wsgi nginx error: permission denied while connecting to upstream

Question

I’m getting a 502 bad gateway on nginx, and the following on the logs: connect() to …myproject.sock failed (13: Permission denied) while connecting to upstream

I’m running wsgi and nginx on ubuntu, and I’ve been following this guide from Digital Ocean. I apparently configured wsgi correctly since uwsgi -s myproject.sock --http 0.0.0.0:8000 --module app --callable app worked, but I keep getting the nginx permission denied error and I have no idea why:

After coming across this question and this other one, I changed the .ini file and added the chown-socket, chmod-socket, uid and gid parameters (also tried just setting the first two, either or, and a couple of different permission settings --and even the most permissive didn’t work).

This one seemed promising, but I don’t believe selinux is installed on my Ubuntu (running sudo apt-get remove selinux gives “Package ‘selinux’ is not installed, so not removed” and find / -name “selinux” doesn’t show anything). Just in case, though, I tried what this post recommended as well. Uninstalling apparmor (sudo apt-get install apparmor) didn’t work either.

Every time I make a change, I run sudo service nginx restart, but I only see the 502 Gateway Error (and the permission denied error when I read the logs).

This is is my nginx configuration file:

server {
    listen 80;
    server_name 104.131.110.156;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/home/user/myproject/web_server/myproject.sock;
    }
}

.conf file:

description "uWSGI server instance configured to serve myproject"

start on runlevel [2345]
stop on runlevel [!2345]

setuid user
setgid www-data

env PATH=/root/.virtualenvs/my-env/bin
chdir /home/user/myproject/web_server
exec uwsgi --ini /home/user/myproject/web_server/myproject.ini

.ini file:

[uwsgi]
module = wsgi

master = true
processes = 5

socket = /home/user/myproject/web_server/myproject.sock
chown-socket=www-data:www-data
chmod-socket = 664
uid = www-data
gid = www-data

vacuum = true
die-on-term = true

Since nginx seems to run on www-data, I tried to change the directories within /home/user/ to be owned by www-data:www-data using chown, but that hasn’t worked either.

(If it helps, these are the specs of my Digital Ocean machine: Linux 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux)

Please let me know if there’s anything I can do, and thank you very much.

Aalmain · Answer

I had the same issue. What I found is that “SELinux” was blocking nginx from using the socket. If SELinux is enabled you can check the status (which should look similar to below):

[root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted

You can add a NGINX SELinux policy or just disable SELinux to get around the issue.

I hope this helps.

Bhuvaneshwari S · Answer

Me too have the same issue. Could some one help me out it.

2017/06/09 12:50:48 [crit] 7925#7925: *12 connect() to unix:/home/user/firstsite/firstsite.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: firstsite.com, request: “GET / HTTP/1.1”, upstream: “uwsgi://unix:/home/user/firstsite/firstsite.sock:”, host: “firstsite.com”

Brook Shelley · Answer

This question was answered by @devpledge : chmod-socket = 664 change it to chmod-socket = 666 You can see the comment here .

Report this

wsgi nginx error: permission denied while connecting to upstream

Become a contributor for community

DigitalOcean Documentation

Resources for startups and SMBs

Get our newsletter

The developer cloud

Get started for free