Question

wsgi nginx error: permission denied while connecting to upstream

I’m getting a 502 bad gateway on nginx, and the following on the logs: connect() to …myproject.sock failed (13: Permission denied) while connecting to upstream

I’m running wsgi and nginx on ubuntu, and I’ve been following this guide from Digital Ocean. I apparently configured wsgi correctly since uwsgi -s myproject.sock --http 0.0.0.0:8000 --module app --callable app worked, but I keep getting the nginx permission denied error and I have no idea why:

After coming across this question and this other one, I changed the .ini file and added the chown-socket, chmod-socket, uid and gid parameters (also tried just setting the first two, either or, and a couple of different permission settings --and even the most permissive didn’t work).

This one seemed promising, but I don’t believe selinux is installed on my Ubuntu (running sudo apt-get remove selinux gives “Package ‘selinux’ is not installed, so not removed” and find / -name “selinux” doesn’t show anything). Just in case, though, I tried what this post recommended as well. Uninstalling apparmor (sudo apt-get install apparmor) didn’t work either.

Every time I make a change, I run sudo service nginx restart, but I only see the 502 Gateway Error (and the permission denied error when I read the logs).

This is is my nginx configuration file:

server {
    listen 80;
    server_name 104.131.110.156;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/home/user/myproject/web_server/myproject.sock;
    }
}

.conf file:

description "uWSGI server instance configured to serve myproject"

start on runlevel [2345]
stop on runlevel [!2345]

setuid user
setgid www-data

env PATH=/root/.virtualenvs/my-env/bin
chdir /home/user/myproject/web_server
exec uwsgi --ini /home/user/myproject/web_server/myproject.ini

.ini file:

[uwsgi]
module = wsgi

master = true
processes = 5

socket = /home/user/myproject/web_server/myproject.sock
chown-socket=www-data:www-data
chmod-socket = 664
uid = www-data
gid = www-data

vacuum = true
die-on-term = true

Since nginx seems to run on www-data, I tried to change the directories within /home/user/ to be owned by www-data:www-data using chown, but that hasn’t worked either.

(If it helps, these are the specs of my Digital Ocean machine: Linux 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux)

Please let me know if there’s anything I can do, and thank you very much.

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Check user field on the first line in nginx.conf file. By default it is www-data. Change the name to user adam in nginx.conf file if you logged in as adam.

I had the same issue. What I found is that “SELinux” was blocking nginx from using the socket. If SELinux is enabled you can check the status (which should look similar to below):

[root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted

You can add a NGINX SELinux policy or just disable SELinux to get around the issue.

I hope this helps.

Hello! I was able to solve by doing this:

$ cd /your-application-name/your-application.sock
$ sudo chmod 666 your-application.sock 

It doesn’t need to restart anything.

Hope I’ve helped. :)