We Keep Coding

Deploying Django, Gunicorn, Nginx, Virtualenv on Digital ocean gives me 502 Bad Gateway & Gunicorn can't read Secret Key

I've been trying to deploy for 2 days now and It seems like I can't get it to work even though I went through many articles, StackOverflow questions, and Digital Ocean Tutorials.
My main tutorial is this one: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04?comment=47694#create-and-configure-a-new-django-project
when I bind my gunicorn file (see command below) and go to my_ip_address:8001 everything works fine
gunicorn --bind 0.0.0.0:8001 vp.wsgi:application
But at the part where I created and edited my gunicorn.service file:
sudo nano /etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=tony
Group=www-data
WorkingDirectory=/home/tony/vp/vp/
ExecStart=/home/tony/vp/vpenv/bin/gunicorn --workers 3 --bind unix:/home/tony/vp/vp/vp.sock vp.wsgi:application
[Install]
WantedBy=multi-user.target
And my nginx file (I replaced my ip address with my_ip_address for privacy)
sudo nano /etc/nginx/sites-available/vp
server {
listen 80;
server_name my_ip_address;
location = /facivon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/tony/vp;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/tony/vp/vp/vp.sock;
}
}
I get a bad gateway 502 error.
Even after reloading everything:
(vpenv) ~/vp/vp$ sudo systemctl daemon-reload
(vpenv) ~/vp/vp$ sudo systemctl start gunicorn
(vpenv) ~/vp/vp$ sudo systemctl enable gunicorn
(vpenv) ~/vp/vp$ sudo systemctl restart nginx
So I checked the status of gunicorn:
(vpenv) ~/vp/vp$ sudo systemctl status gunicorn
And get the error:
gunicorn.service - gunicorn daemon
Loaded: loaded (/etc/systemd/system/gunicorn.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2017-04-23 13:41:09 UTC; 18s ago
Main PID: 15438 (code=exited, status=3)
Apr 23 13:41:09 vp-first gunicorn[15438]: SECRET_KEY = os.environ["VP_SECRET_KEY"]
Apr 23 13:41:09 vp-first gunicorn[15438]: File "/home/tony/vp/vpenv/lib/python3.5/os.py", line 7
Apr 23 13:41:09 vp-first gunicorn[15438]: raise KeyError(key) from None
Apr 23 13:41:09 vp-first gunicorn[15438]: KeyError: 'VP_SECRET_KEY'
Apr 23 13:41:09 vp-first gunicorn[15438]: [2017-04-23 13:41:09 +0000] [15445] [INFO] Worker exitin
Apr 23 13:41:09 vp-first gunicorn[15438]: [2017-04-23 13:41:09 +0000] [15438] [INFO] Shutting down
Apr 23 13:41:09 vp-first gunicorn[15438]: [2017-04-23 13:41:09 +0000] [15438] [INFO] Reason: Worke
Apr 23 13:41:09 vp-first systemd[1]: gunicorn.service: Main process exited, code=exited, status=3/
Apr 23 13:41:09 vp-first systemd[1]: gunicorn.service: Unit entered failed state.
Apr 23 13:41:09 vp-first systemd[1]: gunicorn.service: Failed with result 'exit-code'.
^X
I have placed my Secret Key in both ~./bashrc (and did source ~./bashrc), and in my virtualenv activate file (and did source vpenv/bin/activate).
The .sock file is nowhere to be found!
Some notes:
Before, I was getting an other error that gunicorn could not boot and my gunicorn and nginx config paths looked like this:
Gunicorn:
WorkingDirectory=/home/tony/vp/
ExecStart=/home/tony/vp/vpenv/bin/gunicorn --workers 3 --bind unix:/home/tony/vp/vp.sock vp.wsgi:application
Nginx:
location / {
include proxy_params;
proxy_pass http://unix:/home/tony/vp/vp.sock;
}
As you can see the paths were vp/vp.sock not vp/vp/vp.sock as they are now.
When I do:
$ ps -aux | grep gunicorn
I get:
tony 15624 0.0 0.1 12944 976 pts/3 S+ 13:57 0:00 grep --color=auto gunicorn
Which means there is an error.
my nginx error log file:
2017/04/23 13:41:19 [crit] 15491#15491: *2 connect() to unix:/home/tony/vp/vp/vp.sock failed (2: No such file or directory) while connecting to upstream, client: Client.IP, server: Server.IP, request: "GET / HTTP/1.1", upstream: "http://unix:/home/tony/vp/vp/vp.sock:/", host: "Server.IP"
2017/04/23 13:41:19 [crit] 15491#15491: *2 connect() to unix:/home/tony/vp/vp/vp.sock failed (2: No such file or directory) while connecting to upstream, client: Client.IP, server: Server.IP, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/home/tony/vp/vp/vp.sock:/favicon.ico", host: "Server.IP", referrer: "http://Server.IP/"
Here is my wsgi.py file:
import os
from django.core.wsgi import get_wsgi_application
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings.production")
application = get_wsgi_application()
And yes I use multiple settings files.
I have to say that this is my first time deploying but I do my best to understand everything.
Hope you can help!!!

