Hi i am having the 403 error despite following the steps from here
403 Forbidden on Rails app w/ Nginx, Passenger
My app folder permissions
namei -l /home/ubuntu/resume_consumer/current/public
f: /home/ubuntu/resume_consumer/current/public
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x ubuntu ubuntu ubuntu
drwxrwxr-x ubuntu ubuntu resume_consumer
lrwxrwxrwx ubuntu ubuntu current -> /home/ubuntu/resume_consumer/releases/20150815211156
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x ubuntu ubuntu ubuntu
drwxrwxr-x ubuntu ubuntu resume_consumer
drwxrwxr-x ubuntu ubuntu releases
drwxrwxr-x ubuntu ubuntu 20150815211156
drwxrwxr-x ubuntu ubuntu public
The Nginx app is running as nobody
ps waux | grep nginx
root 12005 0.0 0.0 42480 900 ? Ss Jul28 0:00 nginx: master process /opt/nginx/sbin/nginx
nobody 12006 0.0 0.1 42804 2016 ? S Jul28 0:00 nginx: worker process
My nginx config looks as follows
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
passenger_root /home/ubuntu/.rvm/gems/ruby-2.2.1/gems/passenger-5.0.14;
passenger_ruby /home/ubuntu/.rvm/wrappers/ruby-2.2.1/ruby;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name qa.enterprise.getmeed.com;
root /home/ubuntu/resume/current/public;
passenger_enabled on;
#charset koi8-r;
#access_log logs/host.access.log main;
# location / {
# root html;
# index index.html index.htm;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
server {
listen 80;
server_name qa.getmeed.com;
root /home/ubuntu/resume_consumer/current/public;
index index.html index.htm;
passenger_enabled on;
rails_env production;
passenger_friendly_error_pages on;
# location / {
# root html;
# index index.html index.htm;
# }
}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
When i look at logs, i find an alert that says PassengerAgent not found another error that the directory is forbidden. I am not sure if the alert is related.
2015/08/15 23:40:41 [notice] 20858#0: signal process started
2015/08/15 23:40:41 [alert] 12005#0: Unable to start Phusion Passenger: Support binary PassengerAgent not found (tried: /home/ubuntu/.rvm/gems/ruby-2.2.1/gems/passenger-5.0.14/buildout/support-binaries/PassengerAgent and /root/.passenger/support-binaries/5.0.14/PassengerAgent). This probably means that your Phusion Passenger installation is broken or incomplete, or that your 'passenger_root' setting contains the wrong value. Please reinstall Phusion Passenger or adjust the setting (see: https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html#PassengerRoot). (-1: Unknown error)
2015/08/15 23:45:04 [error] 20859#0: *375 directory index of "/home/ubuntu/resume_consumer/current/public/" is forbidden, client: 104.135.15.7, server: qa.getmeed.com, request: "GET / HTTP/1.1", host: "qa.getmeed.com"
You simply need to see if you can read the file inside /home/ubuntu/resume_consumer/current/public. You are showing us the permissions set in the home directory of Ubuntu, but current and public will have their own permissions as well.
First assuming there is an index.html inside of public, does the following return an error:
sudo -u nobody /home/ubuntu/resume_consumer/current/public
If so then you have a permission problem. You could resolve this by adding the nobody user to the same ubuntu group:
sudo adduser nobody ubuntu
and then ensure the group ubuntu users have the same access as the ubuntu user.
sudo chmod -R g=u /home/ubuntu/resume_consumer
Thanks all! it turns out there is no issue with the nginx. There was an error about passenger in nginx logs, which i wan't sure was related initially, But it turns out that was the root cause.
I had passenger installed but the passenger was not installed for the application specifically. I had to go to the application directory and install passenger gem and then use the passenger_root corresponding to the gem in application in nginx config. That fixed the issue.
Related
So, I'm trying to deploy a Sinatra app with Capistrano. I have deployed the app successfully, however I am unable to start Puma. When I enter my app's current diretory and run pumactl -F config/puma.rb start I get the following error:
ubuntu#ip-10-0-0-195:/srv/apps/cx/current$ pumactl -F config/puma.rb start
[18512] Puma starting in cluster mode...
