I have gotta my project setup with uwsgi, django, nginx Everything seems to be working fine but somehow I keep on getting the error on getting static files I have been reading through online and tried all the possible ways but I keep on getting this permission denied error on my static folder.
Can someone please let me know what I have done wrong with the permission and how I should change it?
this is my /var/log/nginx/error.log
open() "/root/project/static/*.css" failed (13: Permission denied), client: 2xx.xx.xx.xxx, server: _, request: "GET /static/*.css HTTP/1.1", host: "1xx.xx.xx.xxx"
This is my nginx site-available config
server {
listen 80 default_server;
listen [::]:80 default_server;
# root /var/www/html;
# Add index.php to the list if you are using PHP
# index index.html index.htm index.nginx-debian.html;
server_name _;
#location = /favicon.ico { access_log off; log_not_found off; }
#location /media {
# root /root/project/mediafiles;
#}
location ^~ /static/ {
allow all; # this is from one of the posts but no luck
auth_basic off; # this is from one of the posts but no luck
root /root/project;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi/project.sock;
}
}
as my folder permission
for project folder it's drwxr-xr-x 23 www-data www-data
for static folder it's drwxr-x--- 8 www-data www-data 4096 May 23 14:40 static
I never made the permission to static 755 too but no luck.
Anyways, this is using root as user instead of having an extra user and root is also in group of www-data
Thanks in advance for all the help.
EDIT:
As suggested this is the output of ps aux | grep nginx
root 810 0.0 0.0 124972 1440 ? Ss 02:18 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 811 0.0 0.0 125688 4840 ? S 02:18 0:00 nginx: worker process
www-data 812 0.0 0.0 125348 3196 ? S 02:18 0:00 nginx: worker process
root 1159 0.0 0.0 14224 1004 pts/0 S+ 04:25 0:00 grep --color=auto nginx
The problem I am guessing is the fact that your project root directory is at /root. The default permissions for /root are:
drwx------ 14 root root 4096 May 8 12:47 root
As you can see, other users, such as www-data don't even have read access to the /root directory. In Linux FS, if you need to read something at a path/a/b/c, you need to have read access to each of the folders in that path.
The Nginx worker process runs as user www-data which is trying to open a file that is rooted at /root where this user does not have read permissions, and therefore raising a Permission denied (13).
See this demo for more detail:
$ cat /root/test2/text.txt
cat: /root/test2/text.txt: Permission denied
$ sudo cat /root/test2/test.txt
A
$ sudo ls -la /root/ | grep test2
drwxrwxrwx 2 root root 4096 May 24 02:04 test2
Hope this makes sense. The solution would be on of the following:
Run nginx workers as root (not recommended)
Move your project directory to a location that is designed to be accessed by multiple users such as /usr/local/share or /var/www/ (recommended)
I have the same problem. My nginx server on Centos 7.6 can't access to static folder in path /home/user/app/mysyte/static/. In /var/log/nginx/error.log same error open() "/home/user/app/mysyte/static/*.css" failed (13: Permission denied)
For solving this problem look at this page issue 2
i was running into the same problem and i found this answer useful!
Nginx connet to .sock failed (13:Permission denied) - 502 bad gateway
What I simply did was changing the name of the user on the first line in /etc/nginx/nginx.conf file.
In my case the default user was www-data and I changed it to my root machine username.
Related
I tried to follow the nginx document here https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html. But stuck at Configure nginx for your site. I restarted nginx and it said "nginx: [emerg] open() "/home/hanys/oligoweb/uwsgi_params" failed (13: Permission denied) in /etc/nginx/sites-enabled/oligoweb.conf:19".
