Reputation: 11396
'sudo nginx' vs 'sudo service nginx start'
I have the following setup:
NGINX 1.6.2, Rails 4, Unicorn, Capistrano 3.1
I am getting the following errors in /var/log/nginx/error.log
2015/01/03 22:27:13 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public//index.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 connect() to unix:/tmp/unicorn.mjp-portal_staging.sock failed (13: Permission denied) while connecting to upstream, client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock:/", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/500.html/index.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock/", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/500.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock/", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 connect() to unix:/tmp/unicorn.mjp-portal_staging.sock failed (13: Permission denied) while connecting to upstream, client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock:/500.html", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/favicon.ico/index.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/favicon.ico" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 connect() to unix:/tmp/unicorn.mjp-portal_staging.sock failed (13: Permission denied) while connecting to upstream, client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock:/favicon.ico", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/500.html/index.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock/favicon.ico", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/500.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock/favicon.ico", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 connect() to unix:/tmp/unicorn.mjp-portal_staging.sock failed (13: Permission denied) while connecting to upstream, client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock:/500.html", host: "185.48.117.98"
I've tried running nginx as root, mjp and nginx as user but i get these same errors.
Even nginx doesn't create a server from sites-enabled/symlink-to-deploy-root-shared-config-nginx.confalthough it does include it in nginx -t test.
What am i doing wrong?
Upvotes: 1
Views: 1180
Answers (1)
Reputation: 11396
I got it working. Actually it wasn't a permissions error of the directories.
I stopped the nginx service and then started it as sudo nginx through which i was able to run the app with everything working. But when i tried to run it as a service by sudo service nginx start it gave the above errors for permission denied for the root dir & the socket.
I posted this same question on server fault and was lucky enough to get an answer.
Here is the answer:
This is an selinux problem.
When you run sudo nginx it starts nginx as
unconfined_t, when you runsudo service nginx startit startsnginxashttpd_t.By initially starting with just sudo it creates a bunch of files and initializes its state as unconfined_t. For example the pid file will be the wrong context. Thus when using service nginx stop to terminate it there is insufficient privileges for httpd_t to read files written by the
unconfined_t.You should really always start using service which will avoid this problem. To correct it you will need to relabel stateful files that exist in the filesystem, for example running
restorecon /var/run/nginx.pidwill correct the incorrect label set on that pid file.I am not sure if there are any more files that get written out when the service is created which will also need correcting. You can get a list of which files that these might be doing
ausearch -ts recent -m avc.
Upvotes: 1
Related Questions
- What's the difference between starting nginx with command "nginx", "service start nginx" and "systemctl nginx start"?
- Restart nginx without sudo?
- Starting or restarting Unicorn with Capistrano 3.x
- What is the difference between `$/sbin/restart nginx` and `$service nginx restart`?
- Ubuntu: 'unicorn_init.sh start' works, but 'service unicorn_init start' does NOT
- Why `sudo nginx -t` and `nginx -t` return opposite results for the very same file?
- Sudo command for restart in Rails 4, Capistrano
- Unicorn: Start, Stop and Restart Centos 6
- Capistrano appserver as service without sudo
- Start Unicorn Without sudo