I'm trying to use uWSGI with nginx. The root problem I am having is that I'm getting "No such file or directory" from nginx trying to connect to the uWSGI socket file.
When I use the following settings, I am expecting the socket file's permissions to change. However, they aren't. It continues to show uwsgi:uwsgi
.
The error from nginx is *17 connect() to unix:/tmp/myapp.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.122, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/tmp/myapp.sock:", host: "192.168.1.123:81"
myapp.ini (uwsgi)
[uwsgi]
chdir = /var/local/myapp
plugins = python
module = wsgi:app
home = /var/local/virtualenv/myapp
file = main.py
daemonize = /var/log/uwsgi/myapp.log
pidfile = /var/run/uwsgi/myapp.pid
socket = /tmp/%n.sock
chmod-socket = 777
chown-socket = webuser:nginx
uid = webuser
gid = nginx
vacuum = true
file permissions
srwxrwxrwx. 1 uwsgi uwsgi 0 Jul 3 12:43 myapp.sock
myapp.conf (nginx)
server {
listen 81;
access_log /var/log/nginx/myapp_access.log;
error_log /var/log/nginx/myapp_error.log;
location / {
try_files $uri @yourapplication;
}
location @yourapplication {
include uwsgi_params;
uwsgi_pass unix:/tmp/myapp.sock;
}
}
I also tried this:
usermod -a -G nginx uwsgi
usermod -a -G uwsgi nginx
useradd webuser
usermod -a -G nginx webuser
usermod -a -G uwsgi webuser
and I tried this:
grep avc /var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp
EDIT
and I tried moving the sock file to /var/run/uwsgi/myapp.sock
. In that case, nginx tells me: connect() to unix:/var/run/uwsgi/myapp.sock failed (13: Permission denied) while connecting to upstream
EDIT 2
and just for kix, I tried to use TCP port instead of a socket file. In that situation, I can use curl -XGET http://localhost:8000
and get the proper HTTP response from uwsgi/python. However, in the nginx log (when attempted to come in via the browser through nginx, I get: *1 connect() failed (111: Connection refused) while connecting to upstream
The nginx file is configured like this: uwsgi_pass uwsgi://localhost:8000;
Best Answer
You can't put sockets for interprocess communication in
/tmp
.RHEL/CentOS 7, Fedora, etc., use private /tmp directories, meaning each daemon configured for it (in this case, at least nginx) has a completely different view of
/tmp
than any other.To resolve the problem, either place the socket in another directory or use TCP connections.
And don't blindly
audit2allow
things without understanding what's going on. You'll likely open up some security hole.