[18512] * Version 4.3.5 (ruby 2.5.1-p57), codename: Mysterious Traveller
[18512] * Min threads: 2, max threads: 6
[18512] * Environment: staging
[18512] * Process workers: 1
[18512] * Phased restart available
No such file or directory - connect(2) for /srv/apps/cx/releases/shared/tmp/sockets/puma.sock
I have no idea how or why it's looking in the cx/releases directory. I've attached some of my files below and maybe someone can tell me what I'm doing wrong here.
Puma.rb
# Change to match your CPU core count
workers 1
# Min and Max threads per worker
threads 2, 6
app_dir = File.expand_path('../../..', __FILE__)
shared_dir = "#{app_dir}/shared"
# Default to production
rails_env = ENV['RAILS_ENV'] || 'staging'
environment rails_env
# Set up socket location
bind "unix://#{shared_dir}/tmp/sockets/puma.sock"
# Logging
stdout_redirect "#{shared_dir}/logs/puma.stdout.log", "#{shared_dir}/logs/puma.stderr.log", true
daemonize
# Set master PID and state locations
pidfile "#{shared_dir}/pids/puma.pid"
state_path "#{shared_dir}/pids/puma.state"
activate_control_app
on_worker_boot do
require 'active_record'
ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished
ActiveRecord::Base.establish_connection(YAML.load_file("#{app_dir}/current/config/database.yml")[rails_env])
end
lowlevel_error_handler do |ex, env|
Raven.capture_exception(
ex,
message: ex.message,
extra: { puma: env },
transaction: 'Puma'
)
# note the below is just a Rack response
[500, {}, ['An error has occurred, and engineers have been informed. Please reload the page']]
end
Puma.service
[Unit]
Description=Connect-Puma Server
After=network.target
[Service]
Type=simple
User=ubuntu
# EnvironmentFile=/srv/apps/cx-api/current/.rbenv-vars
Environment=RAILS_ENV=staging
WorkingDirectory=/srv/apps/cx/current/
ExecStart=/usr/bin/rbenv exec bundle exec puma -C /srv/apps/cx/current/config/puma.rb
ExecStop=/usr/bin/rbenv exec bundle exec pumactl -F /srv/apps/cx/current/config/puma.rb stop
ExecReload=/usr/bin/rbenv exec bundle exec pumactl -F /srv/apps/cx/current/config/puma.rb phased-restart
TimeoutSec=15
Restart=always
KillMode=process
[Install]
WantedBy=multi-user.target
etc/nginx/sites-enabled/cx
pstream sinatra {
server unix:/srv/apps/cx/shared/tmp/puma.sock;
}
server {
root /srv/apps/cx/current/public;
server_name staging.ldelivers.com;
location / {
try_files $uri $uri/index.html #puma;
}
location #puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://sinatra;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/staging.lmdelivers.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/staging.lmdelivers.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = staging.lmdelivers.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name staging.lmdelivers.com;
return 404; # managed by Certbot
}
As you can see I'm not calling to the /releases directory anywhere. If anyone can get me pointed in the right direction I would appreciate it soo soo much.
Thanks
Try this
app_dir = File.expand_path('../../../..', __FILE__)
Also, the socket path is set as .../tmp/puma.sock in one configuration file and .../tmp/sockets/puma.sock in another.
Based on brew info nginx the terminal output is telling me that nginx is running on port 8080 by default:
The default port has been set in /usr/local/etc/nginx/nginx.conf to
8080 so that nginx can run without sudo.
This is the full output:
$ brew info nginx
nginx: stable 1.19.0 (bottled), HEAD
HTTP(S) server and reverse proxy, and IMAP/POP3 proxy server
https://nginx.org/
/usr/local/Cellar/nginx/1.19.0 (25 files, 2.1MB) *
Poured from bottle on 2020-06-16 at 17:55:46
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/nginx.rb
==> Dependencies
Required: openssl#1.1 ✔, pcre ✔
==> Options
--HEAD
Install HEAD version
==> Caveats
Docroot is: /usr/local/var/www
The default port has been set in /usr/local/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.
nginx will load all files in /usr/local/etc/nginx/servers/.
