我有Flask后端,可以使用UWSGI作为守护程序和前端运行。我想两个应用程序都监听相同的地址和端口,因此我使用Nginx将https://address/api
上的请求重定向到后端,将其他重定向到前端。我当前的配置:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/myapp.com.crt;
ssl_certificate_key /etc/ssl/certs/myapp.com.key;
server_name myapp.com;
root /usr/share/nginx/html;
location /api {
include uwsgi_params;
uwsgi_pass unix:/usr/share/nginx/html/backend/wsgi.sock;
}
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name myapp.com www.myapp.com;
return 301 https://$server_name$request_uri;
}
}
守护进程的状态为正在运行,并且已创建套接字,下面是 backend.ini (wsgi ini-config):
[uwsgi]
module = wsgi:app
master = true
processes = 5
socket = wsgi.sock
chmod-socket = 775
chown-socket=myuser:www-data
uid = myuser
gid = www-data
vacuum = true
die-on-term = true
后端服务配置:
[Unit]
Description=UWSGI instance to serve backend
After=network.target
[Service]
User=myuser
Group=www-data
WorkingDirectory=/usr/share/nginx/html/backend
Environment="PATH=/usr/share/nginx/html/backend/venv/bin"
ExecStart=/usr/share/nginx/html/backend/venv/bin/uwsgi --ini backend.ini
[Install]
WantedBy=multi-user.target
状态为running
,并且后端服务日志中没有错误。但是,当我尝试在后端访问我的REST资源时,Nginx失败并显示日志:
2019/11/22 15:49:30 [crit] 30040#0: *3 connect() to unix:/usr/share/nginx/html/backend/wsgi.sock failed (13: Permission denied) while connecting to upstream, client: x.x.x.x, server: myapp.com, request: "GET /api/v1/lobs HTTP/1.1", upstream: "uwsgi://unix:/usr/share/nginx/html/backend/wsgi.sock:", host: "myapp.com"
我阅读了有关同一问题的其他主题,但无济于事。我将root
,myuser
和nginx
添加到组www-data
,将backend
文件夹的组更改为www-data
。但是Nginx仍然没有权限。
如何授予Nginx权限?我在做什么错了?
答案
所有问题都是由于SELinux引起的,我以前没遇到过,也不知道这是我的麻烦根源