CODEWITHSUNDEEP
socketsnginxpermissionsgunicornsystemd
Catalin
Catalin

Reputation: 258

Nginx perimission denied connecting to .socket

Trying to proxy a gunicorn socket with nginx.

/etc/systemd/system/gunicorn.service file

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
User=www-data
Group=www-data
WorkingDirectory=/root/PSite/blog
ExecStart=/root/PSite/blog/blog/venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/root/PSite/blog/blog.sock blog.wsgi:application

[Install]
WantedBy=multi-user.target

/etc/nginx/sites-available/blog file

server {
    listen 80;
    server_name server_domain_or_IP;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /root/PSite/blog;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/root/PSite/blog/blog.sock;
    }
}

Then I start the daemon : systemctl start gunicorn

After running systemctl status gunicorn it throws and error:

EXEC spawning /root/PSite/blog/blog/venv/bin/gunicorn: Permission denied

All folders and files are owned by www-data:www-data.

If I change the gunicorn user to root it create the proxy, yet the nginx log say it doesn't have permissions.

What is the problem?

Upvotes: 1

Views: 48

Answers (1)

Mark Stosberg
Mark Stosberg

Reputation: 13381

It's good security to run your service as a non-root user. However, you are complicating the issue by trying to store files under "/root", which is intended only for the "root"user to access.

Try moving your "PSite" site folder from "/root" to a neutral location like "/var/www/PSite".

Upvotes: 2

Related Questions