uwsgi with emperor/systemd: announcing loyalty takes up to 3 minutes - django

I've some strange behavior on my production machines.
I'm running Python 2.7.12 on Ubuntu 16.04. Nginx as the web server (1.10.3). I'm running a Django (1.11.15) application. UWSGI 2.0.17.1 will handle requests to the application server.
Basically, everything runs fine. Until I reboot the machine. After rebooting it takes about 3 minutes before I see the message 'announcing my loyalty to the Emperor...'.
From the moment the system restarted until the UWSGI is ready, my Nginx received 499/502 and 503 error.
I tried a lot of things to fix this issue. One of the things I did is starting the machine without starting NGinx. Wait for 3 minutes, start NGinx and then everything runs fine. So, it seems like an issue with the Emperor/Systemd.
My emperor file:
[Unit]
Description=uWSGI Emperor service
After=syslog.target
[Service]
ExecStart=/usr/local/bin/uwsgi --emperor /etc/uwsgi/vassals
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
KillSignal=SIGQUIT
Type=notify
StandardError=syslog
NotifyAccess=all
[Install]
WantedBy=multi-user.target
My uwsgi:
# d4t wsgi ini file
[uwsgi]
# master
master = false
# maximum number of processes
processes = 5
# threads
enable-threads = true
# socket to use
socket = /tmp/uwsgi-omniit.sock
# permissions
chmod-socket = 666
# base directory
chdir = /var/www/omni-it/omniit/
# virtualenv
virtualenv = /var/www/omni-it/
# module
module = omniit.wsgi:application
# buffer size: the autocomplete is a bit large in the request
buffer-size = 8190
# user and group
uid = www-data
gid = www-data
After rebooting, syslog output:
Aug 12 18:21:45 tst001app20 uwsgi[348]: WSGI app 0 (mountpoint='') ready in 5 seconds on interpreter 0x23486e0 pid: 366 (default app)
Aug 12 18:21:45 tst001app20 uwsgi[348]: *** uWSGI is running in multiple interpreter mode ***
Aug 12 18:21:45 tst001app20 uwsgi[348]: spawned uWSGI master process (pid: 366)
Aug 12 18:21:45 tst001app20 uwsgi[348]: Sun Aug 12 18:21:45 2018 - [emperor] vassal omniit_uwsgi.ini has been spawned
Aug 12 18:21:45 tst001app20 uwsgi[348]: spawned uWSGI worker 1 (pid: 757, cores: 1)
Aug 12 18:21:45 tst001app20 uwsgi[348]: spawned uWSGI worker 2 (pid: 758, cores: 1)
Aug 12 18:21:45 tst001app20 uwsgi[348]: spawned uWSGI worker 3 (pid: 759, cores: 1)
Aug 12 18:21:45 tst001app20 uwsgi[348]: spawned uWSGI worker 4 (pid: 760, cores: 1)
Aug 12 18:21:45 tst001app20 uwsgi[348]: spawned uWSGI worker 5 (pid: 761, cores: 1)
Aug 12 18:21:45 tst001app20 uwsgi[348]: Sun Aug 12 18:21:45 2018 - [emperor] vassal omniit_uwsgi.ini is ready to accept requests
Aug 12 18:21:45 tst001app20 ntpd[730]: Soliciting pool server 213.136.0.252
Aug 12 18:21:45 tst001app20 ntpd[730]: Soliciting pool server 85.255.214.66
Aug 12 18:21:45 tst001app20 ntpd[730]: Listen normally on 7 eth0 [fe80::35ff:fe33:1e%2]:123
Aug 12 18:21:45 tst001app20 ntpd[730]: new interface(s) found: waking up resolver
Aug 12 18:21:45 tst001app20 ntpd[730]: Soliciting pool server 213.109.127.82
Aug 12 18:21:45 tst001app20 ntpd[730]: receive: Unexpected origin timestamp from 83.162.177.33
Aug 12 18:21:45 tst001app20 systemd[1]: Time has been changed
Aug 12 18:21:45 tst001app20 systemd[1]: apt-daily.timer: Adding 27min 21.221010s random time.
Aug 12 18:21:46 tst001app20 ntpd[730]: Soliciting pool server 213.154.229.24
Aug 12 18:21:46 tst001app20 ntpd[730]: Soliciting pool server 13.80.10.154
Aug 12 18:21:46 tst001app20 ntpd[730]: Soliciting pool server 212.114.109.139
Aug 12 18:21:46 tst001app20 ntpd[730]: Soliciting pool server 149.210.199.182
Aug 12 18:22:48 tst001app20 kernel: [ 70.779037] random: nonblocking pool is initialized
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request / (ip 145.7.170.253) !!!
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request / (ip 145.7.170.254) !!!
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request / (ip 145.7.170.124) !!!
