Question

我正在尝试使用Gunicorn和Nginx在CentOS7 VM上部署名为 pytimesheets 的烧瓶应用程序。我基本上跟随this tutorial进行了一些小改动。

当我使用gunicorn --bind 0.0.0.0:8080 wsgi:app（不使用Nginx）启动应用程序时，它可以正常工作，但这不是我希望它运行的方式。

所以我创建了一个 systemd服务单元文件 /etc/systemd/system/pytimesheets.service:

[Unit]
Description=Gunicorn instance to serve pytimesheets
After=network.target

[Service]
User=centos
Group=nginx
WorkingDirectory=/home/centos/pytimesheets/pytimesheets
Environment="PATH=/home/centos/miniconda/envs/pytimesheets-dev/bin"
ExecStart=/home/centos/miniconda/envs/pytimesheets-dev/bin/gunicorn --workers 3 --bind unix:pytimesheets.sock -m 007 wsgi:app

[Install]
WantedBy=mulit-user.target

启动并启用了gunicorn服务 - 工作！

接下来，我配置了 Nginx ：

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen 8080;
        server_name my.servername.com;

        location / {
            proxy_set_header HOST $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://unix:/home/centos/pytimesheets/pytimesheets/pytimesheets.sock;
        }
    }


    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

我将用户nginx添加到我的用户组（centos，具有sudo权限）sudo usermod -a -G user nginx并在我的主目录chmod 710 /home/centos

中赋予它执行权限

最后，我启动了nginx，但是当我访问该网站时，我得到的是 502 Bad Gateway Error。

Nginx错误日志显示了这一点：

2016/07/06 13:33:44 [crit] 17464#0: 
*1 connect() to unix:/home/centos/pytimesheets/pytimesheets/pytimesheets.sock 
failed (13: Permission denied) while connecting to upstream, 
client: 10.250.16.87, server: my.servername.com, 
request: "GET / HTTP/1.1", 
upstream: "http://unix:/home/centos/pytimesheets/pytimesheets/pytimesheets.sock:/", 
host: "my.servername.com"

一旦启动pytimesheets服务就会创建sock文件，并且位置/home/centos/pytimesheets/pytimesheets/pytimesheets.sock可能看起来很奇怪，但它是正确的。

我的猜测是有些东西搞砸了用户权限。有没有人知道我做错了什么？

更新

我在设置setenforce = Permissive后能够运行该应用程序。但是，我不知道这是否是一种永久解决方案。

在CentOS7上使用Gunicorn和Nginx部署Flask应用程序导致502错误

0 个答案: