I'm learning to deploy my Flask app onto an Ubuntu AWS EC2 instance and am following the Digital Ocean tutorial. I'm and am encountering one final issue: I'm got my Gunicorn booted up and working using this command: gunicorn --workers 3 --bind unix:project.sock -m 007 wsgi:app to create 3 worker threads and a socket called project.sock.
[2018-02-23 17:14:49 +0000] [INFO] Booting worker with pid: X
[2018-02-23 17:14:49 +0000] [INFO] Booting worker with pid: X
[2018-02-23 17:14:49 +0000] [INFO] Booting worker with pid: X
Connection initialized.
Connection initialized.
Connection initialized.
But I'm encountering errors when attempting to have Nginx connect to my project.sock from Gunicorn- a 502 Bad Gateway error.
Here's my /etc/nginx/sites-available/project configurations:
server {
listen 80;
server_name MY_SERVER_DNS;
location / {
include proxy_params;
proxy_pass http://unix:/home/ubuntu/flaskapp_dev/my_project/project.sock;
}
}
A check of the Nginx error logs shows that it's getting a Permission denied error attempting to connect to my project.sock:
2018/02/23 17:26:46 [crit] 10822#10822: *4 connect() to unix:/home/ubuntu/myproject/myproject/myproject.sock failed
(13: Permission denied) while connecting to upstream,
client: CLIENT_IP, server: MY_SERVER_DNS,
request: "GET / HTTP/1.1",
upstream: "http://unix:/home/ubuntu/myproject/myproject/project.sock:/", host: "MY_SERVER_DNS"
I know there's been plenty of SO posts on this question, but I'm noticing that most of them revolve around uwsgi, which I'm not using here. I suspect that it's obviously a permission issue, so I tried chmod 711 /home/ubuntu/myproject/project and restarting nginx, but that results in the same 502 Bad Gateway error.
The closest SO post to my issue appears to be this one, but it has no answers or comments.
This is just a permissions issue. Nginx that's running under one user cannot get access to unix socket that's owned by another user. I recommend to run nginx server and gunicorn under the same user so unix socket created by gunicron will be accessed by nginx without any problems. chmod 777 is a temporal solution that can show that there is only permission issue if after executing this command the described problem has gone, but it's better to initially run nginx and gunicorn under the same user. Also it's better to specify full path to unix socket to avoid "no such file or directory" possible issue: gunicorn --workers 3 --bind <full_path_to_unix_socket_to_be_created>
Related
I'm deploying my Djano application on a VPS and I'm following the steps in the below link to configure my app with Gunicorn and Nginx.
How To Set Up Django with Postgres, Nginx, and Gunicorn on Ubuntu 16.04
Everything went well with the tutorial (gunicorn and nginx are running) but the issue is that when Im' visiting the VPS through the static IP its showing a white screen that is always reloading.
After checking nginx log I found the following:
(13: Permission denied) while connecting to upstream, client: <client_ip>, server: <server_ip>, request: "GET / HTTP/1.1, upstream: "http://unix:/root/myproject/myproject.sock:/", host: "<server_ip>", referrer: "http://<server_ip>/"
After searching for roughly 7 hours, I was finally able to find a solution to this issue in the Nginx forum:
Nginx connet to .sock failed (13:Permission denied) - 502 bad gateway
What I simply did was changing the name of the user on the first line in /etc/nginx/nginx.conf file.
In my case the default user was www-data and I changed it to my root machine username.
In the top of nginx.conf file is a user name (user nginx;). just add this user in same group that your site or project is. www-data or any is yours. sorry for english.
I am using post request to load a big amount of data from user input (textarea) to the database(18k lines)
And I get the 502 Bad Gateway error
When I print sudo nano /var/log/nginx/error.log
I get this:
2018/09/06 10:21:04 [alert] 19688#19688: *3 open socket #22 left in connection 4
2018/09/06 10:21:04 [alert] 19688#19688: aborting
2018/09/06 11:04:32 [error] 20076#20076: *14 upstream prematurely closed connection while reading response header from upstream, client: 95.1$
This is only on my production server (nginx + gunicorn + postgres), on my dev server it works great.
What do I do?
I have also
Increasing timeout in gunicorn helped to solve the issue
I'm trying to put my django app online on a VPS. I tried following several different tutorials but I could not get it to work...