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request / (ip 145.7.170.124) !!!
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - uwsgi_response_write_headers_do(): Broken pipe [core/writer.c line 248] during GET / (145.7.170.254)
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - SIGPIPE: writing to a closed pipe/socket/fd (probably the client disconnected) on request / (ip 145.7.170.254) !!!
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - uwsgi_response_write_headers_do(): Broken pipe [core/writer.c line 248] during GET / (145.7.170.254)
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - uwsgi_response_write_headers_do(): Broken pipe [core/writer.c line 248] during GET / (145.7.170.124)
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - uwsgi_response_write_headers_do(): Broken pipe [core/writer.c line 248] during GET / (145.7.170.124)
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 20:24:57 2018 - uwsgi_response_write_headers_do(): Broken pipe [core/writer.c line 248] during GET / (145.7.170.253)
Aug 12 18:24:57 tst001app20 uwsgi[348]: IOError: write error
Aug 12 18:24:57 tst001app20 uwsgi[348]: [pid: 758|app: 0|req: 1/1] 145.7.170.254 () {38 vars in 451 bytes} [Sun Aug 12 20:22:35 2018] GET / => generated 0 bytes in 142151 msecs (HTTP/1.1 302) 8 headers in 0 bytes (0 switches on core 0)
Aug 12 18:24:57 tst001app20 uwsgi[348]: announcing my loyalty to the Emperor...
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 18:24:57 2018 - [emperor] vassal omniit_uwsgi.ini is now loyal
Aug 12 18:24:57 tst001app20 uwsgi[348]: IOErrorIOError: write error
Aug 12 18:24:57 tst001app20 uwsgi[348]: [pid: 757|app: 0|req: 1/2] 145.7.170.254 () {38 vars in 451 bytes} [Sun Aug 12 20:22:03 2018] GET / => generated 0 bytes in 174008 msecs (HTTP/1.1 302) 8 headers in 0 bytes (0 switches on core 0)
Aug 12 18:24:57 tst001app20 uwsgi[348]: : write error
Aug 12 18:24:57 tst001app20 uwsgi[348]: [pid: 759|app: 0|req: 1/3] 145.7.170.124 () {38 vars in 451 bytes} [Sun Aug 12 20:21:46 2018] GET / => generated 0 bytes in 191803 msecs (HTTP/1.1 302) 8 headers in 0 bytes (0 switches on core 0)
Aug 12 18:24:57 tst001app20 uwsgi[348]: announcing my loyalty to the Emperor...
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 18:24:57 2018 - [emperor] vassal omniit_uwsgi.ini is now loyal
Aug 12 18:24:57 tst001app20 uwsgi[348]: announcing my loyalty to the Emperor...
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 18:24:57 2018 - [emperor] vassal omniit_uwsgi.ini is now loyal
Aug 12 18:24:57 tst001app20 uwsgi[348]: IOError: write error
Aug 12 18:24:57 tst001app20 uwsgi[348]: [pid: 760|app: 0|req: 1/4] 145.7.170.253 () {38 vars in 451 bytes} [Sun Aug 12 20:23:50 2018] GET / => generated 0 bytes in 67595 msecs (HTTP/1.1 302) 8 headers in 0 bytes (0 switches on core 0)
Aug 12 18:24:57 tst001app20 uwsgi[348]: announcing my loyalty to the Emperor...
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 18:24:57 2018 - [emperor] vassal omniit_uwsgi.ini is now loyal
Aug 12 18:24:57 tst001app20 uwsgi[348]: IOError: write error
Aug 12 18:24:57 tst001app20 uwsgi[348]: [pid: 761|app: 0|req: 1/5] 145.7.170.124 () {38 vars in 451 bytes} [Sun Aug 12 20:22:16 2018] GET / => generated 0 bytes in 161628 msecs (HTTP/1.1 302) 8 headers in 0 bytes (0 switches on core 0)
Aug 12 18:24:57 tst001app20 uwsgi[348]: announcing my loyalty to the Emperor...
Aug 12 18:24:57 tst001app20 uwsgi[348]: Sun Aug 12 18:24:57 2018 - [emperor] vassal omniit_uwsgi.ini is now loyal
Aug 12 18:24:57 tst001app20 uwsgi[348]: [pid: 758|app: 0|req: 2/6] 145.7.170.254 () {38 vars in 451 bytes} [Sun Aug 12 20:24:57 2018] GET / => generated 0 bytes in 14 msecs (HTTP/1.1 302) 8 headers in 292 bytes (1 switches on core 0)
After this, I can just reload and restart the emperor without any problem. No errors occur anymore.
Any help would be appreciated!

