Hi~ I'm deploying a website in CentOS 6.5. The framework is django1.7. I use nginx and uwsgi.
The website is now available except 403 Forbidden for all static files.
I have googled a few hours, and have changed the whole site folder as chmod 777. The owner of folder is kltc, and user in nginx.conf is also kltc.
I have no idea why the problem is still Permission denied.
nginx.conf
user kltc;
worker_processes 1;
kuaileticao.miyayx.me
server {
# the port your site will be served on
listen 80;
# the domain name it will serve for
server_name kuaileticao.miyayx.me; # substitute your machine's IP address or FQDN
charset utf-8;
access_log /srv/www/nginx/kuaileticao.miyayx.me/access.log;
error_log /srv/www/nginx/kuaileticao.miyayx.me/error.log;
location /static {
autoindex on;
alias /home/kltc/Project/sunny_sports/sunny_sports/static;
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass 127.0.0.1:8001;
include uwsgi_params; # the uwsgi_params file you installed
}
}
uwsgi.ini
[uwsgi]
# the base directory (full path)
chdir=/home/kltc/Project/sunny_sports
# Django's wsgi file
module=sunny_sports.wsgi:application
master=true
# maximum number of worker processes
processes=10
# the socket (use the full path to be safe
socket=127.0.0.1:8001
chmod-socket=664
chown-socket=kltc:kltc
pidfile=/tmp/project-master.pid
# clear environment on exit
vacuum=true
max-requests=5000
daemonize=sunny_sports.uwsgi.log
error.log
[error] 34335#0: *73 open() "/home/kltc/Project/sunny_sports/sunny_sports/static/css/font-awesome.min.css" failed (13: Permission denied), client: 157.7.154.194, server: kuaileticao.miyayx.me, request: "GET /static/css/font-awesome.min.css HTTP/1.1", host: "kuaileticao.miyayx.me", referrer: "http://kuaileticao.miyayx.me/"
[kltc#localhost static]$ pwd
/home/kltc/Project/sunny_sports/sunny_sports/static
[kltc#localhost static]$ ls -l
total 32
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 avatars
4 drwxrwxrwx. 7 kltc kltc 4096 Feb 25 18:51 css
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 custom
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 font
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 fonts
4 drwxrwxrwx. 3 kltc kltc 4096 Feb 25 18:51 images
4 drwxrwxrwx. 2 kltc kltc 4096 Feb 25 18:51 img
4 drwxrwxrwx. 10 kltc kltc 4096 Feb 26 08:18 js
>
[kltc#localhost static]$ ps -aux | grep nginx
root 37444 0.0 0.0 110008 2048 ? Ss 09:02 0:00 nginx: master process /usr/sbin/nginx
kltc 37445 0.0 0.0 112548 3700 ? S 09:02 0:00 nginx: worker process
I have tried several methods. Such as, change the nginx.conf user to root. But none of them worked.
Hope for your help. Thank you!
Make sure that you chown parent directory of your project (/home) to be readable by the nginx worker.
chown -R kltc:kltc /home
chmod -R ug+r /home
Make sure that you have the STATIC_ROOT declared in your settings file.
Also, try running python manage.py collectstatic --noinputbefore running the server.
Hope that works!
Related
Please I have been stocked for days now trying to clear the error in my browser console (403 net::ERR_ABORTED 403 (Forbidden)) and my static files is not been severed. Nginx Ubuntu
go to this directory Open nginx.conf
then change this user to value as shown in this picture
I had this issue got it fixed by this. maybe it helps. user ubuntu
cd /var/www/html/ then ls -la to see permission
total 12
drwxr-xr-x 2 root root 4096 Sep 22 23:14 .
drwxr-xr-x 3 root root 4096 Sep 22 23:14 ..
-rw-r--r-- 1 root root 612 Sep 22 23:14 index.nginx-debian.html
I noticed that .html has no -x permission I gave it a permission with this commands
find /var/www/html/ -type d -exec chmod 755 {} ;
find /var/www/html/ -type f -exec chmod 644 {} ;
then la -la
total 12
drwxr-xr-x 3 root root 4096 Sep 22 23:14 .
drwxr-xr-x 14 root root 4096 Sep 22 23:14 ..
drwxr-xr-x 2 root root 4096 Sep 22 23:14 html
now html has -x permission
sudo systemctl daemon-reload
sudo systemctl restart gunicorn
sudo systemctl restart nginx. This help fixed my problem and also big Thanks to hemal-patel changed my user too
I am deploying a django app in a VPS (debian 9) using Nginx and gunicorn service. Everything works as expected but images uploaded by the user in media file are not displayed, 404 (not found). When I use Debug=True images are displayed, Static file works correctly in development and production.
