGI script '/var/www/flask-prod/webtool.wsgi' cannot be loaded as Python module.
[Sat Aug 19 07:41:24 2017] [error] [client 129.91.63.143] mod_wsgi (pid=29172): Exception occurred processing WSGI script '/var/www/flask-prod/webtool.wsgi'.
[Sat Aug 19 07:41:24 2017] [error] [client 129.91.63.143] Traceback (most recent call last):
[Sat Aug 19 07:41:24 2017] [error] [client 129.91.63.143] File "/var/www/flask-prod/webtool.wsgi", line 6, in <module>
[Sat Aug 19 07:41:24 2017] [error] [client 129.91.63.143] from myfile import app as application
[Sat Aug 19 07:41:24 2017] [error] [client 129.91.63.143] ImportError: No module named myfile
wsgi virtual host configuration below:
WSGIPythonHome /pathto/condadir
WSGIPythonPath /pathto/condadir/lib/python2.7
<virtualhost *:80>
ServerName myhost.example.com
WSGIDaemonProcess webtool user=apache group=root threads=5 home=/var/www/flask-prod/
WSGIScriptAlias / /var/www/flask-prod/webtool.wsgi
<directory /var/www/flask-prod>
WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On
Order allow,deny
Allow from all
</directory>
</virtualhost>
Below is the wsgi file.
#!/pathto/condadir/bin/python
import sys
sys.path.append('/path/to/my/flask/application')
from myfile import app as application
Server mount status:
$ df -hP
/dev/xvda1 494M 29M 440M 7% /boot
tmpfs 5.0G 0 5.0G 0% /dev/shm
/dev/xvdc1 50G 3.2G 44G 7% /path
/dev/mapper/vg_apol-lv_var 1.5G 164M 1.3G 12% /var
My Application:
$ ls -lrt /path/to/my/flask/
-rwxrwx--- 1 root root 109 Aug 9 11:16 README
drwxrwx--- 4 root root 4096 Aug 19 08:24 application
-rw------- 1 root root 0 Aug 19 08:25 __init__.py
$ ls -lrt /path/to/my/flask/application
-rwxrwx--- 1 root root 23 Jun 4 05:19 __init__.py
drwxrwx--- 6 root root 4096 Aug 7 15:24 static
-rwxrwx--- 1 root root 7168 Aug 9 11:45 users_sqlite.db
-rwxrwx--- 1 root root 9670 Aug 9 12:06 myfile.py
drwxrwx--- 5 root root 4096 Aug 10 14:50 templates
-rwxrwx--- 1 root root 448 Aug 10 14:51 myfile.pyc
httpd app portion:
$ pwd
/var/www
$ ls -ld flask-prod
drwxr-xr-x 2 root root 4096 Aug 19 08:21 flask-prod
$ ls -rlt flask-prod/
total 28
-rw------- 1 root root 0 Aug 18 15:54 __init__.py
-rwxr-xr-x 1 root root 258 Aug 19 08:21 webtool.wsgi
I'm setting up a django, gunicorn and nginx and when I visit the homepage I get a 502 gateway error.
The logs shows it's related to the permissions of the sock file
2017/07/01 09:59:18 [crit] 12237#12237: *23 connect() to unix:/home/sammy/revamp/revamp/revamp.sock failed (13: Permission denied) while connecting to upstream, client: 105.49.30.134, server: $
And the permissions are
srwxrwxrwx 1 sammy www-data 0 Jul 1 05:29 revamp.sock
gunicorn service is setup like so
[Service]
User=sammy
Group=www-data
WorkingDirectory=/home/sammy/revamp
ExecStart=/home/sammy/revamp/revampenv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/home/sammy/revamp/revamp.sock revamp.wsgi:application
[Install]
WantedBy=multi-user.target
the permissions look okay and systemctl status gunicorn is active.
UPDATE
The permissions for the folder are as follows
total 2128
drwxr-xr-x 3 sammy root 4096 Jun 28 05:21 account
-rw-r--r-- 1 sammy root 48 Jun 27 09:34 brain
-rw-r--r-- 1 sammy root 1037922 Jun 28 11:34 data.json
-rwxr-xr-x 1 sammy root 1087488 Jun 27 09:35 db.sqlite3
drwxr-xr-x 4 sammy root 4096 Jun 28 05:21 gallery
-rw-r--r-- 1 sammy root 1326 Jun 27 09:34 hip-hop.txt
-rwxr-xr-x 1 sammy root 0 Jun 27 09:34 lUhbv4PA5t.jpg
-rwxr-xr-x 1 sammy root 249 Jun 27 09:34 manage.py
-rwxr-xr-x 1 sammy root 473 Jun 27 09:34 names.txt
-rw-r--r-- 1 sammy root 211 Jun 27 09:34 nsfw
-rw-r--r-- 1 sammy root 417 Jun 27 09:34 obsene.txt
-rwxr-xr-x 1 sammy root 1803 Jun 27 09:34 phrases.txt
drwxr-xr-x 5 sammy root 4096 Jul 1 07:59 revamp
drwxrwxr-x 6 sammy sammy 4096 Jul 1 05:14 revampenv
srwxrwxrwx 1 sammy www-data 0 Jul 1 05:29 revamp.sock
-rw-r--r-- 1 sammy root 97 Jun 27 09:33 to do
Not only the file itself, but directories that lead to the file should be also accessible by the nginx process.
Check /home/sammy, /home/sammy/revamp directories' permissions.