The new user I created did not have permission to access .bashrc
What I did was I placed my environment variables inside my gunicorn.service file like this:
[Service]
Environment=VP_SECRET_KEY=<value>
restarted everything:
sudo systemctl daemon-reload
sudo systemctl start gunicorn
sudo systemctl enable gunicorn
sudo systemctl restart nginx
And done!

Gunicorn and Django error permission denied for sock

Trying to setup a site with django and gunicorn getting this error in the nginx log file:
2017/01/31 07:04:50 [crit] 30386#30386: *1 connect() to unix:/home/ubuntu/webapps/kenyabuzz/kb.sock failed (13: Permission denied) while connecting to upstream, client: 197.232.12.165, server: kenyabuzz.nation.news, request: "GET / HTTP/1.1", upstream: "http://unix:/home/ubuntu/webapps/kenyabuzz/kb.sock:/", host: "kenyabuzz.nation.news"
static files are served correctly. The gunicorn file in nginx/sites-enabled settings
#kb gunicorn nginx settings
server {
listen 80;
server_name kenyabuzz.nation.news;
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /home/ubuntu/webapps/kenyabuzz/kb/media; # your Django project's media files - amend as required
}
location /static {
alias /home/ubuntu/webapps/kenyabuzz/kb/static; # your Django project's static files - amend as required
}
location /favicon.ico {
alias /home/ubuntu/webapps/kenyabuzz/kb/static/kb/favicon.ico; # favicon
}
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/webapps/kenyabuzz/kb.sock;
}
}
and the gunicorn setting /etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/webapps/kenyabuzz
ExecStart=/home/ubuntu/djangoenv/bin/gunicorn --workers 10 --bind unix:/home/ubuntu/kenyabuzz/kb.sock kb.wsgi:application
[Install]
WantedBy=multi-user.target
checked the status of gunicorn
ubuntu#ip-172-31-16-133:/etc/nginx/sites-enabled$ sudo systemctl status gunicorn
● gunicorn.service - gunicorn daemon
Loaded: loaded (/etc/systemd/system/gunicorn.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2017-01-31 06:59:49 UTC; 8min ago
Main PID: 30281 (code=exited, status=203/EXEC)
Jan 31 06:59:48 ip-172-31-16-133 systemd[1]: Started gunicorn daemon.
Jan 31 06:59:49 ip-172-31-16-133 systemd[1]: gunicorn.service: Main process exited, code=exited, sta
Jan 31 06:59:49 ip-172-31-16-133 systemd[1]: gunicorn.service: Unit entered failed state.
Jan 31 06:59:49 ip-172-31-16-133 systemd[1]: gunicorn.service: Failed with result 'exit-code'.

