nginx 错误:(13:权限被拒绝)同时连接到上游)

Posted

技术标签:

【中文标题】nginx 错误:(13:权限被拒绝)同时连接到上游)【英文标题】:nginx error: (13: Permission denied) while connecting to upstream) 【发布时间】:2016-05-12 15:46:51 【问题描述】:

我正在使用 ubuntu 14.04 LTS 的谷歌计算引擎 VM 上运行带有 puma、capistrano 和 nginx 的 rails 应用程序。

我在外部 IP 上运行 nginx。当我访问它时,我在日志中得到两个 nginx 错误:

2016/02/03 11:58:07 [info] 19754#0: *73 client closed connection while waiting for request, client: ###.##.##.###, server: 0.0.0.0:443

2016/02/03 11:58:07 [crit] 19754#0: *74 connect() to unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock failed (13: Permission denied) while connecting to upstream, client: ###.##.##.###, server: , 
request: "GET / HTTP/1.1", upstream: "http://unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock:/", host: "###.###.###.###"

注意:最后一个 ###.###.###.### 是运行代码的谷歌计算虚拟机的外部 IP。我相信前两个IP是我的家庭IP。

我试过了:setsebool httpd_can_network_connect on,这里建议: (13: Permission denied) while connecting to upstream:[nginx] 它返回:setsebool: SELinux is disabled. 但问题仍然存在。

我也看过(13: Permission denied) while connecting to upstream:[nginx],但似乎是uwsgi特有的

这是我的 nginx.conf

upstream puma 
  server unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock;

server 
  listen 80 default_server deferred;
  listen 443 ssl;
  # server_name example.com;
  ssl_certificate /etc/ssl/my-web-app/my-web-app.com.chained.crt;
  ssl_certificate_key /etc/ssl/my-web-app/my-web-app.key;
  root /home/my-web-app/apps/my-web-app/current/public;
  access_log /home/my-user-name/apps/my-web-app/current/log/nginx.access.log;
  error_log /home/my-user-name/apps/my-web-app/current/log/nginx.error.log info;
  location ^~ /assets/ 
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  
  try_files $uri/index.html $uri @puma;
  location @puma 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://puma;
  
  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  keepalive_timeout 10;

我用sudo service nginx restart 运行 nginx 然后我用:RACK_ENV=production bundle exec puma -p 3000 运行 puma,它返回:

Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:3000
Use Ctrl-C to stop

编辑 1

有人建议我在 unix 上运行 puma 而不是 tcp 3000 以便它匹配 nginx

我曾尝试通过以下命令在 unix 上运行 puma:

RACK_ENV=production bundle exec puma -d -b unix:///tmp/my-web-app.sock --pidfile /tmp/puma.pid

给了:

Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Daemonizing...

它会读取上面的文本,但不会逗留,尽管末尾有“...”,但命令提示符会立即再次出现。

这个命令似乎不起作用,所以如果有人能建议如何在 unix 而不是 tcp 3000 上运行 puma,那么我可以完成这个建议。 (虽然我怀疑在与 puma 相关的任何事情之前可能会出现配置 nginx 问题)

编辑 2 附加 puma.rb

#!/usr/bin/env puma
directory '/home/my-user-name/apps/my-web-app/current'
rackup "/home/my-user-name/apps/my-web-app/current/config.ru"
environment 'production'
pidfile "/home/my-user-name/apps/my-web-app/shared/tmp/pids/puma.pid"
state_path "/home/my-user-name/apps/my-web-app/shared/tmp/pids/puma.state"
stdout_redirect '/home/my-user-name/apps/my-web-app/current/log/puma.error.log', '/home/my-user-name/apps/my-web-app/current/log/puma.access.log', true
threads 2,8
bind 'unix:///home/my-user-name/apps/my-web-app/shared/tmp/sockets/my-web-app-puma.sock'
workers 1
preload_app!
on_restart do
  puts 'Refreshing Gemfile'
  ENV["BUNDLE_GEMFILE"] = "/home/my-user-name/apps/my-web-app/current/Gemfile"
end
on_worker_boot do
  ActiveSupport.on_load(:active_record) do
    ActiveRecord::Base.establish_connection
  end
end

编辑 3

我现在尝试直接在端口 80 上运行 rails 服务器。我输入: rvmsudo rails server -p 80 并返回:

