wsgi nginx error: permission denied while connecting to upstream

Posted April 26, 2015 71.6k views

I’m getting a 502 bad gateway on nginx, and the following on the logs: connect() to …myproject.sock failed (13: Permission denied) while connecting to upstream

I’m running wsgi and nginx on ubuntu, and I’ve been following this guide from Digital Ocean. I apparently configured wsgi correctly since uwsgi -s myproject.sock –http –module app –callable app worked, but I keep getting the nginx permission denied error and I have no idea why:

After coming across this question and this other one, I changed the .ini file and added the chown-socket, chmod-socket, uid and gid parameters (also tried just setting the first two, either or, and a couple of different permission settings –and even the most permissive didn’t work).

This one seemed promising, but I don’t believe selinux is installed on my Ubuntu (running sudo apt-get remove selinux gives “Package ‘selinux’ is not installed, so not removed” and find / -name “selinux” doesn’t show anything). Just in case, though, I tried what this post recommended as well. Uninstalling apparmor (sudo apt-get install apparmor) didn’t work either.

Every time I make a change, I run sudo service nginx restart, but I only see the 502 Gateway Error (and the permission denied error when I read the logs).

This is is my nginx configuration file:

server {
    listen 80;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/home/user/myproject/web_server/myproject.sock;

.conf file:

description "uWSGI server instance configured to serve myproject"

start on runlevel [2345]
stop on runlevel [!2345]

setuid user
setgid www-data

env PATH=/root/.virtualenvs/my-env/bin
chdir /home/user/myproject/web_server
exec uwsgi --ini /home/user/myproject/web_server/myproject.ini

.ini file:

module = wsgi

master = true
processes = 5

socket = /home/user/myproject/web_server/myproject.sock
chmod-socket = 664
uid = www-data
gid = www-data

vacuum = true
die-on-term = true

Since nginx seems to run on www-data, I tried to change the directories within /home/user/ to be owned by www-data:www-data using chown, but that hasn’t worked either.

(If it helps, these are the specs of my Digital Ocean machine: Linux 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x8664 x8664 x86_64 GNU/Linux)

Please let me know if there’s anything I can do, and thank you very much.


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
5 answers

Hello! I was able to solve by doing this:

$ cd /your-application-name/your-application.sock
$ sudo chmod 666 your-application.sock 

It doesn’t need to restart anything.

Hope I’ve helped. :)

I had the same issue. What I found is that “SELinux” was blocking nginx from using the socket. If SELinux is enabled you can check the status (which should look similar to below):

[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted

You can add a NGINX SELinux policy or just disable SELinux to get around the issue.

I hope this helps.

  • Thanks ! I was getting the same issue and disabling selinux resolved it. Here are the steps to disable selinux:

    1. Check the status of SELinux using sestatus
    2. If it says enabled, vi into /etc/sysconfig/selinux. This is a symlink to /etc/selinux/config so modify this file in case you don’t find the above file. Terminal command: sudo vi /etc/sysconfig/selinux
    3. The file is highly self-explanatory. Just change the value of SELINUX to “disabled” – without quotes.
    4. Most important step - REBOOT!

Check user field on the first line in nginx.conf file. By default it is www-data. Change the name to user adam in nginx.conf file if you logged in as adam.

This question was answered by @devpledge:

chmod-socket = 664

change it to chmod-socket = 666

You can see the comment here.

Me too have the same issue. Could some one help me out it.

2017/06/09 12:50:48 [crit] 7925#7925: *12 connect() to unix:/home/user/firstsite/firstsite.sock failed (13: Permission denied) while connecting to upstream, client:, server:, request: “GET / HTTP/1.1”, upstream: “uwsgi://unix:/home/user/firstsite/firstsite.sock:”, host: “”