You have your gunicorn process running as user Ubuntu and Group www-data
[Service]
User=ubuntu
Group=www-data
Typically in ubuntu, nginx runs as www-data. I See that you have defined www-data as the group for gunicorn. Therefore you can solve this problem by
chmod g+x /home/ubuntu/
chmod g+r /home/ubuntu/
Assuming that you have www-data as the group for the above folder. If not you can change it with
sudo chgrp www-data /home/ubuntu/

uwsgi & Django with port 80

If I run uwsgi with uwsgi --ini kb_uwsgi.ini --http :80 it gives me an error:
[uWSGI] getting INI configuration from kb_uwsgi.ini
*** Starting uWSGI 2.0.14 (64bit) on [Thu Jan 26 12:34:51 2017] ***
compiled with version: 5.4.0 20160609 on 06 January 2017 11:55:37
os: Linux-4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016
nodename: ip-172-31-16-133
machine: x86_64
clock source: unix
detected number of CPU cores: 4
current working directory: /home/ubuntu/webapps/kenyabuzz
detected binary path: /usr/local/bin/uwsgi
!!! no internal routing support, rebuild with pcre support !!!
chdir() to /home/ubuntu/webapps/kenyabuzz
your processes number limit is 64137
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
bind(): Permission denied [core/socket.c line 769]
the site loads however if i preceed the command with sudo or use port :8000 eg uwsgi --ini kb_uwsgi.ini --http :8000
Now I tried to make the site live with nginx and uwsgi I get a 502 Bad Gateway nginx/1.10.0 (Ubuntu) nginx works okay because the favicon loads and I can access static files with \static\... I know this is Django having an issue rendering. I've tried also loading uwsgi --ini kb_uwsgi.ini --http :8000 without loading the djangoenv and it still loads.
The kb_uwsgi.ini file looks like this:
# kb_uwsgi.ini file
[uwsgi]
# Django-related settings
# the base directory (full path)
chdir = /home/ubuntu/webapps/kenyabuzz
# Django's wsgi file
module = kb.wsgi
# the virtualenv (full path)
home = /home/ubuntu/webapps/djangoenv
# process-related settings
# master
master = true
# maximum number of worker processes
processes = 10
# the socket (use the full path to be safe
socket = /tmp/kb.sock
# ... with appropriate permissions - may be needed
# chmod-socket = 664
# clear environment on exit
vacuum = true
and the kb_nginx.conf like so
# kb.conf
# the upstream component nginx needs to connect to
upstream django {
server unix:///tmp/kb.sock; # for a file socket
#server 0.0.0.0:8001; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 80;
# the domain name it will serve for
server_name kenyabuzz.nation.news; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /home/ubuntu/webapps/kenyabuzz/kb/media; # your Django project's media files - amend as required
}
location /static {
alias /home/ubuntu/webapps/kenyabuzz/kb/static; # your Django project's static files - amend as required
}
location /favicon.ico {
alias /home/ubuntu/webapps/kenyabuzz/kb/static/kb/favicon.ico; # favicon
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/ubuntu/webapps/kenyabuzz/uwsgi_params; # the uwsgi_params file you installed
}
}
The log has:
2017/01/26 13:02:17 [crit] 4065#4065: *10 connect() to unix:///tmp/kb.sock failed (2: No such file or directory) while connecting to upstream, client: 197.232.12.165, server: kenyabuzz.nation.news, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///tmp/kb.sock:", host: "kenyabuzz.nation.news"
uwsgi should create the file automatically (it does) and it deletes it when it's closed using the example above.
Appreciate any help on this.
UPDATE
edited the .ini file and uncommented out the chmod-socket=664 the kb.sock file is still not created on restarting nginx.

For nginx:
# kb.conf
...
# the upstream component nginx needs to connect to
upstream django {
server unix:/tmp/kb.sock;
}
...
For uWSGI:
# kb_uwsgi.ini file
[uwsgi]
...
# the socket (use the full path to be safe
socket = /tmp/kb.sock
chmod-socket = 666
...

