Nginx无法连接到CentOS上的套接字(13:权限被拒绝)

时间:2019-11-22 12:57:13

标签: nginx centos wsgi

我有Flask后端,可以使用UWSGI作为守护程序和前端运行。我想两个应用程序都监听相同的地址和端口,因此我使用Nginx将https://address/api上的请求重定向到后端,将其他重定向到前端。我当前的配置:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen 443;
        ssl on;
        ssl_certificate /etc/ssl/certs/myapp.com.crt;
        ssl_certificate_key /etc/ssl/certs/myapp.com.key;
        server_name myapp.com;
        root /usr/share/nginx/html;
        location /api {
            include uwsgi_params;
            uwsgi_pass unix:/usr/share/nginx/html/backend/wsgi.sock;
        }
        location / {
            try_files $uri $uri/ /index.html;
        }
    }

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name myapp.com www.myapp.com;
        return 301 https://$server_name$request_uri;
    }
}

守护进程的状态为正在运行,并且已创建套接字,下面是 backend.ini (wsgi ini-config):

[uwsgi]
module = wsgi:app

master = true
processes = 5

socket = wsgi.sock
chmod-socket = 775
chown-socket=myuser:www-data
uid = myuser
gid = www-data
vacuum = true

die-on-term = true

后端服务配置:

[Unit]
Description=UWSGI instance to serve backend
After=network.target

[Service]
User=myuser
Group=www-data
WorkingDirectory=/usr/share/nginx/html/backend
Environment="PATH=/usr/share/nginx/html/backend/venv/bin"
ExecStart=/usr/share/nginx/html/backend/venv/bin/uwsgi --ini backend.ini

[Install]
WantedBy=multi-user.target

状态为running,并且后端服务日志中没有错误。但是,当我尝试在后端访问我的REST资源时,Nginx失败并显示日志:

2019/11/22 15:49:30 [crit] 30040#0: *3 connect() to unix:/usr/share/nginx/html/backend/wsgi.sock failed (13: Permission denied) while connecting to upstream, client: x.x.x.x, server: myapp.com, request: "GET /api/v1/lobs HTTP/1.1", upstream: "uwsgi://unix:/usr/share/nginx/html/backend/wsgi.sock:", host: "myapp.com"

我阅读了有关同一问题的其他主题,但无济于事。我将rootmyusernginx添加到组www-data,将backend文件夹的组更改为www-data。但是Nginx仍然没有权限。

如何授予Nginx权限?我在做什么错了?

答案
所有问题都是由于SELinux引起的,我以前没遇到过,也不知道这是我的麻烦根源

0 个答案:

没有答案