My site.ini:
[uwsgi]
chdir = /home/hanys/oligoweb/
module = oligoweb.wsgi
home = /home/hanys/.virtualenv/oligo-env
master = true
processes = 10
socket = /home/hanys/oligoweb/oligoweb.sock
chmod-socket = 666
vacuum = true
daemonize = /home/hanys/uwsgi-emperor.log
uid = www-data
gid = www-data
my site.conf in /etc/nginx/sites-available/
upstream django {
server unix:///home/hanys/oligoweb/oligoweb.sock;
}
server {
listen 80;
server_name IP address here;
charset utf-8;
# max upload size
client_max_body_size 75M;
# Django media and static files
location /static {
alias /home/hanys/oligoweb/static;
}
# Send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/hanys/oligoweb/uwsgi_params;
}
}
uwsgi_params has 664 permission. I tried chmod 777 uwsgi_params but it didnt work.
Any help will be appreciated!
In general, uwsgi_params is already shipped with your Nginx, so all you need is include uwsgi_params (so it refers to /etc/nginx/uwsgi_params or similar).
If that is not the case, you will likely also need to give Nginx enough permissions to read the directory structure that file is in, not just the file itself.
I am trying to deploy django project on digitalocean using nginx and gunicorn.
My project have the following structure
projects
|_isli
|_isli
|_forecast #project directory
|_manage.py
|_forecast.sock
|_forecast
|_wsgi.py
|_settings.py
|_urls.py
My project created inside root directory without creating additional sudo user. I know that isn't right solution but i decide so.
In my settings.py file inside allowed hosts i specified ip address
ALLOWED_HOSTS = ['165.22.23.233']
In official digitalocean docs have tutorial about deploying django using nginx and gunicorn Deploying django using Nginx and Gunicorn
in this article used method where gunicorn setted up as socet here is my setup /etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=root
Group=root
WorkingDirectory=/root/projects/isli/isli/forecast
ExecStart=/root/projects/isli/env/bin/gunicorn --log-level debug --error-logfile /var/log/gunicorn/error.log --access-logfile /var/log/gunicorn/access.log --workers 3 --bind unix:/root/projects/isli/isli/forecast/forecast.sock forecast.wsgi:application
[Install]
WantedBy=multi-user.target
after creating gunicorn.service file i run systemctl start gunicorn than systemctl enable gunicorn after it in my project directory was created forecast.sock file
Than i setup nginx in /etc/nginx/sites-available/forecast with following
server {
listen 165.22.23.233:80;
location = /favicon.ico {access_log off; log_not_found off;}
location / {
include proxy_params;
proxy_pass http://unix:/root/projects/isli/isli/forecast/forecast.sock;
}
}
Than systemctl restart nginx
When i am trying to access http://165.22.23.233:80 from browser its promt me 502 bad gateway. After it in /var/log/nginx/error.log file i see following
2020/02/09 16:29:01 [crit] 13533#13533: *11 connect() to unix:/root/projects/isli/isli/forecast/forecast.sock failed (
13: Permission denied) while connecting to upstream, client: 178.176.218.110, server: , request: "GET / HTTP/1.1", upstream: "http://unix:/root/projects/isli/isli/forecast/forecast.sock:/", host: "165.22.23.233"
As i understood through this error my problem is that nginx can not access to /root/projects/isli/isli/forecast/forecast.sock file. After it i tried to check permissions to each entity of above path by
namei -nom /root/projects/isli/isli/forecast/forecast.sock
And here is output
f: /root/projects/isli/isli/forecast/forecast.sock
drwxr-xr-x root root /
drwx------ root root root
drwxr-xr-x root root projects
drwxr-xr-x root root isli
drwxr-xr-x root root isli
drwxr-xr-x root root forecast
srwxrwxrwx root root forecast.sock
In output above root user have permissions to each entity to my socket path but why error say me that permission denied
You need to separate listen from server_name:
server {
listen 80;
server_name 165.22.23.233; # (Example 192.168.0.1, example.com)
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /root/projects/isli/isli/forecast/;
}
location / {
include proxy_params;
proxy_pass http://unix:/root/projects/isli/isli/forecast/forecast.sock;
}
}
Hi~ I'm deploying a website in CentOS 6.5. The framework is django1.7. I use nginx and uwsgi.
