Nginx getting Permission denied when connecting to Unicorn
I found the problem. The path for unicorn.myapp.sock had to go to the /tmp directory on root rather than in myuser directory. Also, the root path in my nginx default.conf file needed to be at root/myApp/public rather than what I had. I have no idea what that last part means but it works and I'm happy. Thanks to everyone that helped me get here.
Nginx denied permission while connecting upstream to Unicorn
While I did not figure out the actual problem, switching from Centos 7.5
to 6.9
fixed the issue.
Nginx failed (13: Permission denied) when start rails with unicorn
Make sure that nginx is run under proper user (user ...
directive in main nginx config file), and then make sure that /home/ec2-user/apps/mybest/current/public/*
files are accessible for that user (i.e. they belong to the same group as the user, and have read permission on them).
You also need to have +x permission on every directory down your path. You could see permissions with ls -l
in your terminal, and then just do something like that if they lack:
chmod g+x apps
cd apps
chmod g+x mybest
cd mybest
chmod g+x current
cd current
chmod g+x public
cd public
chmod g+r *
UPD. As found out down in comments, nginx runs fine under ec2-user
username (user ec2-user
in config). Most likely there are restrictive permissions (no "+x"/"+r" for group on directories) for /home
and/or /home/ec2-user
. Personally, I see nothing wrong having nginx run under ec2-user
username. Or you could move your Rails application for example to /var/www/my_app
, setup permissions for nginx
user, and have it run from there.
502 Bad Gateway, failed (13: Permission denied) - with Nginx and Unicorn
I'm answering my own question a couple months now after solving the problem, so I don't have the exact logs I used in my deduction.
Basically, there was an error in unicorn's log because I never declared the production database secret.
(13: Permission denied) while connecting to upstream:[nginx]
Disclaimer
Make sure there are no security implications for your use-case before running this.
Answer
I had a similar issue getting Fedora 20, Nginx, Node.js, and Ghost (blog) to work. It turns out my issue was due to SELinux.
This should solve the problem:
setsebool -P httpd_can_network_connect 1
Details
I checked for errors in the SELinux logs:
sudo cat /var/log/audit/audit.log | grep nginx | grep denied
And found that running the following commands fixed my issue:
sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
sudo semodule -i mynginx.pp
Option #2 (probably more secure)
setsebool -P httpd_can_network_relay 1
https://security.stackexchange.com/questions/152358/difference-between-selinux-booleans-httpd-can-network-relay-and-httpd-can-net
References
http://blog.frag-gustav.de/2013/07/21/nginx-selinux-me-mad/
https://wiki.gentoo.org/wiki/SELinux/Tutorials/Where_to_find_SELinux_permission_denial_details
http://wiki.gentoo.org/wiki/SELinux/Tutorials/Managing_network_port_labels
Related Topics
In Ruby How to Create a Local Variable Explicitly
Why Does "True or True and False" Appear to Be Simultaneously True and False
Error When Trying to Create Heroku App on Windows
Why Is Heroku's Heroku-18 Stack Only Compatible with Puma Versions 3.7.X
Using Class Instance Variable for Mutex in Ruby
Error in Install Ruby-Debug-Base on Ruby 2.0.0P247
Array#Uniq with Block Equivalent in Ruby 1.8.7
Different Behaviour of 'Do .. End' and "{..}" Block in Ruby
How to Emit Yaml in Ruby Expanding Aliases
How to Check If a Resource Exists in an Aws S3Bucket
Static Variables in Ruby, Like in C Functions
Heroku: Error Pushing Rails App to Heroku, Heroku Can't Find Rails App
How to Upgrade Rvm When the Official Way Doesn't Work
Error While Installing Iconv on Windows by Ruby2.0.0