Related

Forbidden. You don't have permission to access this resource. (Django Apache2)

I am trying to deploy my Django project through Ubuntu Apache2 but I am getting Forbidden You don't have permission to access this resource error. I cannot seem to find the solution
Error:
Server Error
My config file
`Alias /static /home/rapicare/rapid-care-website/rapidCare/static
<Directory /home/rapicare/rapid-care-website/rapidCare/static>
Require all granted
Alias /media /home/rapicare/rapid-care-website/rapidCare/media
<Directory /home/rapicare/rapid-care-website/rapidCare/media>
Require all granted
</Directory>
<Directory /home/rapicare/rapid-care-website/rapidCare/rapidCare>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess django_app python-path=/home/rapicare/rapid-care-website/rapidCare python-home=/home/rapicare/rapid-care-website/venv
WSGIProcessGroup django_app
WSGIScriptAlias / /home/rapicare/rapid-care-website/rapidCare/rapidCare/wsgi.py`
My Directoy permissions
rapidcare#rapidcare:~$ ls rapid-care-website -la total 28 drwxrwxr-x 5 rapidcare www-data 4096 Feb 5 09:11 . drwxr-x--x 5 rapidcare rapidcare 4096 Feb 5 16:48 .. -rw-rw-r-- 1 rapidcare rapidcare 0 Feb 4 11:52 .editorconfig drwxrwxr-x 8 rapidcare rapidcare 4096 Feb 5 09:14 .git -rw-rw-r-- 1 rapidcare rapidcare 651 Feb 4 11:52 .gitignore drwxrwxr-x 7 rapidcare www-data 4096 Feb 4 22:12 rapidCare -rw-rw-r-- 1 rapidcare rapidcare 249 Feb 4 11:52 requirements.txt drwxrwxr-x 5 rapidcare www-data 4096 Feb 4 22:12 venv
rapidcare#rapidcare:~/rapid-care-website$ ls -la rapidCare/ total 388 drwxrwxr-x 7 rapidcare www-data 4096 Feb 4 22:12 . drwxrwxr-x 5 rapidcare www-data 4096 Feb 5 09:11 .. -rw-rw-r-- 1 rapidcare www-data 360448 Feb 4 12:55 db.sqlite3 -rwxrwxr-x 1 rapidcare rapidcare 665 Feb 4 11:52 manage.py drwxrwxr-x 3 rapidcare www-data 4096 Feb 4 11:52 media drwxrwxr-x 3 rapidcare rapidcare 4096 Feb 5 16:42 rapidCare drwxrwxr-x 7 rapidcare rapidcare 4096 Feb 4 22:12 services drwxrwxr-x 8 rapidcare rapidcare 4096 Feb 4 22:12 static drwxrwxr-x 6 rapidcare rapidcare 4096 Feb 4 22:12 userAuth]]
My Apache Status
`● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Sun 2023-02-05 17:08:43 UTC; 8min ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 113195 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 113199 (apache2)
Tasks: 56 (limit: 1116)
Memory: 12.9M
CPU: 4.412s
CGroup: /system.slice/apache2.service
├─113199 /usr/sbin/apache2 -k start
├─113201 /usr/sbin/apache2 -k start
└─113202 /usr/sbin/apache2 -k start
Feb 05 17:08:43 rapidcare systemd[1]: Stopped The Apache HTTP Server.
Feb 05 17:08:43 rapidcare systemd[1]: apache2.service: Consumed 12.560s CPU time.
Feb 05 17:08:43 rapidcare systemd[1]: Starting The Apache HTTP Server...
Feb 05 17:08:43 rapidcare apachectl[113198]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 139.59.20.219. Set the 'ServerName' directive globally to suppress this message
Feb 05 17:08:43 rapidcare systemd[1]: Started The Apache HTTP Server.`
I am following https://www.youtube.com/watch?v=Sa_kQheCnds&list=PL-osiE80TeTtoQCKZ03TU5fNfx2UY6U4p&index=13&ab_channel=CoreySchafer tutorial. I have tried many other settings but it is still giving error. Someone suggested binding to ports under 1024 requires superuser privileges but I don't know how that works.