To run this app I have created a webuser without sudo rights and a group called webapps. Since it seems that nginx can't see the media I have changed the group to www-data, but still, it doesn't work. There is a similar issue here but without an accepted answer. Any help will be much appreciated.
Bellow some important configurations:
(web_env) webuser#:~/web_project$ ls -la
total 72
drwxrwxr-x 10 webuser www-data 4096 Jun 11 20:30 .
drwxr-xr-x 3 webuser webapps 4096 Jun 10 17:15 ..
drwxr-xr-x 6 webuser webapps 4096 Jun 10 17:15 blog
-rw-r--r-- 1 webuser webapps 655 Jun 10 17:15 environment.yaml
drwxr-xr-x 2 webuser webapps 4096 Jun 10 17:15 .idea
drwxr-xr-x 2 webuser webuser 4096 Jun 11 17:28 logs
-rwxr-xr-x 1 webuser webapps 631 Jun 10 17:15 manage.py
drwxrwxr-x 3 webuser www-data 4096 Jun 10 17:15 media
-rw-r--r-- 1 webuser webapps 14417 Jun 10 17:15 posts.json
-rw-r--r-- 1 webuser webapps 229 Jun 10 17:15 README.md
-rw-r--r-- 1 webuser webapps 161 Jun 10 17:15 requirements.txt
drwxrwxr-x 2 webuser www-data 4096 Jun 19 13:47 run
drwxrwxr-x 4 webuser www-data 4096 Jun 11 16:31 static
drwxr-xr-x 5 webuser webapps 4096 Jun 16 12:12 users
drwxr-xr-x 3 webuser webapps 4096 Jun 19 15:52 web_project
Gunicorn service in /etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=webuser
Group=www-data
WorkingDirectory=/home/webuser/DjangoProjects/web_project
ExecStart=/home/webuser/.conda/envs/web_env/bin/gunicorn \
--access-logfile - \
--workers 3 \
--bind
unix:/home/webuser/DjangoProjects/web_project/run/gunicorn.soc$
web_project.wsgi:application
[Install]
WantedBy=multi-user.target
My nginx configuration
server {
listen 80;
server_name mysite.com;
client_max_body_size 100M; #to have space to load images
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name mysite.com www.mysitet;
client_max_body_size 100M; #to have space to load images
ssl on;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
location /static/ {
autoindex on;
alias /home/webuser/DjangoProject/web_project/static/;
}
location /media/ {
autoindex on;
alias /home/webuser/DjangoProject/web_project/media/;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/webuser/DjangoProjects/web_project/run/gunicorn.sock;
}
}
Some parts of my settings.py
import os
import json
with open('/etc/config.json') as config_file:
config = json.load(config_file)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
SECRET_KEY = config['SECRET_KEY']
DEBUG = False
ALLOWED_HOSTS = ['mysite.com', '198.XX.XX.XXX']
INSTALLED_APPS = [
'blog.apps.BlogConfig',
'users.apps.UsersConfig',
'crispy_forms',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
]
ROOT_URLCONF = 'web_project.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [
''
],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'web_project.wsgi.application'
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'dbname',
'USER': 'webuser',
'PASSWORD': 'dbpassword',
'HOST': 'localhost',
'PORT': '',
}
}
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
STATIC_URL = '/static/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
MEDIA_URL = '/media/'
in urls.py I have added
urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
Of course after each change I use to run
sudo systemctl restart nginx
sudo pkill gunicorn
sudo systemctl daemon-reload
sudoo systemctl start gunicorn
EDITED
/var/logs/nginx
2019/06/19 20:17:13 [error] 17420#17420: *53 open() "/home/webuser/DjangoProject/web_project/media/profile_pics/StackOverFlowPicture_TL8URPF.png" failed (2: No such file or directory), client: 109.132.181.209, server: example.com, request: "GET /media/profile_pics/StackOverFlowPicture_TL8URPF.png HTTP/1.1", host: "example.com", referrer: "https://example.com/"
2019/06/19 20:17:17 [error] 17420#17420: *53 open() "/home/webuser/DjangoProject/web_project/media/default.jpg" failed (2: No such file or directory), client: 109.132.181.209, server: example.com, request: "GET /media/default.jpg HTTP/1.1", host: "example.com", referrer: "https://example.com/profile/"
the original picture is StackOverFlowPicture.png but know I have another picture
webuser#:~/DjangoProjects/web_project/media/profile_pics$ ls
StackOverFlowPicture.png StackOverFlowPicture_TL8URPF.png
Thanks to Ivan Starostin who remarked my typo error DjangoProjects != DjangoProject and my last log error
2019/06/20 11:06:46 [error] 22983#22983: *1 open() "/home/webuser/DjangoProjects/web_project/media/media/profile_pics/StackOverFlowPicture_TL8URPF.png" failed (2: No such file or directory), client: 109.132.217.176, server: example.com, request: "GET /media/profile_pics/StackOverFlowPicture_TL8URPF.png HTTP/1.1", host: "example.com", referrer: "https://example.com/"
I have solved the problem by changing
location /media/ {
autoindex on;
alias /home/webuser/DjangoProject/web_project/media/;
}
to
location /media/ {
autoindex on;
alias /home/webuser/DjangoProject/web_project;
}
And now the pictures are loaded. Thanks for your help!