uWSGI configuration with FlaskApp

In effort to switch to Nginx, I'm running into configuration problems and getting a 502 Gateway error. Here is error log on connection:
tail -f error.log
2016/10/08 16:09:31 [crit] 21682#21682: *29 connect() to unix:/var/www/FlaskApp/FlaskApp/runserver.sock failed (13: Permission denied) while connecting to upstream, client: 73.188.249.47, server: ceejcalvert.com, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/var/www/FlaskApp/FlaskApp/runserver.sock:", host: "website.com"
If I'm in the terminal on the server I can get the site up by manually directing the socket via:
This command will get everything working if run:
uwsgi -s /var/www/FlaskApp/FlaskApp/runserver.sock -w runserver:app --chmod-socket=666
The issue is I cannot get it working in daemon mode. My configuration is as follows:
$ cat /etc/systemd/system/runserver.service
[Unit]
Description=uWSGI instance to serve runserver
After=network.target
[Service]
User=username
Group=www-data
WorkingDirectory=/var/www/FlaskApp/FlaskApp
Environment="PATH=/var/www/FlaskApp/FlaskApp/venv/bin"
ExecStart=/var/www/FlaskApp/FlaskApp/venv/bin/runserver.sock --ini runserver.ini
[Install]
WantedBy=multi-user.target
...
cat /var/www/FlaskApp/FlaskApp/runserver.ini
[uwsgi]
module = wsgi:app
master = true
processes = 5
logto = /home/jmc856/error.log
socket = runserver.sock
chmod-socket = 666
vacuum = true
die-on-term = true
Assume site-available is linked to sites-enabled
cat /etc/nginx/sites-available/runserver
server {
listen 80;
server_name website.com;
location / {
include uwsgi_params;
uwsgi_pass unix:/var/www/FlaskApp/FlaskApp/runserver.sock;
}
}
Anything obvious I'm missing?
When I run the following, I get exit code 3.
sudo systemctl status runserver
runserver.service - uWSGI instance to serve runserver
Loaded: loaded (/etc/systemd/system/runserver.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2016-10-08 16:08:45 EDT; 20min ago
Main PID: 22365 (code=exited, status=203/EXEC)
Oct 08 16:08:45 FirstNameLastName.com systemd[1]: Stopped uWSGI instance to serve runserver.
Oct 08 16:08:45 FirstNameLastName.com systemd[1]: Started uWSGI instance to serve runserver.
Oct 08 16:08:45 FirstNameLastName.com systemd[1]: runserver.service: Main process exited, code=exited, status=203/EXEC
Oct 08 16:08:45 FirstNameLastName.com systemd[1]: runserver.service: Unit entered failed state.
Oct 08 16:08:45 FirstNameLastName.com systemd[1]: runserver.service: Failed with result 'exit-code'.

Solved my issue. For the most part my configurations were fine. Here is a checklist of things to ensure if you get 502 gateway errors.
1) I first added all absolute paths to config files. For example I changed my systemd config to:
$ cat /etc/systemd/system/runserver.service
[Unit]
Description=uWSGI instance to serve runserver
After=network.target
[Service]
User=username
Group=www-data
WorkingDirectory=/var/www/FlaskApp/FlaskApp
Environment="PATH=/var/www/FlaskApp/FlaskApp/venv/bin"
ExecStart=/var/www/FlaskApp/FlaskApp/venv/bin/runserver.sock --ini /var/www/FlaskApp/FlaskApp/runserver.ini
[Install]
WantedBy=multi-user.target
2) Changed .ini file to directly call uWSGI app:
cat /var/www/FlaskApp/FlaskApp/runserver.ini
[uwsgi]
chdir=/var/Webpage/
wsgi-file = wsgi.py
callable = app
master = true
processes = 5
logto = /home/error.log
socket = runserver.sock
chmod-socket = 666
vacuum = true
die-on-term = true
3) Ensure FlaskApp host is 0.0.0.0:
if __name__ == "__main__":
app.run(host='0.0.0.0')
4) Use these commands to try to find out where things are failing.
Make sure configs have proper syntax
$ sudo nginx -t
Make sure nginx daemon running properly
$ systemctl status nginx.service
Ensure uWSGI instance to serve {app} is running.
$ systemctl
If all is good and still finding errors, search for failure in
$ sudo journalctl
And
$ sudo tail -f /var/log/nginx/error.log
If everything is running properly, make sure you perform the following:
$ sudo systemctl restart {app}
$ sudo start {app}
$ sudo enable {app}
That last command was something I forgot and prevented me from realizing my configuration was fine for a long time. In my case {app} was 'runserver'