Custom systemd service to run Gunicorn not working

I am trying to deploy my Django website to a Ubuntu server. I am following this tutorial: linuxhint.com/create_django_app_ubuntu/. However, the Gunicorn service doesn't work.
I have my site at /home/django/blog.
My Python 3.6 virtualenv is activated at /home/django/.venv/bin/activate (-rwxr-xr-x 1 django root 2207 Sep 21 14:07 activate).
The script for starting the server is at /home/django/bin/start-server.sh (-rwxr-xr-x 1 django root 69 Sep 21 15:50 start-server.sh), with the following content:
cd /home/django
source .venv/bin/activate
cd blog
gunicorn blog.wsgi
Running this script manually works just fine.
The Gunicorn service is at /etc/systemd/system/gunicorn.service, with this content:
[Unit]
Description=Gunicorn
After=network.target
[Service]
Type=simple
User=django
ExecStart=/home/django/bin/start-server.sh
Restart=on-failure
[Install]
WantedBy=multi-user.target
Running systemctl status gunicorn.service gives this:
● gunicorn.service - Gunicorn
Loaded: loaded (/etc/systemd/system/gunicorn.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-09-21 16:15:17 UTC; 6s ago
Process: 1114 ExecStart=/home/django/bin/start-server.sh (code=exited, status=203/EXEC)
Main PID: 1114 (code=exited, status=203/EXEC)
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Failed with result 'exit-code'.
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Service hold-off time over, scheduling restart.
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Scheduled restart job, restart counter is at 5.
Sep 21 16:15:17 example.com systemd[1]: Stopped Gunicorn.
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Start request repeated too quickly.
Sep 21 16:15:17 example.com systemd[1]: gunicorn.service: Failed with result 'exit-code'.
Sep 21 16:15:17 example.com systemd[1]: Failed to start Gunicorn.
Sep 21 16:15:18 example.com systemd[1]: gunicorn.service: Start request repeated too quickly.
Sep 21 16:15:18 example.com systemd[1]: gunicorn.service: Failed with result 'exit-code'.
Sep 21 16:15:18 example.com systemd[1]: Failed to start Gunicorn.
Sep 21 14:22:36 example.com systemd[7906]: gunicorn.service: Failed to execute command: Permission denied
Sep 21 14:22:36 example.com systemd[7906]: gunicorn.service: Failed at step EXEC spawning /home/django/bin/start-server.sh: Permission denied
Sep 21 14:23:40 example.com systemd[7940]: gunicorn.service: Failed to execute command: Permission denied
Sep 21 14:23:40 example.com systemd[7940]: gunicorn.service: Failed at step EXEC spawning /home/django/bin/start-server.sh: Permission denied
Sep 21 14:24:47 example.com systemd[7958]: gunicorn.service: Failed to execute command: Permission denied
Sep 21 14:24:47 example.com systemd[7958]: gunicorn.service: Failed at step EXEC spawning /home/django/bin/start-server.sh: Permission denied
Permission denied
.
.
.
I ran chown -R django:django /home/django. Now, the output of ls -lah /home/django is:
total 32K
drwxr-xr-x 5 django django 4.0K Sep 21 14:19 .
drwxr-xr-x 3 root root 4.0K Sep 21 14:04 ..
-rw-r--r-- 1 django django 220 Apr 4 2018 .bash_logout
-rw-r--r-- 1 django django 3.7K Apr 4 2018 .bashrc
-rw-r--r-- 1 django django 807 Apr 4 2018 .profile
drwxr-xr-x 4 django django 4.0K Sep 21 14:07 .venv
drwxr-xr-x 2 django django 4.0K Sep 21 15:58 bin
drwxr-xr-x 3 django django 4.0K Sep 21 14:08 blog
Solution
Thanks to Dmitry Belaventsev, the solution to this is to change
ExecStart=/home/django/bin/start-server.sh
to
ExecStart=/bin/bash /home/django/bin/start-server.sh
In the file /etc/systemd/system/gunicorn.service.

