wsgi nginx error: permission denied while connecting to upstream

April 26, 2015 11.9k views
Nginx Python

I'm getting a 502 bad gateway on nginx, and the following on the logs: connect() to ...myproject.sock failed (13: Permission denied) while connecting to upstream

I'm running wsgi and nginx on ubuntu, and I've been following this guide from Digital Ocean. I apparently configured wsgi correctly since uwsgi -s myproject.sock --http --module app --callable app worked, but I keep getting the nginx permission denied error and I have no idea why:

After coming across this question and this other one, I changed the .ini file and added the chown-socket, chmod-socket, uid and gid parameters (also tried just setting the first two, either or, and a couple of different permission settings --and even the most permissive didn't work).

This one seemed promising, but I don't believe selinux is installed on my Ubuntu (running sudo apt-get remove selinux gives "Package 'selinux' is not installed, so not removed" and find / -name "selinux" doesn't show anything). Just in case, though, I tried what this post recommended as well. Uninstalling apparmor (sudo apt-get install apparmor) didn't work either.

Every time I make a change, I run sudo service nginx restart, but I only see the 502 Gateway Error (and the permission denied error when I read the logs).

This is is my nginx configuration file:

server {
    listen 80;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/home/user/myproject/web_server/myproject.sock;

.conf file:

description "uWSGI server instance configured to serve myproject"

start on runlevel [2345]
stop on runlevel [!2345]

setuid user
setgid www-data

env PATH=/root/.virtualenvs/my-env/bin
chdir /home/user/myproject/web_server
exec uwsgi --ini /home/user/myproject/web_server/myproject.ini

.ini file:

module = wsgi

master = true
processes = 5

socket = /home/user/myproject/web_server/myproject.sock
chmod-socket = 664
uid = www-data
gid = www-data

vacuum = true
die-on-term = true

Since nginx seems to run on www-data, I tried to change the directories within /home/user/ to be owned by www-data:www-data using chown, but that hasn't worked either.

(If it helps, these are the specs of my Digital Ocean machine: Linux 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x8664 x8664 x86_64 GNU/Linux)

Please let me know if there's anything I can do, and thank you very much.

1 Answer

This question was answered by @devpledge:

chmod-socket = 664

change it to chmod-socket = 666

You can see the comment here.

  • it doesn't work, there's another comment elsewhere by someone saying to change it to 660 and that doesn't work too

Have another answer? Share your knowledge.