I've been using this Docker image for all my nginx and flask apps
https://github.com/tiangolo/uwsgi-nginx-flask-docker

deploying django app on nginx with uwsgi returns a 502 - permission denied

I'm trying to setup a simple django app on nginx with uswgi.
When I send a request, it returns a 502 bad gateway.
Here is my uwsgi.ini
[uwsgi]
master = true
socket = /usr/share/nginx/firstsite/nginx.sock
chdir = /usr/share/nginx/firstsite
wsgi-file = /usr/share/nginx/firstsite/firstsite/wsgi.py
chmod-socket = 664
vacuum = true
uwsgi output:
uwsgi --ini uwsgi.ini
[uWSGI] getting INI configuration from uwsgi.ini
*** Starting uWSGI 2.0.11.2 (64bit) on [Sat Jun 18 15:09:30 2016] ***
compiled with version: 4.8.3 20140911 (Red Hat 4.8.3-9) on 02 December 2015 19:47:02
os: Linux-3.10.0-327.4.4.el7.x86_64 #1 SMP Tue Jan 5 16:07:00 UTC 2016
nodename: centos_prod
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 8
current working directory: /usr/share/nginx/firstsite
detected binary path: /root/venv/bin/uwsgi
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) ***
chdir() to /usr/share/nginx/firstsite
your processes number limit is 94006
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /usr/share/nginx/firstsite/nginx.sock fd 3
Python version: 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x21f6ce0
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 145536 bytes (142 KB) for 1 cores
*** Operational MODE: single process ***
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x21f6ce0 pid: 3421 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 3421)
spawned uWSGI worker 1 (pid: 3426, cores: 1)
nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
upstream django {
server unix:///usr/share/nginx/firstsite/nginx.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/firstsite;
client_max_body_size 300M; # adjust to taste
location /media {
alias /usr/share/nginx/firstsite/media;
}
location /static {
alias /usr/share/nginx/firstsite/static;
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /usr/share/nginx/firstsite/uwsgi_params; # the uwsgi_params file you installed
}
}
}
I'm not using a virtualenv and my manage.py is in /usr/share/nginx/firstsite/
I'm able to run the app without nginx on uwsgi with:
uwsgi --wsgi-file /usr/share/nginx/firstsite/firstsite/wsgi.py --http :80
but what I'm trying to do is let nginx use port 80 and uwsgi use file socket.
Please help.
Update:
I don't know why I was not seeing any error before, but now nginx error log says:
nginx Permission denied while connecting to upstream
so looking at this
I tried adding these options to uwsgi:
--uid root --gid www-data
so the socket file is owned by root which is part of the www-data group.
I'm still getting a permission error.
[crit] 6804#0: *1 connect() to unix:///usr/share/nginx/firstsite/nginx.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.168.201, server: _, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/firstsite/nginx.sock:"
Update:
I'm still running into permission issue.
I created a django user and a django group.
Both nginx and django users are members of django group.
Changed ownership of all the folders under
/usr/share/nginx/firstsite
owned by django.
set --gid and --uid to django.
ran
uwsgi --ini /usr/share/nginx/firstsite/uwsgi.ini
as root. I got the permission error.
ran:
runuser -l django -c "uwsgi --ini /usr/share/nginx/firstsite/uwsgi.ini"
the same.
Note that /usr/share/nginx is owned by root.
I tried changing the nginx config file:
uwsgi_pass unix:///usr/share/nginx/firstsite/nginx.sock;
restarted nginx and ran uwsgi. I'm getting this error:
connect() to unix:///usr/share/nginx/firstsite/nginx.sock failed (13: Permission denied) while connecting to upstream, client: 192.123.123.123, server: _, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///usr/share/nginx/firstsite/nginx.sock:"
I also had to setup a python virtualenv and set home in uwsgi.ini to detect django but I cannot get passed this socket failure.