Your systemd service is setup to execute the script from behalf of django user. In the meantime:
ls -lah /home/django
total 32K
drwxr-xr-x 5 django django 4.0K Sep 21 14:19 .
drwxr-xr-x 3 root root 4.0K Sep 21 14:04 ..
-rw-r--r-- 1 django django 220 Apr 4 2018 .bash_logout
-rw-r--r-- 1 django django 3.7K Apr 4 2018 .bashrc
-rw-r--r-- 1 django django 807 Apr 4 2018 .profile
drwxr-xr-x 4 django root 4.0K Sep 21 14:07 .venv
drwxr-xr-x 2 root root 4.0K Sep 21 15:58 bin
drwxr-xr-x 3 root root 4.0K Sep 21 14:08 blog
As you can see:
drwxr-xr-x 3 root root 4.0K Sep 21 14:04 ..
and
drwxr-xr-x 2 root root 4.0K Sep 21 15:58 bin
which means:
/home directory belongs to root:root
/home/django/bin belongs to root:root
To let systemd execute a bash script from behalf of django user:
That script should be executable
All parent directories should have execution rights
All those directories and the script should be available for django user
The quickest solution:
chown -R /home/django django:django
Also you could play with group and group rights as well.

Gunicorn not running can't connect to sock file

I've got a gunicorn script that fails to load.
Here's it's code
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=sammy
Group=www-data
WorkingDirectory=/home/sammy/revamp
ExecStart=/home/sammy/revamp/revampenv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/home/sammy/revamp/revamp.sock revamp.wsgi:application
[Install]
WantedBy=multi-user.target
and the response from status
● gunicorn.service - gunicorn daemon
Loaded: loaded (/etc/systemd/system/gunicorn.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2017-07-19 14:17:56 UTC; 2min 1s ago
Process: 26564 ExecStart=/home/sammy/revamp/revampenv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/home/sammy/revamp/revamp.sock revamp.wsgi:application (code=exited, status=1/FAI
Main PID: 26564 (code=exited, status=1/FAILURE)
Jul 19 14:17:51 samuel-pc gunicorn[26564]: [2017-07-19 14:17:51 +0000] [26564] [INFO] Starting gunicorn 19.7.1
Jul 19 14:17:51 samuel-pc gunicorn[26564]: [2017-07-19 14:17:51 +0000] [26564] [ERROR] Retrying in 1 second.
Jul 19 14:17:52 samuel-pc gunicorn[26564]: [2017-07-19 14:17:52 +0000] [26564] [ERROR] Retrying in 1 second.
Jul 19 14:17:53 samuel-pc gunicorn[26564]: [2017-07-19 14:17:53 +0000] [26564] [ERROR] Retrying in 1 second.
Jul 19 14:17:54 samuel-pc gunicorn[26564]: [2017-07-19 14:17:54 +0000] [26564] [ERROR] Retrying in 1 second.
Jul 19 14:17:55 samuel-pc gunicorn[26564]: [2017-07-19 14:17:55 +0000] [26564] [ERROR] Retrying in 1 second.
Jul 19 14:17:56 samuel-pc gunicorn[26564]: [2017-07-19 14:17:56 +0000] [26564] [ERROR] Can't connect to /home/sammy/revamp/revamp.sock
Jul 19 14:17:56 samuel-pc systemd[1]: gunicorn.service: Main process exited, code=exited, status=1/FAILURE
Jul 19 14:17:56 samuel-pc systemd[1]: gunicorn.service: Unit entered failed state.
Jul 19 14:17:56 samuel-pc systemd[1]: gunicorn.service: Failed with result 'exit-code'.
the sock file isn't created in the folder, what am I doing wrong?

Looks like the user that you are using to run gunicorn as a service (sammy) does not have permission to access the project folder.
You can check the folder permission with ls -l
To change them you can do:
sudo chown sammy:sammy /home/sammy/revamp

