I configured Nginx, uwsgi and Django with help of this tutorial:
https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html. But I'm not using a socket, a wsgi ini file, a system wide installation or the emperor mode.
The problem that occurs is a 403 - Forbidden. But this error seems to occur randomly across machines and browsers. For example I can connect to the website via Edge with no problem, but Firefox on the same machine throws a 403 (I use a win home 64 bit machine). Firefox on my Iphone 5 connects with no problem as well as Safari.
I red that this error may occur with wrong permissions but I set the permissions recursively like this:
chown -R kltc:kltc /home (axample)
chmod -R ug+r /home (example)
The only change I made to Nginx (/etc/nginx/nginx.conf) was uncommenting the 'server_names_hash_bucket_size 64'.
How is this possible ?
Related
I have created a droplet, an ubuntu 18.04 server on digitalocen successfully.
Followed the install digitalocean's guide and ran the gunicorn,nginx, django etc. and ran the website successfully on the browser using my ip address i.e. firewalls, gunicorn and nginx and everything were configured correctly.
During the testing while uploading the images to the media folder I got an error "permissions denied" (POST error).
Found somewhere the below code on google and thought it solves the permissions related problem: https://www.semicolonworld.com/question/55551/django-errno-13-permission-denied-39-var-www-media-animals-user-uploads-39
sudo groupadd varwwwusers
sudo adduser www-data varwwwusers
sudo chgrp -R varwwwusers /var/www/
sudo chmod -R 760 /var/www/
But the above code messed up everything and ran into "502 Bad Gateway".
I am not very familiar with Linux deployments. Can someone help me investigating and resolving this issue. I think I have messed up the users, groups permissions.
How can I get this resolved OR how can I revert what I did OR is there any activity logs I can see and investigate.
I have checked the error.log and able to see
' connect() to unix:/run/gunicorn.sock failed (111: Connection refused) while connecting to upstream'
Thanks for the help in advance.
I guess that the problem is that by running sudo chmod -R 760 /var/www/ you have forbidden non-ownesrs of the folder to read, write and execute files form that directory. Then, since uwsgi processes does not belong to the www-data group (usually), uwsgi connection was refused.
The easiest way to solve this problem is to run sudo chmod -R 766 /var/www/ - this will grant writing and readind priveleges to anyone (chmod -R 764 should also work and is safer - it allows only reading files for non-owners). Alternatively, you may find out the name of the user running uwsgi and grant him permissions for reading files form the directory. See chmod manual (or google it) for reference.
I have configured my subdomain on route53 to point to my ec2 public IP, right after I did this I got a welcome to nginx page. It was good this far. Now I add a custom cofig file in nginx/sites-available(also did link it to sites-enabled and also reloaded nginx). I don't see anything new. I still see the same welcome page. I wonder why this happened.I also have proxy_pass to :3000 which doesn't seem to work.
Here are the few things I tried and the result I got.
changed index.html file as mentioned in the root(/usr/share/nginx/html) - Still welcome page
tried server_name with both default_server and my subdomain(http://management.teampapercloud.in) - Still welcome page
stopped nginx service with service nginx stop - Surprisingly it still shows welcome page.
tried sudo lsof -i :80 (when nginx is running it has 2 diff nginx processed running one with root as user and the other www-data), when nginx is not running sudo lsof -i :80 gives nothing.
at this point i wondered if the domain hitting the server at all or not. I tried to ping, got my ec2 ip. tried DNS checker got my ec2 ip.
Now I am so frustrated stopped my ec2 instance. Now the welcome page is gone. which means I believe my ec2 instance is doing something to show the page, But I don't know which service.
checked top and service --status-all | grep + I don't see any strange services running nor services like Apache. as apache is not installed at all.
As a final try, I even uninstalled nginx. - I still see the same welcome page.
Updated all the index.html files I could find - Still same welcome page.
At this point, I am left with no ideas, and don't understand what is happening. Help is much appreciated.
Thanks
You have written, you reloaded nginx, try again (sometimes we forget to check common things):
sudo service nginx -t # check if configuration syntax is ok
sudo service nginx reload #reload configuration
sudo service nginx restart # restart server
Another important thing, check realtime log in terminal
error log: tail -f /var/log/nginx/error.log
access log: tail -f /var/log/nginx/access.log
and visit the page from browser and check the log in terminal.
Note: Log files can be in different directory in your server.
check log files with this: ls /var/log/nginx/
May be restart the os, if you have access to restart.
ec2 can have any page cache settings.
Are you using something cloudflare name server that can cache a
page, or, Any proxy server or something, that can cache the page.
You can even try browser incognito window, force reload in browser
(ctrl + shift + R).
The changes are not being applied because you're not making any changes to root directory which is
/var/www/html$
as this is a default public folder for your web server. Also if you wish you can change this default path to the one you want.
As you can see I have "index.nginx-debian.html" which on changing takes effect immediately.
I'm trying to set up an SSH tunnel to access my server (currently an ubuntu 16.04 VM on Azure) to set up safe access to my django applications running on it.
I was able to imitate the production environment with Apache WSGI and it works pretty good but since I'm trying to develop the application I don't want to make it available to broader public right now - but to make it visible only for a bunch of people.
