nginx Permission denied error

nginx ruby-on-rails unicorn
10,027

Solution 1

nginx runs as nginxuser as your configuration states. You say your directories are owned by root:root.

Ensure that each and every directory from the root to the file attempting to be accessed by nginx has the right execution (and maybe reading?) permission. In your case, the other permission group (chmod o+(r)x <recursive list of dirs>).

If that is not enough, try to add the reading permission for others on socket files.

Normally now nginx will be able to stat() those files.

The fact that everything runs fine with nginx root being set to /usr/share/nginx/html is that those files have been created by the nginx package with an adequate mix of user/group/permissions...

Now, I see another (and bigger) problem: you try to work with nginx workers running as nginx:nginx and files owned by root:root, for which there is no write permission for nginx whatsoever. Any attempt by nginx to write on a socket will thus ultimately fail...

You should really rethink the whole construction of yours. Make nginx user/group and directories/files ones match in some way so nginx can open what it need to open (execution right on directories), read what it needs to read and write what it needs to write without relying on the other permission group which basically allows any user to do the same.

Solution 2

Edited my nginx.conf and changed the user from nginx to deployer (my deployment user for capistrano and member of wheel group), and now everything works great!

Share:
10,027

Related videos on Youtube

DIGITALSQUAD
Author by

DIGITALSQUAD

Updated on September 18, 2022

Comments

  • DIGITALSQUAD
    DIGITALSQUAD over 1 year

    I'm runnning nginx and unicorn to serve Rails application.
    Unicorn and Rails app works fine, but nginx can't open rails public directory with permission error and return 502 Bad Gateway.

    curl http://localhost/
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.6.1</center>
</body>
</html>

    var/log/nginx/error.log

    014/09/18 18:16:16 [crit] 16619#0: *1 stat() "/home/rails/public_html/rails_app/current/public//index.html" failed (13: Permission denied), client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "localhost"
2014/09/18 18:16:16 [crit] 16619#0: *1 stat() "/home/rails/public_html/rails_app/current/public/" failed (13: Permission denied), client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "localhost"
2014/09/18 18:16:16 [crit] 16619#0: *1 connect() to unix:/tmp/unicorn.rails_app.sock failed (2: No such file or directory) while connecting to upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.rails_app.sock:/", host: "localhost"
2014/09/18 18:16:16 [crit] 16619#0: *1 stat() "/home/rails/public_html/rails_app/current/public/500.html/index.html" failed (13: Permission denied), client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.rails_app.sock/", host: "localhost"
2014/09/18 18:16:16 [crit] 16619#0: *1 stat() "/home/rails/public_html/rails_app/current/public/500.html" failed (13: Permission denied), client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.rails_app.sock/", host: "localhost"
2014/09/18 18:16:16 [crit] 16619#0: *1 connect() to unix:/tmp/unicorn.rails_app.sock failed (2: No such file or directory) while connecting to upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.rails_app.sock:/500.html", host: "localhost"

    nginx.conf

    user    nginx;
worker_processes        1;

error_log       /var/log/nginx/error.log warn;
pid                     /var/run/nginx.pid;

events {
        worker_connections 1024; # increase if you have lots of clients
        # accept_mutex off; # "on" if nginx worker_processes > 1
}

http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for"';

        access_log  /var/log/nginx/access.log  main;

        sendfile                on;
        # tcp_nopush    on;
        # tcp_nodelay   off;

        upstream unicorn {
                server unix:/tmp/unicorn.rails_app.sock fail_timeout=0;
        }

        server {
                listen 80 default deferred;
                # server_name example.com;
                root /home/rails/public_html/rails_app/current/public;

                try_files $uri/index.html $uri @unicorn;
                location @unicorn {
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header Host $http_host;
                        proxy_redirect off;
                        proxy_pass http://unicorn;
                }

                error_page 500 502 503 504 /500.html;
                client_max_body_size 4G;
                keepalive_timeout 10;
        }
}

    The permissions for rails public directories are 775 or 775.
    nginx is executed by 'nginx' user and rails public directories are owned by 'rails' user.
    I've tried to execute nginx by 'rails' user and root user but the same errors occurred.
    I have no idea what's wrong with this errors.
    nginx works fine if I set root directory to /usr/share/nginx/html/. My environment is Centos7 on Vagrant and rails 2.2.2 with unicorn gem 4.8.3.

    [note]I know that /tmp/unicorn.rails_app.sock need to be placed another directory by this question, but I guess it's not the problem.

    • wurtel
      wurtel over 9 years
      Are each of the directories in the /home/rails/public_html/rails_app/current/public path executable for the 'nginx' user? If the errno is 13, it must be a simple permissions problem.
    • DIGITALSQUAD
      DIGITALSQUAD over 9 years
      Permissions are ALL 775 or 755 as above. Additionally, when set root dir /usr/share/nginx/html/ works fine but /usr/share/nginx/my_html/ cause the same error though these are same permission(755) and belongs to same owner(root) and group(root).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Rails 4 + nginx + unicorn + ssl = 502 Bad Gateway
nginx and unicorn bad gatewayconnect() to unix:/tmp/mobile.socket failed AND failed (111: Connection refused)
Nginx, Unicorn and Rails = 502 Bad Gateway
Operation not permitted when starting Unicorn
Why does Unicorn need to be deployed together with Nginx?
multiple rails apps on nginx and unicorn
https redirect for rails app behind proxy?
Too many redirects error while trying to configure rails application as SSL using nginx and unicorn
How do I setup ssl on a rails 4 app? (nginx + passenger)
Unable to bind to port 80, but running on the current shell works without any issues