Gunicorn 502 gateway linked to sock file's permission denied error

I'm setting up a django, gunicorn and nginx and when I visit the homepage I get a 502 gateway error.
The logs shows it's related to the permissions of the sock file
2017/07/01 09:59:18 [crit] 12237#12237: *23 connect() to unix:/home/sammy/revamp/revamp/revamp.sock failed (13: Permission denied) while connecting to upstream, client: 105.49.30.134, server: $
And the permissions are
srwxrwxrwx 1 sammy www-data 0 Jul 1 05:29 revamp.sock
gunicorn service is setup like so
[Service]
User=sammy
Group=www-data
WorkingDirectory=/home/sammy/revamp
ExecStart=/home/sammy/revamp/revampenv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/home/sammy/revamp/revamp.sock revamp.wsgi:application
[Install]
WantedBy=multi-user.target
the permissions look okay and systemctl status gunicorn is active.
UPDATE
The permissions for the folder are as follows
total 2128
drwxr-xr-x 3 sammy root 4096 Jun 28 05:21 account
-rw-r--r-- 1 sammy root 48 Jun 27 09:34 brain
-rw-r--r-- 1 sammy root 1037922 Jun 28 11:34 data.json
-rwxr-xr-x 1 sammy root 1087488 Jun 27 09:35 db.sqlite3
drwxr-xr-x 4 sammy root 4096 Jun 28 05:21 gallery
-rw-r--r-- 1 sammy root 1326 Jun 27 09:34 hip-hop.txt
-rwxr-xr-x 1 sammy root 0 Jun 27 09:34 lUhbv4PA5t.jpg
-rwxr-xr-x 1 sammy root 249 Jun 27 09:34 manage.py
-rwxr-xr-x 1 sammy root 473 Jun 27 09:34 names.txt
-rw-r--r-- 1 sammy root 211 Jun 27 09:34 nsfw
-rw-r--r-- 1 sammy root 417 Jun 27 09:34 obsene.txt
-rwxr-xr-x 1 sammy root 1803 Jun 27 09:34 phrases.txt
drwxr-xr-x 5 sammy root 4096 Jul 1 07:59 revamp
drwxrwxr-x 6 sammy sammy 4096 Jul 1 05:14 revampenv
srwxrwxrwx 1 sammy www-data 0 Jul 1 05:29 revamp.sock
-rw-r--r-- 1 sammy root 97 Jun 27 09:33 to do

Not only the file itself, but directories that lead to the file should be also accessible by the nginx process.
Check /home/sammy, /home/sammy/revamp directories' permissions.