I followed this tutorial : http://michal.karzynski.pl/blog/2013/06/09/django-nginx-gunicorn-virtualenv-supervisor/
My directory structure is quite the same:
-rw-r--r-- 1 django webapps 0 Nov 30 15:58 access.log
drwxr-xr-x 3 django webapps 4096 Nov 30 17:27 bin
-rw-r--r-- 1 django webapps 6450 Nov 30 15:58 error.log
drwxr-xr-x 2 django webapps 4096 Nov 30 15:58 gunicorn
drwxr-xr-x 2 django webapps 4096 Nov 30 16:10 include
drwxr-xr-x 3 django webapps 4096 Nov 30 16:10 lib
lrwxrwxrwx 1 django webapps 3 Nov 30 16:10 lib64 -> lib
drwxr-xr-x 2 django webapps 4096 Nov 30 17:12 logs
drwxr-xr-x 5 django webapps 4096 Nov 30 13:36 narcisse
-rw-r--r-- 1 django webapps 59 Nov 30 16:11 pip-selfcheck.json
-rw-r--r-- 1 django webapps 75 Nov 30 16:10 pyvenv.cfg
-rw-r--r-- 1 django webapps 85 Nov 30 15:50 README.md
drwxrwxrwx 2 django webapps 4096 Nov 30 17:51 run
I have a /etc/supervisor/conf.d/filename that looks like this:
[program:site]
command = /var/www/site/bin/gunicorn_start -user=django
user = django
stdout_logfile = /var/www/site/logs/gunicorn_supervisor.log
redirect_stderr = true
My gunicorn_start is located inside /var/www/site/bin ()and looks like this:
NAME="api"
DJANGODIR=/var/www/site/site
SOCKFILE=/var/www/site/run/gunicorn.sock
USER=django
GROUP=webapps
NUM_WORKERS=3
DJANGO_SETTINGS_MODULE=api.settings
DJANGO_WSGI_MODULE=api.wsgi
echo "Starting $NAME as `whoami`"
# Activate the virtual environment
cd $DJANGODIR
source ../bin/activate
export DJANGO_SETTINGS_MODULE=$DJANGO_SETTINGS_MODULE
export PYTHONPATH=$DJANGODIR:$PYTHONPATH
# Create the run directory if it doesn't exist
RUNDIR=$(dirname $SOCKFILE)
test -d $RUNDIR || mkdir -p $RUNDIR
# Start your Django Unicorn
exec ../bin/gunicorn ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--user=$USER --group=$GROUP \
--bind=unix:$SOCKFILE \
--log-level=debug \
--log-file=-
And finally the nginx conf file:
upstream your-gunicorn {
server unix:/var/www/site/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80 default;
client_max_body_size 4G;
server_name <ip_address>;
keepalive_timeout 70;
access_log /var/log/nginx/site.access_log;
error_log /var/log/nginx/site.error_log;
root /var/www/site/;
location /static/ {
autoindex on;
alias /var/www/site/site/static/;
expires 1M;
access_log off;
add_header Cache-Control "public";
proxy_ignore_headers "Set-Cookie";
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1;
}
location / {
try_files $uri #proxy_to_app;
}
}
I have the feeling I have tried every keyboard combinations. Cannot find what is wrong.