To the point: when I set up the ssh tunnel using putty on Windows 10 (8000 to localhost:8000) and I run http://localhost:8000/ I get the folowing error:
"Not Found HTTP Error 404. The requested resource is not found.".
How can I make it work? I run the server using manage.py runserver 0:8000.
I found somewhere that the error may be due to the fact that the application does not have access to ssh files, but I don't know whether that's the point here (or how to change it).
Regards,
Dominik
After hours of trying I was able to solve the problem.
First of all, I made sure putty connects to the server and creates the desired tunnel. To do that I right-clicked on the putty window (title bar) and clicked event log. I checked the log and found the following error:
Local port 8000 forwarding to localhost:8000 failed: Network error:
Permission denied
I was able to solve it by choosing other local port (9000 instead of 8000 in my instance).
Second of all, I edited the sshd_config file: sudo vi etc/ssh/sshd_config
and added these three lines:
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
I saved the file and restarted the ssh service:
sudo service ssh stop
sudo service ssh start
Now when I visit localhost:9000 everything works just fine.
I'd like to open up my django app to other machines in the office during development.
I understand that it's a bad idea to run the django development server as root. The recommended way to serve a django app on port 80, even during development, appears to be django, plus gunicorn, plus nginx. This seems super complicated to me. I got the first two steps working, but am now staring at nginx in utter confusion. There's no mac build on the site. Do I really have to build it from the source?
One alternative I've come across is localtunnel. But this seems sketchy to me, and involves setting up public keys and whatnot. Is there any simpler way to serve a django app on a mac from port 80 without running it as root?
Also, just what are the risks of running a django development server on port 80 as root, vs not as root? What are the chances that someone could, say, gain total access to my file system? And, given the default user settings on a mac, is this more likely if I'm running my django dev server as root than if I'm running it as not-root?
Since you mentioned you don't want to run the Django server as root and you are on a mac, you could forward traffic from port 80 to port 8000:
sudo ipfw add 100 fwd 127.0.0.1,8000 tcp from any to any 80 in
and then run the Django server as a normal user (by default it serves on port 8000)
./manage.py runserver
To remove the port forwarding, run:
sudo ipfw flush
I'm guessing there's a very simple solution to this, but I searched every forum and setup guide and can't figure it out:
I built a Django/CentOS-6.3 environment on my local server (using VirtualBox and Vagrant). When I startup my server in the vagrant terminal with 'python manage.py runserver [::]:8000' it starts up with no errors.
Validating models...
0 errors found
May 31, 2013 - 13:56:15
Django version 1.5.1, using settings 'mysitename.settings'
Development server is running at http://[::]:8000/
Quit the server with CONTROL-C.
However, when I try to navigate to 'http://127.0.0.1:8001' in my browser (I set up port forwarding from port 8000 to port 8001 in my Vagrantfile), the browser just hangs for 5 minutes until it times out, then it returns the message:
> The connection was reset
> The connection to the server was reset while the page was loading.
> ...
This is the exact same message I get from the browser even after I shut down my local server. My computer obviously recognizes this as a forwarded port, because any other port I try (such as 8000) instantly returns an error saying that it can't establish a connection to the server at 127.0.0.1:8000.
With regard to the server files, I have done many similar setups with Django/Ubuntu in the past and have never had any issues, but there must be something different about Django/CentOS that is causing this to happen (or maybe I made a mistake someone in one of my server files). I have followed guides for setting up Django & PostgreSQL on CentOS, too, but to no avail. I'll comment some of the files I have created/edited below.
If anyone has a solution, or even has advice on where to start looking for errors, I would very much appreciate it.
If your network is configured correctly and your django application with
python manage.py runserver 0.0.0.0:8000
and you still can't access your django app from the VM host there is almost certainly a firewall issue. The solution above is good if you are running iptables.
I deployed CentOS 7 on a virtualbox VM from a Windows 7 host. I didn't know that this distribution uses firewalld, not iptables to control access.
if
ps -ae | grep firewall
returns something like
602 ? 00:00:00 firewalld
your system is running firewalld, not iptables. They do not run together.
To correct you VM so you can access your django site from the host use the commands:
firewall-cmd --zone=public --add-port=8000/tcp --permanent
firewall-cmd --reload
Many thanks to pablo v for pointing this out in the post "Access django server on virtual Machine".
the host's "127.0.0.1" is not the same as the guest's "127.0.0.1". Per default the command
python manage.py runserver
listens only to the guest's localhost. You should be able to test it from within the vm (use "vagrant ssh" to login) and run
curl -I http://127.0.0.1:8000/
The host as a different IP. To access the development server from the host you have to start it without ip restriction:
python manage.py runserver 0.0.0.0:8000
Yes:
python manage.py runserver [::]:8000
should be the same. But that's IPv6 syntax AFAIK. Are you sure that the "manage.py runserver" command supports IPv6 by default? I've never used ipv6 addresses w/ django, but looking at the source (https://github.com/django/django/blob/master/django/core/management/commands/runserver.py) there seams to be a flag that the default to False ("--ipv6"). Perhaps that's the "real" problem?
Regards,
For a similar problem,
This command worked like a charm for me
python manage.py runserver [::]:8001
Check your iptables, and stop it. Ubuntu commonly does not open the iptables when it starts.