Configuring hidden services for Tor in AWS

Can someone check what's wrong with this configuration?
AWS info:
EC2: Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-45-generic x86_64)
Security Group:
HTTP TCP 80 0.0.0.0/0
SSH TCP 22 0.0.0.0/0
ubuntu#ip-172-31-58-168:~$ tor --version
Tor version 0.2.8.9 (git-cabd4ef300c6b3d6).
ubuntu#ip-172-31-58-168:~$ nginx -v
nginx version: nginx/1.10.2
ubuntu#ip-172-31-58-168:~$ sudo service tor status
● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2016-10-20 10:03:51 ART; 1h 2min ago
Process: 667 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 667 (code=exited, status=0/SUCCESS)
Tasks: 0
Memory: 0B
CPU: 0
CGroup: /system.slice/tor.service
Oct 20 10:03:50 ip-172-31-58-168 systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Oct 20 10:03:51 ip-172-31-58-168 systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
ubuntu#ip-172-31-58-168:~$ sudo service nginx status
● nginx.service - LSB: Stop/start nginx
Loaded: loaded (/etc/init.d/nginx; bad; vendor preset: enabled)
Active: active (running) since Thu 2016-10-20 10:04:23 ART; 1h 2min ago
Docs: man:systemd-sysv-generator(8)
Process: 1284 ExecStart=/etc/init.d/nginx start (code=exited, status=0/SUCCESS)
Tasks: 2
Memory: 2.6M
CPU: 14ms
CGroup: /system.slice/nginx.service
├─1332 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.con
└─1333 nginx: worker process
Oct 20 10:04:23 ip-172-31-58-168 systemd[1]: Starting LSB: Stop/start nginx...
Oct 20 10:04:23 ip-172-31-58-168 systemd[1]: Started LSB: Stop/start nginx.
torrc (Tor configuration file)
ubuntu#ip-172-31-58-168:~$ cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/sitio1
HiddenServicePort 80 127.0.0.1:81
hostname and private_key files:
root#ip-172-31-58-168:/home/ubuntu# cat /var/lib/tor/sitio1/hostname
zptym3k5xi2dyngl.onion
root#ip-172-31-58-168:/home/ubuntu# cat /var/lib/tor/sitio1/private_key
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDPVfcNF7uaBTqgLZqfr9zOQKCXF4g5FsMFa+u8I46d4/UAgODD
w+DxpUf/wPM7ibSLPuuVU/WTq2+fMu8QXTX+AuMboca0REeSuxb+NUOQxpEBxKHy
vqKB6emRA3D6X1e2X1i2f/dC2kqa/8nkuTOw+nUJthGYHHlN5xlAyVl72QIDAQAB
AoGARIzDlcyW9iFsdLEfQlS+yGKNtebN3zIrYIuB8T5AVOudgYEazx7gLITc/S4q
PlalalallalalalalalalalalalalalalalalalalaxTsb3lKt1EAyF049lX9MKj
qPDLOyAFFW9SQq/HCe5stnQl1zLfRIbbhTX6esArvLnv7VECQQD9PsT8AnVvh9J4
ybzJr5M2KZxy90rGmeWCZLB0l3UHxX2AKOIWC9qekeAURqHRN9Ys9iWY4TgEQunN
vRK+4YM3AkEA0ZdZKsx/s1DDaaieSn4h7zez7bpXYCTnSGzYTelPaiRMrpo9Lmyu
3GFsW9zOWzJmHNxsSczxQWDeLx3t/FShbwJARtppApktgibeHC1VRJh694xs2T2X
DjnAnNrPA8/cTnBSzKijmMd4QyVNLF8Wpxputoelqueleeat84IS3JT7wQJAEICC
HMSNKWkqeZ81F1hnA5a3K/iH+KHvM9yeC0RbZFgHUZgDSSx1eBSTm4f/F18Yex0/
yW/BbwxZcgxBOKTRholaZHM2UZ3TG6DfdYxY/Pur9/rlbXMGhx1RJnbdWFkC1CnW
9D9i6oto0iWHS9c46o3phYDceWC9/tuh04NboXBsKg==
-----END RSA PRIVATE KEY-----
nginx site configuration file
root#ip-172-31-58-168:/home/ubuntu# cat /etc/nginx/conf.d/sitio1.onion
server {
listen 81;
server_name zptym3k5xi2dyngl.onion;
root /directorio/carpeta/sitio1;
index index.php index.html index.htm;
access_log /directorio/de/los/logs/hidden-access.log;
error_log /directorio/de/los/logs/hidden-error.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Finally, syslog and tor log
root#ip-172-31-58-168:/home/ubuntu# cat /var/log/syslog
Oct 20 10:04:21 ip-172-31-58-168 systemd[1]: Starting Anonymizing overlay network for TCP...
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Oct 20 10:04:22.078 [notice] Tor v0.2.8.9 (git-cabd4ef300c6b3d6) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Oct 20 10:04:22.079 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Oct 20 10:04:22.080 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Oct 20 10:04:22.080 [notice] Read configuration file "/etc/tor/torrc".
Oct 20 10:04:22 ip-172-31-58-168 tor[1162]: Configuration was valid
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.215 [notice] Tor v0.2.8.9 (git-cabd4ef300c6b3d6) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.229 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.229 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.229 [notice] Read configuration file "/etc/tor/torrc".
Oct 20 10:04:22 ip-172-31-58-168 tor[1168]: Oct 20 10:04:22.241 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 20 10:04:22 ip-172-31-58-168 systemd[1]: Started Anonymizing overlay network for TCP.
root#ip-172-31-58-168:/home/ubuntu# cat /var/log/tor/log
Oct 20 10:04:22.000 [notice] Tor 0.2.8.9 (git-cabd4ef300c6b3d6) opening log file.
Oct 20 10:04:22.215 [notice] Tor v0.2.8.9 (git-cabd4ef300c6b3d6) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
Oct 20 10:04:22.229 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 20 10:04:22.229 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 20 10:04:22.229 [notice] Read configuration file "/etc/tor/torrc".
Oct 20 10:04:22.241 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 20 10:04:22.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 20 10:04:22.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 20 10:04:22.000 [notice] Bootstrapped 0%: Starting
Oct 20 10:04:22.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Oct 20 10:04:22.000 [notice] Signaled readiness to systemd
Oct 20 10:04:23.000 [notice] Opening Socks listener on /var/run/tor/socks
Oct 20 10:04:23.000 [notice] Opening Control listener on /var/run/tor/control
Oct 20 10:04:24.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Oct 20 10:04:24.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Oct 20 10:04:24.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Oct 20 10:04:24.000 [notice] Bootstrapped 100%: Done
Traffic gets to my hidden service but "Unable to connect"
arm - screenshot
This exact configuration works on a server at my home.