I keep getting this Operation Not permitted error inside gunicorn logs right after it starts.
Here is the full output:
[2018-11-30 17:49:28 +0000] [13849] [INFO] Starting gunicorn 19.9.0
[2018-11-30 17:49:28 +0000] [13849] [DEBUG] Arbiter booted
[2018-11-30 17:49:28 +0000] [13849] [INFO] Listening at: unix:/var/www/site/run/gunicorn.sock (13849)
[2018-11-30 17:49:28 +0000] [13849] [INFO] Using worker: sync
[2018-11-30 17:49:28 +0000] [13923] [INFO] Booting worker with pid: 13923
[2018-11-30 17:49:28 +0000] [13923] [ERROR] Exception in worker process
Traceback (most recent call last):
File "/var/www/site/lib/python3.6/site-packages/gunicorn/arbiter.py", line 583, in spawn_worker
worker.init_process()
File "/var/www/site/lib/python3.6/site-packages/gunicorn/workers/base.py", line 93, in init_process
initgroups=self.cfg.initgroups)
File "/var/www/site/lib/python3.6/site-packages/gunicorn/util.py", line 165, in set_owner_process
os.setgid(gid)
PermissionError: [Errno 1] Operation not permitted
Thank you for your help.
Julien
So, with the help of Haken Lid, I managed to fix my architecture.
Here is what I did:
Fixed nginx configuration file
upstream your-gunicorn {
server unix:/var/www/site/run/gunicorn.sock fail_timeout=0;
}
Changed to:
upstream gunicorn_upstream {
server unix:/var/www/site/run/gunicorn.sock fail_timeout=0;
}
And:
proxy_pass http://127.0.0.1;
Changed to:
proxy_pass http://gunicorn_upstream;
Fixed gunistart_start file
Last line changed from:
exec ../bin/gunicorn ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--user=$USER --group=$GROUP \
--bind=unix:$SOCKFILE \
--log-level=debug \
--log-file=-
To:
exec ../bin/gunicorn ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--bind=unix:$SOCKFILE \
--log-level=debug \
--log-file=-
One of the error I made was actually quite silly because I commented the:
--user=$USER --group=$GROUP
of the line and this behave like the rest of the line was commented also. So basically, everything was in nginx configuration file.
Now fixed. Thanks
Julien
I have gotta my project setup with uwsgi, django, nginx Everything seems to be working fine but somehow I keep on getting the error on getting static files I have been reading through online and tried all the possible ways but I keep on getting this permission denied error on my static folder.
Can someone please let me know what I have done wrong with the permission and how I should change it?
this is my /var/log/nginx/error.log
open() "/root/project/static/*.css" failed (13: Permission denied), client: 2xx.xx.xx.xxx, server: _, request: "GET /static/*.css HTTP/1.1", host: "1xx.xx.xx.xxx"
This is my nginx site-available config
server {
listen 80 default_server;
listen [::]:80 default_server;
# root /var/www/html;
# Add index.php to the list if you are using PHP
# index index.html index.htm index.nginx-debian.html;
server_name _;
#location = /favicon.ico { access_log off; log_not_found off; }
#location /media {
# root /root/project/mediafiles;
#}
location ^~ /static/ {
allow all; # this is from one of the posts but no luck
auth_basic off; # this is from one of the posts but no luck
root /root/project;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi/project.sock;
}
}
as my folder permission
for project folder it's drwxr-xr-x 23 www-data www-data
for static folder it's drwxr-x--- 8 www-data www-data 4096 May 23 14:40 static
I never made the permission to static 755 too but no luck.
Anyways, this is using root as user instead of having an extra user and root is also in group of www-data
Thanks in advance for all the help.
EDIT:
As suggested this is the output of ps aux | grep nginx
root 810 0.0 0.0 124972 1440 ? Ss 02:18 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 811 0.0 0.0 125688 4840 ? S 02:18 0:00 nginx: worker process
www-data 812 0.0 0.0 125348 3196 ? S 02:18 0:00 nginx: worker process
root 1159 0.0 0.0 14224 1004 pts/0 S+ 04:25 0:00 grep --color=auto nginx
The problem I am guessing is the fact that your project root directory is at /root. The default permissions for /root are:
drwx------ 14 root root 4096 May 8 12:47 root
As you can see, other users, such as www-data don't even have read access to the /root directory. In Linux FS, if you need to read something at a path/a/b/c, you need to have read access to each of the folders in that path.