=> Booting Puma
=> Rails 4.2.4 application starting in development on http://localhost:80
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:80
Exiting
/home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `initialize': Address already in use - bind(2) for "localhost" port 80 (Errno::EADDRINUSE)
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `new'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `add_tcp_listener'
        from (eval):2:in `add_tcp_listener'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/rack/handler/puma.rb:33:in `run'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/rack-1.6.4/lib/rack/server.rb:286:in `start'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/server.rb:80:in `start'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:80:in `block in server'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:75:in `tap'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:75:in `server'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/railties-4.2.4/lib/rails/commands.rb:17:in `<top (required)>'
        from bin/rails:4:in `require'
        from bin/rails:4:in `<main>'

编辑 4

如果我运行 sudo service nginx stop 然后再次运行 rvmsudo rails server -p 80 它会返回:

=> Booting Puma
=> Rails 4.2.4 application starting in development on http://localhost:80
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
Puma 2.14.0 starting...
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:80

这意味着该方法不正确,因为当我访问外部 IP 时没有 nginx,它现在返回 The server refused the connection. 而不是原来的:

We're sorry, but something went wrong.

If you are the application owner check the logs for more information.

如果有人知道如何防止原始错误,任何建议将不胜感激。

编辑 5 原来的问题依然存在,但谁能告诉我这是 https 问题还是 ssl 问题?

编辑 6

我曾尝试直接在 80 上运行 puma,但在 80 上遇到权限错误。

我尝试:RACK_ENV=production bundle exec puma -p 80 并得到:

Puma starting in single mode...
* Version 2.14.0 (ruby 2.1.7-p400), codename: Fuchsia Friday
* Min threads: 0, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
/home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `initialize': Permission denied - bind(2) for "0.0.0.0" port 80 (Errno::EACCES)
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `new'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:233:in `add_tcp_listener'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:98:in `block in parse'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:84:in `each'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/binder.rb:84:in `parse'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/runner.rb:119:in `load_and_bind'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/single.rb:79:in `run'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/lib/puma/cli.rb:215:in `run'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/gems/puma-2.14.0/bin/puma:10:in `<top (required)>'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/bin/puma:23:in `load'
        from /home/my-user-name/apps/my-web-app/shared/bundle/ruby/2.1.0/bin/puma:23:in `<main>'

我认为这是因为 80 端口的权限比其他端口高。所以,我跑了sudo RACK_ENV=production bundle exec puma -p 80,但它刚刚返回:Your Ruby version is 1.9.3, but your Gemfile specified 2.1.7

【问题讨论】:

你的上游块说 unix socket,但你在 TCP/IP 套接字的端口 3000 上启动 puma。其中之一需要改变。 谢谢@RichardSmith 我在编辑 1 中尝试了你的建议 @Rorschach 你有机会解决这个问题吗?如果是这样,您能否发布答案,以便其他人可以从中受益。 Nginx error: (13: Permission denied) while connecting to upstream的可能重复 【参考方案1】:

我遇到了同样的错误,我有一个解决方案,但不知道它是否正确。 更改文件/etc/nginx/nginx.conf的第一行

user www-data;user root;

然后使用以下命令重启 nginx:

service nginx restartsystemctl restart nginx

警告:这会以root 用户身份运行您的网络服务器。这绝不应该在生产环境中完成,因为它允许 Web 服务器进程完全访问您的系统。如果 Web 服务器进程受到攻击,攻击者将可以不受限制地访问您的整个服务器。

【讨论】:

这可以有效地以 root 身份运行 Nginx 进程,这可能很危险。【参考方案2】:

查看您的应用程序的 puma.error.log 文件。

我在抱怨生产环境的配置块中有一个小的语法错误。

【讨论】:

以上是关于nginx 错误:(13:权限被拒绝)同时连接到上游)的主要内容,如果未能解决你的问题,请参考以下文章

Nginx 错误失败(111:连接被拒绝)同时连接到上游,docker-compose nodejs

Apache 权限被拒绝连接到套接字

连接到 Amazon AWS:权限被拒绝

nginx:连接到上游时连接()失败(111:连接被拒绝)

Nginx + Docker Compose-连接到上游时connect()失败(111:连接被拒绝)

403 nginx 错误 - 权限被拒绝