WHAT I'VE ACHIEVED ALREADY :
I got DJANGO's DevServ running on my VPS and I was able to browse my app using the VPS' IP address (the static files didn't correctly show up, error 404 104, and I only saw the HTML content without background/css or anything else).
I got NGINX running on my VPS and I was able to browse to its' default homepage (gunicorn was running at the time but the requests didn't get properly forwarded from NGINX to GUNICORN I believe).
I got GUNICORN running my app on my VPS with the command below.
Here's how I launch GUNICORN :
gunicorn MySite.wsgi:application
[2017-03-12 08:54:47 +0000] [1054] [INFO] Starting gunicorn 19.7.0
[2017-03-12 08:54:47 +0000] [1054] [INFO] Listening at: http://127.0.0.1:8000 (1054)
[2017-03-12 08:54:47 +0000] [1054] [INFO] Using worker: sync
[2017-03-12 08:54:47 +0000] [1059] [INFO] Booting worker with pid: 1059
And here is my NGINX configuration file which I named to match my domain name without the ".eu" (even though right now I'm trying to get it to work with the actual IP address, could this be the issue ?). I placed it in "/etc/nginx/sites-available" and made a symlink to the file in "/etc/nginx/sites-enabled" just like the tutorials said to:
#IP has been added to ALLOWED_HOSTS in settings.py
server {
listen 80;
server_name xxx.xxx.xx.xx;
charset utf-8;
access_log /var/log/nginx/MySite.access.log;
error_log /var/log/nginx/MySite.error.log;
#/static/ location as per my configuration and after running "manage.py collectstatic"
location /static/ {
alias /home/EveSite/static/;
}
# Forward HTTP requests to GUNICORN
location / {
proxy_pass http://127.0.0.1:8000;
}
}
I'm also having trouble linking my domain name to my VPS' IP but I will leave that for another question.
According to the tutorials I read, everything should be working now but I can only see NGINX's default homepage, no sign of my Django app altho GUNICORN says it is running.
Is there anything I am doing wrong here ? I know I'm probably missing something obvious.
Ok. I'm at the end of my rope here. I had this working, then I'm not sure if it was just coincidence but I set up VNC on the server and it stopped working (followed this tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-vnc-on-ubuntu-14-04)
I've got a Django project through Digital Ocean. I followed their tutorial found here: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-14-04
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
cat /var/log/nginx/error.log
015/05/04 22:03:33 [crit] 6399#0: *3 connect() to unix:/path/to/project.sock failed (13: Permission denied) while connecting to upstream, client: ipaddress, server: myproject.com, request: "GET / HTTP/1.1", upstream: "http://unix:/path/to/project.sock:/", host: "myproject.com"
ls -lh ~/myproject
srwxrwxrwx 1 myusername www-data 0 Apr 1 12:37 myproject.sock
I've been scouring all over but I can't find anything that quite matches what my problem seems to be, even though I have a feeling it's just a silly permission thing that got changed somehow.
If there's anything not clear enough above please ask me to elaborate.
I think you made mistake with sock file in your nginx conf file:
proxy_pass http://unix:/home/user/myproject/myproject.sock;
As showed in error log nginx tries to open /path/to/project.sock file. Change it to /home/username/myproject/myproject.sock
I've been struggling with this problem for two days without success. I've created an instance of the default Django (1.6.1) app called "testdj", installed it on an Amazon AWS EC2 t1.micro instance running Ubuntu Server 13.10, and I'm trying to reach the default Django "It worked!" page via Gunicorn (v. 18). When I start gunicorn from the command line:
gunicorn testdj.wsgi:application --bind [ec2-public-dns]:8001
I can see the page when I enter this URL:
http://[ec2-public-dns]:8001
However, if I use a "start-gunicorn" bash script I created after reading Karzynski's blogpost "Setting Up Django with Nginx, Gunicorn, virtualenv, supervisor, and PostgreSQL", I always get an error. When I enter this URL...