The website is now available except 403 Forbidden for all static files.
I have googled a few hours, and have changed the whole site folder as chmod 777. The owner of folder is kltc, and user in nginx.conf is also kltc.
I have no idea why the problem is still Permission denied.
nginx.conf
user kltc;
worker_processes 1;
kuaileticao.miyayx.me
server {
# the port your site will be served on
listen 80;
# the domain name it will serve for
server_name kuaileticao.miyayx.me; # substitute your machine's IP address or FQDN
charset utf-8;
access_log /srv/www/nginx/kuaileticao.miyayx.me/access.log;
error_log /srv/www/nginx/kuaileticao.miyayx.me/error.log;
location /static {
autoindex on;
alias /home/kltc/Project/sunny_sports/sunny_sports/static;
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass 127.0.0.1:8001;
include uwsgi_params; # the uwsgi_params file you installed
}
}
uwsgi.ini
[uwsgi]
# the base directory (full path)
chdir=/home/kltc/Project/sunny_sports
# Django's wsgi file
module=sunny_sports.wsgi:application
master=true
# maximum number of worker processes
processes=10
# the socket (use the full path to be safe
socket=127.0.0.1:8001
chmod-socket=664
chown-socket=kltc:kltc
pidfile=/tmp/project-master.pid
# clear environment on exit
vacuum=true
max-requests=5000
daemonize=sunny_sports.uwsgi.log
error.log
[error] 34335#0: *73 open() "/home/kltc/Project/sunny_sports/sunny_sports/static/css/font-awesome.min.css" failed (13: Permission denied), client: 157.7.154.194, server: kuaileticao.miyayx.me, request: "GET /static/css/font-awesome.min.css HTTP/1.1", host: "kuaileticao.miyayx.me", referrer: "http://kuaileticao.miyayx.me/"
[kltc#localhost static]$ pwd
/home/kltc/Project/sunny_sports/sunny_sports/static
[kltc#localhost static]$ ls -l
total 32
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 avatars
4 drwxrwxrwx. 7 kltc kltc 4096 Feb 25 18:51 css
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 custom
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 font
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 fonts
4 drwxrwxrwx. 3 kltc kltc 4096 Feb 25 18:51 images
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 img
4 drwxrwxrwx. 10 kltc kltc 4096 Feb 26 08:18 js
>
[kltc#localhost static]$ ps -aux | grep nginx
root 37444 0.0 0.0 110008 2048 ? Ss 09:02 0:00 nginx: master process /usr/sbin/nginx
kltc 37445 0.0 0.0 112548 3700 ? S 09:02 0:00 nginx: worker process
I have tried several methods. Such as, change the nginx.conf user to root. But none of them worked.
Hope for your help. Thank you!
Make sure that you chown parent directory of your project (/home) to be readable by the nginx worker.
chown -R kltc:kltc /home
chmod -R ug+r /home
Make sure that you have the STATIC_ROOT declared in your settings file.
Also, try running python manage.py collectstatic --noinputbefore running the server.
Hope that works!
