We Keep Coding

Nginx flask Gunicorn permission denied to socket file

I have this Nginx configuration file set up:
server {
listen 80;
server_name example.com www.example.com;
location /flasky {
include proxy_params;
proxy_pass http://unix:/tmp/flasky.sock;
}
}
I'm using Gunicorn to bind to the socket file while running my app. I changed the ownership of the /tmp directory to www-run:www-run but I'm still getting a permission denied error. What am I doing wrong?
Edit: Here is my Nginx.conf file. It is the default that comes loaded with Nginx when installed:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Here is the virtual host file I'm trying to use:
server {
listen 80;
server_name mywebsite.com www.mywebsite.com;
location /flasky {
include proxy_params;
proxy_pass http://127.0.0.1:8090;
}
}
And finally, the Gunicorn command I am running is:
gunicorn -b 0.0.0.0:8090 -w 2 wsgi:applicaiton

502 Bad Gateway error with python app running uwsgi and nginx (centos)

Seen this question asked but all seemed to be Ubuntu and the solutions didn't quite work for me on Centos. I have a flask app trying to run from uwsgi and am getting
2017/07/26 17:44:24 [crit] 22785#0: *7 connect() to unix:/home/myname/perm_check/index.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/home/myname/perm_check/index.sock:", host: "127.0.0.1"
(it runs fine from virtualenv to localhost:500 or localhost:8000 with wsgi as per this https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uwsgi-and-nginx-on-centos-7 tutorial.
Here are my files:
index.ini
[uwsgi]
module = wsgi
master = true
processes = 5
socket = index.sock
chmod-socket = 664
vacuum = true
die-on-term = true
index.py
from flask import Flask
app = Flask(__name__)
#app.route("/")
def check():
return "<h1 style='color:red'>Test run...</h1>"
if __name__ == "__main__":
app.run(host='0.0.0.0')
nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name 127.0.0.1;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/myname/perm_check/index.sock;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
I know I'm missing something simple somewhere but I can't for the life of me figure it out. Permissions for everything is myname:myname and I'm trying to run the uwsgi service from 127.0.0.1.

Solved it, needed to disable SELinux and restart the server

Certbot cannot reach nginx webroot running django

I'm working through https://serversforhackers.com/video/letsencrypt-for-free-easy-ssl-certificates and https://certbot.eff.org/docs/intro.html , trying to add an ssl certificate to my site. I tried:
root#server:/opt/certbot# ./certbot-auto certonly --webroot -w /var/www/html --agree-tos --email me#yahoo.com -d mysite.com -d www.mysite.com --non-interactive
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
Using the webroot path /var/www/html for all unmatched domains.
...
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
example.com.well-known/acme-challenge/gygb7wEj3o-_5MIoUgraBRddmqrtZdfIM-UWMySoNl8:
Domain: www.example.com
Type: unauthorized
Detail: Invalid response from
www.example.com.well-known/acme-challenge/z8oZ1FAiHBJNwWvLTI-g9hMZ5zoLdJSZBgaQ9CSTJU0:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
root#server:/opt/certbot# cd .
I checked the domain name and A record and they seem to be OK. In my browser I opened the link and I see the screenshot, which makes sense since I'm running a django app.
How can I set things so that the certbot can access the webroot?
edit :
root#server:/etc/nginx# cat nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
/var/log/nginx/access.log shows:
66.133.109.36 - - [10/Feb/2017:13:16:40 -0500] "GET /.well-known/acme-challenge/-GMR_DzXR-oOTzl7LEesFiQI0H-2zCak2Bq3cDO7mTQ HTTP/1.1" 404 1080 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
66.133.109.36 - - [10/Feb/2017:13:16:40 -0500] "GET /.well-known/acme-challenge/4hTpEFaTJDTCiAS-Y9242MmNngEHM6e9cPr2WIdCL4Q HTTP/1.1" 404 1083 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
/var/log/nginx/error.log shows no errors.
Also I notice that there are no files in the .well known directory:
deploy#server:/var/www/html/.well-known$ ll
total 8
drwxrwxrwx 2 root root 4096 Feb 11 10:20 ./
drwxr-xr-x 3 root root 4096 Feb 10 09:29 ../
edit 2: In /etc/nginx/sites-available/mysite I've changed it to:
server {
listen 80;
server_name mysite.com www.mysite.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/deploy/mysite;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/mysite.sock;
}
location ~ /.well-known {
allow all;
}
}
restarted nginx - same error

The following worked in the site's server block:
server {
listen 80;
server_name mysite.com www.mysite.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/deploy/mysite;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/mysite.sock;
}
location ^~ /\.well-known {
allow all;
}
}
edit: here's another option that may work:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/html;

Django query returns empty every time after nginx restart

As I said in the title, I restarted the nginx server for my site and then made a query to the db that I had done many times before. I can see that the db wasn't accidentally wiped, and I can see that the request payload is still correct. I didn't change any of the code relating to db access, so why is this happening?
here is the Nginx configuration file:
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

The answer is not to restart Nginx.
What is the query? How is Nginx configured? How and why are you restarting it?

Deploy Flask on Raspberry Pi with Nginx

I'm trying to deploy a simple flask app on my raspberry pi using nginx. I've followed these two guides:
http://www.onurguzel.com/how-to-run-flask-applications-with-nginx-using-gunicorn/
http://www.onurguzel.com/managing-gunicorn-processes-with-supervisor/
And have got everything running without error. But when I load a web browser pointing at my PI's IP (I work over ssh) - all I see is the default "welcome to nginx" page. What's going on?
here are my files:
/home/pi/hello/hello.py
from flask import Flask
from werkzeug.contrib.fixers import ProxyFix
app = Flask(__name__)
#app.route('/')
def hello():
return "Hello world!"
app.wsgi_app = ProxyFix(app.wsgi_app)
if __name__ == '__main__':
app.run()
/etc/nginx/sites-available/hello.conf (symlinked to: /etc/nginx/sites-enabled/)
server {
listen 80;
server_name hello.itu24.com;
root /home/pi/hello/hello.py;
access_log /home/pi/hello/access.log;
error_log /home/pi/hello/error.log;
location / {
try_files $uri #gunicorn_proxy;
}
location #gunicorn_proxy {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:8000;
}
}
Here's my nginx.conf (though I have not changed it at all)
/etc/nginx/nginx.conf
user www-data;
worker_processes 2;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
For the supervisor part:
/etc/supervisor/conf.d/hello.conf
[program:hello]
command = /home/pi/hello/bin/python /home/pi/hello/bin/gunicorn hello:app
directory = /home/pi/hello
user = pi
I can spin everything up with :
sudo supervisorctl start hello
But when I hit my Pi's IP:
http://192.168.1.28
from my macs browser
all I get is: "Welcome to nginx"
Any ideas? This is my first server that I'm running and deploying to - running it on a Ras Pi probably wasn't the best idea but I'm learning a lot so far.

You might running flask on the default port, which is 5000.
Try changing this line:
if __name__ == '__main__':
#app.run()
app.run(port=8000)
or change your supervisord command to:
command = /home/pi/hello/bin/python /home/pi/hello/bin/gunicorn hello:app -b 0.0.0.0:8000

You might want to make sure the default site is disabled. Simply delete the symlink default from sites-enabled.
Also, the default port for Flask is 5000 not 8000, so in your nginx configuration, you need to change the following:
location #gunicorn_proxy {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:5000; # Default port
}