http://[ec2-public-dns]
... I get this error:
Error 502 - Bad Request
The server could not resolve your request for uri: http://[ec2-public-dns]
Here is the start-gunicorn script:
#!/bin/bash
NAME="testdj"
DJANGODIR=/usr/share/nginx/html/testdj
SOCKFILE=/usr/share/nginx/html/testdj/run/gunicorn.sock
USER=testdj
GROUP=testdj
NUM_WORKERS=3
DJANGO_SETTINGS_MODULE=testdj.settings
DJANGO_WSGI_MODULE=testdj.wsgi
WORKON_HOME=/home/testdj/venv
source `which virtualenvwrapper.sh`
workon $NAME
export DJANGO_SETTINGS_MODULE=$DJANGO_SETTINGS_MODULE
export PYTHONPATH=$DJANGO_DIR:$PYTHONPATH
RUNDIR=$(dirname $SOCKFILE)
test -d $RUNDIR || mkdir -p $RUNDIR
exec gunicorn ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--user=$USER --group=$GROUP \
--access-logfile /tmp/gunicorn-access.log \
--error-logfile /tmp/gunicorn-error.log \
--log-level=debug \
--bind=unix:$SOCKFILE
As you can see, I've created a special account on my server called "testdj" to run the app under. I'm running my Django app in a virtual environment. I haven't changed the Django wsgi.py file at all. As I eventually want to use nginx as my reverse proxy, I've installed nginx and put the Django app in nginx's default root directory /usr/share/nginx/html. User/group www-data owns /usr/share/nginx and everything below except that user/group "testdj" owns /usr/share/nginx/html/testdj and everything below it. /usr/share/nginx/html/testdj and all its subdirectories have perms 775 and I've added www-data to the testdj group.
I do have nginx installed but I don't have the nginx service running. I did try starting it up and enabling an nginx virtual server using the following configuration file but the error still occurred.
upstream testdj_app_server {
server unix:/usr/share/nginx/html/testdj/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name ec2-[my-public-dns-ip].us-west-2.compute.amazonaws.com;
client_max_body_size 4G;
access_log /var/log/nginx/testdj-access.log;
error_log /var/log/nginx/testdj-error.log;
location /static/ {
alias /usr/share/nginx/html/testdj/static/;
}
location /media/ {
alias /usr/share/nginx/html/testdj/media/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
# This must match "upstream" directive above
proxy_pass http://testdj_app_server;
break;
}
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /usr/share/nginx/html/testdj/static/;
}
}
The problem seems to be with gunicorn because if I replace the "--bind=unix:$SOCKFILE" in my start-gunicorn script with "--bind --[ec2-public-dns]:8000", I can see the Django default page. However, I don't want to bind to my public DNS name on port 8000, I want to run on port 80 and use nginx as my front end reverse proxy.
I initially had AWS inbound security group rules that limited access to the site to HTTP on ports 80, 8000, and 8001 to my laptop but even if I delete these rules and leave the site wide open, I still get the 502 error message.
My gunicorn access log doesn't show any activity and the only thing I see in the gunicorn error log is gunicorn starting up. When I access the default Django page, there are no errors in the error log:
2014-02-03 18:41:01 [19023] [INFO] Starting gunicorn 18.0
2014-02-03 18:41:01 [19023] [DEBUG] Arbiter booted
2014-02-03 18:41:01 [19023] [INFO] Listening at: unix:/usr/share/nginx/html/testdj/run/gunicorn.sock (19023)
2014-02-03 18:41:01 [19023] [INFO] Using worker: sync
2014-02-03 18:41:01 [19068] [INFO] Booting worker with pid: 19068
2014-02-03 18:41:01 [19069] [INFO] Booting worker with pid: 19069
2014-02-03 18:41:01 [19070] [INFO] Booting worker with pid: 19070
Does anyone know what's happening here? It doesn't look like I'm even getting to gunicorn. I apologize for the long post but there seems to be a lot of "moving parts" to this problem. I'd be very grateful for any help as I've tried many different things but all to no avail. I've also looked at other questions here where other people had similar problems but I didn't see anything pertinent to this problem. Thanks!
I repeated my configuration process line-for-line on my Linode server and had no problems at all. I have to assume that this problem has something to do with the way AWS EC2 instances are configured, probably with respect to security.
I was running into the same problem today. Daniel Roseman explained it to me in the comments here:
port 8000 is not open to the outside by default; you'd either need to
fiddle with your load balancer/firewall settings to open it, or run
gunicorn on port 80 (which will mean killing nginx and starting
gunicorn as the superuser). Much easier to just get the nginx settings
right; there is a perfectly usable configuration on the gunicorn
deploy docs page.
It seems it's possible to run Gunicorn directly, but EC2 isn't set up to do so by default.