I am using uWsgi to deploy my django site here is my uWsgi.ini:
[uwsgi]
socket=/var/run/uwsgi.sock
virtualenv=/root/edupalm/env/
chdir=/root/edupalm/edupalm
master=True
workers=8
pidfile=/var/run/uwsgi-master.pid
max-requests=5000
module=edupalm.wsgi:application
and using nginx, here is my configuration:
server {
listen 9000;
server_name 162.243.146.127;
access_log /var/log/nginx/edupalm_access.log;
error_log /var/log/nginx/edupalm_error.log;
location /static/ {
alias /root/edupalm/edupalm/static/;
}
location / {
uwsgi_pass unix:///var/run/uwsgi.sock;
}
}
but I am having 502 Bad Gateway
here is the logs:
nginx:
2013/11/26 08:31:09 [error] 1758#0: *57 upstream prematurely closed connection while reading response header from upstream, client: 197.160.112.183, server: 162.243.146.127, request: "GET /admin HTTP/1.1", upstream: "uwsgi://unix:///var/run/uwsgi.sock:", host: "162.243.146.127:9000"
uwsgi:
-- unavailable modifier requested: 0 --
nginx is running on user www-data and uwsgi is running as root
It's advisable to use new user for your project, not root
The problem is in configuration, you should to add
plugin=python
for permissions it's better to use www-data user/group:
uid = www-data
gid = www-data
chmod-socket = 777
chown-socket = www-data
It looks like you are using a distribution package instead of official uWSGI sources. Just load (after having installed it) the python plugin with plugin = python in your config
http://uwsgi-docs.readthedocs.org/en/latest/WSGIquickstart.html
location / {
uwsgi_pass unix:///var/run/uwsgi.sock;
include uwsgi_params;
uwsgi_param SCRIPT_NAME '';
}
I similarly had this problem for a combination of Django, uWSGI and nginx running behind CloudFront. It turned out for me that the routing table in CloudFront didn't behave as expected, so some of the callbacks weren't received.
Specifically, route "/" stole traffic from "*".
There was another issue where my Django server was running unexpected code; as a user logging in caused their User model to be changed, which I hadn't predicted for some reason. So yeah, don't rule out that your Django server might be legitimately busy, causing a timeout of the socket.
I am trying to get fastcgi to work on nginx. I know the config file is correct becuase it worked before and i suspect my c++ program and how I set the fcgi file to be read by nginx. These are the steps I undertake. I am using Ubuntu, nginx, c++ with fastcgi. What did I do wrong?
1) Compile the program
g++ -o rtbCookieServer.fcgi rtbCookieServer.o -lfcgi++ -lboost_system -lcgicc -L/home/cpp/mongo-cxx-driver-v2.0 -I/home/cpp/mongo-cxx-driver-v2.0/mongo
2) move rtbCookieServer.fcgi into /var/www
3) sudo /var/www chmod a+x rtbCookieServer.fcgi
4) Run the below
spawn-fcgi.standalone -u root -g root -G www-data -a 127.0.0.1 -p 9000 -f /var/www/rtbCookieServer.fcgi
spawn-fcgi: child spawned successfully: PID: 2398
if I try and run the command as root I get this:
spawn-fcgi: I will not set uid to 0
5) browse to http://127.0.0.1/rtbCookieServer.fcgi where I get a 502 error and this error in my log file
2012/01/23 15:19:03 [error] 1189#0: *1 upstream closed prematurely FastCGI stdout while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /rtbCookieServer.fcgi HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "127.0.0.1"
When I look what is listening on port 9000 I get the below alomg with some other diagnostics:
sudo lsof -i :9000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rtbCookie 2398 marktest 0u IPv4 17598 0t0 TCP localhost:9000 (LISTEN)
netstat -an | grep 9000
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN
ps auxww | grep rtbCookieServer.fcgi
1000 2398 0.0 0.0 24616 360 ? Ss 15:08 0:00 /var/www/rtbCookieServer.fcgi
Now..1) why does the command say rtbCookie and not rtbCookieServer? even when I kill the process and rerun the spawn command ...still says rtbCookie. Should it not say rtbCookieServer? Also, why does it say marktest for user rather than root?
for Diagnostis I run ./rtbCookieServer.fcgi --9000 and the get the expected output.
Here are my file permissions.
-rwxr-xr-x 1 root root 1580470 2012-01-23 14:28 rtbCookieServer.fcgi
Here is my config file:
server {
listen 80;
server_name localhost;
location ~ \.fcgi$ {
root /var/www;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.html;
fastcgi_param SCRIPT_FILENAME /$fastcgi_script_name;
include fastcgi_params;
}
}
It says rtbCookie because lsof uses fixed width columns and rtbCookie is all that fits.
Sounds like it get's confused while it is processing the headers you send back. I suspect you have a slight formatting error in your response. Each header should end with \r\n
Between the last header and the body of your response must be an empty line also ending with \r\n