The Nginx worker process runs as user www-data which is trying to open a file that is rooted at /root where this user does not have read permissions, and therefore raising a Permission denied (13).
See this demo for more detail:
$ cat /root/test2/text.txt
cat: /root/test2/text.txt: Permission denied
$ sudo cat /root/test2/test.txt
A
$ sudo ls -la /root/ | grep test2
drwxrwxrwx 2 root root 4096 May 24 02:04 test2
Hope this makes sense. The solution would be on of the following:
Run nginx workers as root (not recommended)
Move your project directory to a location that is designed to be accessed by multiple users such as /usr/local/share or /var/www/ (recommended)
I have the same problem. My nginx server on Centos 7.6 can't access to static folder in path /home/user/app/mysyte/static/. In /var/log/nginx/error.log same error open() "/home/user/app/mysyte/static/*.css" failed (13: Permission denied)
For solving this problem look at this page issue 2
i was running into the same problem and i found this answer useful!
Nginx connet to .sock failed (13:Permission denied) - 502 bad gateway
What I simply did was changing the name of the user on the first line in /etc/nginx/nginx.conf file.
In my case the default user was www-data and I changed it to my root machine username.
I have a project running with NGINX and Django via ajenti. Unfortunately i am not able to traverse the static directory. I have set index on and tried to traverse it manually but i am stuck in the same directory.
NGINX config:
server {
listen *:80 default_server;
server_name testsite.com;
access_log /var/log/nginx/testsite.access.log;
error_log /var/log/nginx/testsite.error.log;
root /var/www/servers/testsite.com/testsite;
index index.html index.htm index.php;
location / {
proxy_pass http://unix:/var/run/ajenti-v-gunicorn-testsite-python-wsgi-0.sock;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /static/ {
alias /var/www/servers/testsite.com/testsite/public/static/;
autoindex on;
}
}
gunicorn processes:
root 2829 0.9 2.4 57896 12312 ? S 13:25 0:00 /var/www/servers/testsite.com/env/bin/python /var/www/servers/testsite.com/env/bin/gunicorn -c /etc/gunicorn.ajenti.d//testsite_python_wsgi_0.py testsite.wsgi
www-data 2842 2.1 5.0 83572 25928 ? S 13:25 0:00 /var/www/servers/testsite.com/env/bin/python /var/www/servers/testsite.com/env/bin/gunicorn -c /etc/gunicorn.ajenti.d//testsite_python_wsgi_0.py testsite.wsgi
www-data 2849 1.9 4.7 82056 24208 ? S 13:25 0:00 /var/www/servers/testsite.com/env/bin/python /var/www/servers/testsite.com/env/bin/gunicorn -c /etc/gunicorn.ajenti.d//testsite_python_wsgi_0.py testsite.wsgi
www-data 2858 1.8 4.7 82064 24212 ? S 13:25 0:00 /var/www/servers/testsite.com/env/bin/python /var/www/servers/testsite.com/env/bin/gunicorn -c /etc/gunicorn.ajenti.d//testsite_python_wsgi_0.py testsite.wsgi
NGINX processes:
ps -ef | grep nginx
root 29364 1 0 11:40 ? 00:00:00 nginx: master process /usr/sbin/nginx
www-data 29365 29364 0 11:40 ? 00:00:00 nginx: worker process
root 29378 26678 0 11:43 pts/0 00:00:00 grep nginx
Directory permission:
ls -ls
total 52
36 -rwxrwxrwx 1 www-data www-data 36864 Apr 10 10:58 db.sqlite3
4 -rwxrwxrwx 1 www-data www-data 250 Apr 10 10:58 manage.py
4 drwxrwxrwx 3 www-data www-data 4096 Apr 10 10:59 public
4 drwxrwxrwx 2 www-data www-data 4096 Apr 10 11:29 testsite
4 -rwxrwxrwx 1 www-data www-data 169 Apr 10 11:08 testsite.wsgi
Image showing that its impossible to traverse the directory.
Try including this in your urls.py file:
admin_media_path = os.path.join(django.__path__[0], 'contrib', 'admin', 'static', 'admin')
urlpatterns = patterns('',
url(r'^static/admin/(?P<path>.*)$', 'django.views.static.serve', {
'document_root': admin_media_path,
}),
)
This should do the trick.