尝试访问Puma套接字时,nginx权限被拒绝

时间:2016-05-15 19:32:08

标签: ruby-on-rails nginx puma

我正在使用Puma运行我的rails应用程序,并且我正在尝试使我的nginx配置指向它。我的nginx错误日志中出现以下错误:

2016/05/15 15:18:41 [crit] 1611#0: *31 stat() "/home/rails/acceptable-trader/current/public//index.html" failed (13: Permission denied), client: 66.253.181.206, server: , request: "GET / HTTP/1.1", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 stat() "/home/rails/acceptable-trader/current/public/" failed (13: Permission denied), client: 66.253.181.206, server: , request: "GET / HTTP/1.1", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 connect() to unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock failed (13: Permission denied) while connecting to upstream, client: 66.253.181.206, server: , request: "GET / HTTP/1.1", upstream: "http://unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock:/", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 stat() "/home/rails/acceptable-trader/current/public/500.html/index.html" failed (13: Permission denied), client: 66.253.181.206, server: , request: "GET / HTTP/1.1", upstream: "http://unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock/", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 stat() "/home/rails/acceptable-trader/current/public/500.html" failed (13: Permission denied), client: 66.253.181.206, server: , request: "GET / HTTP/1.1", upstream: "http://unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock/", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 connect() to unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock failed (13: Permission denied) while connecting to upstream, client: 66.253.181.206, server: , request: "GET / HTTP/1.1", upstream: "http://unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock:/500.html", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 stat() "/home/rails/acceptable-trader/current/public//index.html" failed (13: Permission denied), client: 66.253.181.206, server: , request: "GET / HTTP/1.1", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 stat() "/home/rails/acceptable-trader/current/public/" failed (13: Permission denied), client: 66.253.181.206, server: , request: "GET / HTTP/1.1", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 connect() to unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock failed (13: Permission denied) while connecting to upstream, client: 66.253.181.206, server: , request: "GET / HTTP/1.1", upstream: "http://unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock:/", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 stat() "/home/rails/acceptable-trader/current/public/500.html/index.html" failed (13: Permission denied), client: 66.253.181.206, server: , request: "GET / HTTP/1.1", upstream: "http://unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock/", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 stat() "/home/rails/acceptable-trader/current/public/500.html" failed (13: Permission denied), client: 66.253.181.206, server: , request: "GET / HTTP/1.1", upstream: "http://unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock/", host: "trade.acceptableice.com"
2016/05/15 15:18:41 [crit] 1611#0: *31 connect() to unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock failed (13: Permission denied) while connecting to upstream, client: 66.253.181.206, server: , request: "GET / HTTP/1.1", upstream: "http://unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock:/500.html", host: "trade.acceptableice.com"

我已经尝试将accepted-trader-puma.sock及其父文件夹更改为由www-data拥有,但似乎没有做任何事情。

我的nginx网站文件是:

upstream puma {
  server unix:///home/rails/acceptable-trader/shared/tmp/sockets/acceptable-trader-puma.sock;
}

server {
  listen 80 default_server deferred;
  # server_name example.com;

  root /home/rails/acceptable-trader/current/public;
  access_log /home/rails/acceptable-trader/current/log/nginx.access.log;
  error_log /home/rails/acceptable-trader/current/log/nginx.error.log info;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  keepalive_timeout 10;
}

2 个答案:

答案 0 :(得分:3)

由于nginx无权访问这些文件夹,导致这些错误。如果您通过

更改了用户

chown -R nginx:nginx / folder / path

但仍然不起作用,那么它更可能是SELinux错误。作为快速解决方法,您可以尝试

setenforce permissive

这不是推荐的,但它是测试天气是否与SELinux相关的测试。如果之后有效,则需要编辑SELinux策略以允许nginx具有访问这些文件夹的正确权限。这里的链接不是美洲狮,但仍然很好地阅读如何解决此错误: nginx error 13

答案 1 :(得分:1)

面临同样的问题。解决了以下问题

然后使用setenforce 0设置许可模式 添加nginx semodule并使用setenforce 1再次启用SELinux;

sudo setenforce 0 sudo yum install -y policycoreutils-{python,devel} sudo grep nginx /var/log/audit/audit.log | audit2allow -M nginx sudo semodule -i nginx.pp sudo setenforce 1