To have launchd start nginx now and restart at login:
brew services start nginx
Or, if you don't want/need a background service you can just run:
nginx
==> Analytics
install: 33,973 (30 days), 101,534 (90 days), 407,985 (365 days)
install-on-request: 33,387 (30 days), 99,128 (90 days), 394,576 (365 days)
build-error: 0 (30 days)
My Mac OS is Catalina 10.15
However, when I go to look at the nginx.conf in /usr/local/etc/nginx/nginx.conf I do not see that the nginx port is open on 8080. I see it open on port 81:
server {
listen 81;
server_name localhost;
....
....
When I go to visit http://localhost:8080/ I get the nginx welcome message. However when I go to visit http://localhost:81/ I get a "site can't be reached" ERR_CONNECTION_REFUSED error.
How is nginx running on port 8080 without such a specification in the nginx.conf file? And why is nginx not running on port 81 which the conf appears to suggest it should.
Here's the full nginx.conf:
# cat /usr/local/etc/nginx/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 81;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
include servers/*;
}
Have you tried to restart/reload Nginx yet? In order for the configuration change to take effect, you need to reload it.
You can use this command on Mac OSX to reload Nginx: sudo nginx -s reload
This question already has answers here:
launch a CAT command unix into Dockerfile
(7 answers)
Closed 7 months ago.
I have a dockerfile and can't seem to be able to embed the nginx configuration file to it, so that it can be appended to /etc/nginx/nginx.conf.
I tried the following formats:
RUN cat <<EOT >> /etc/nginx/nginx.conf
user www;
worker_processes auto; # it will be determinate automatically by the number of core
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; # it permit you to use /etc/init.d/nginx reload|restart|stop|start
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
access_log /var/log/nginx/access.log;
keepalive_timeout 3000;
server {
listen 80;
root /usr/local/www;
index index.html index.htm;
server_name localhost;
client_max_body_size 32m;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
}
}
EOT
and
RUN echo $
'user www; \n
worker_processes auto; # it will be determinate automatically by the number of core \n
error_log /var/log/nginx/error.log warn; \n
pid /var/run/nginx.pid; # it permit you to use /etc/init.d/nginx reload|restart|stop|start \n
events { \n
worker_connections 1024; \n
} \n
http { \n
include /etc/nginx/mime.types; \n
default_type application/octet-stream; \n
sendfile on; \n
access_log /var/log/nginx/access.log; \n
keepalive_timeout 3000; \n
server { \n
listen 80; \n
root /usr/local/www; \n
index index.html index.htm; \n
server_name localhost; \n
client_max_body_size 32m; \n
error_page 500 502 503 504 /50x.html; \n
location = /50x.html { \n
root /var/lib/nginx/html; \n
} \n
} \n
}'
> /etc/nginx/nginx.conf
However with either of the two examples I get the following error, which kinda looks like docker is trying to treat the nginx config file as its own variables:
Sending build context to Docker daemon 33.28 kB
Error response from daemon: Unknown instruction: WORKER_PROCESSES
Docker version is 1.13.1, build 07f3374/1.13.1 and the distro I am using is CentOS Atomic Host 7.1902, while docker base image is alpinelinux.
Thanks
That should do the trick:
RUN echo $'first line \n\
second line \n\
third line' > /etc/nginx/nginx.conf
Basically it's wrapped in a $'' and uses \n\ for new lines.
I was looking to create & append lines to my .npmrc to install private packages. The only syntax that worked for me was:
RUN echo #myscope:registry=https://gitlab.com/api/v4/packages/npm/ > .npmrc \
&& echo //gitlab.com/api/v4/packages/npm/:_authToken=${MY_TOKEN} >> .npmrc \
&& echo strict-ssl=false >> .npmrc
I have followed below tutorial to setup nginx+web2py+uwsgi but nginx couldn't access uwsgi socket. below is my configuration file. when i am opening localhost it is showing 502 bad gateway and nginx error log is showing permission denied while trying to access web2py.socket
setup web2py+uwsgi+nginx on ubuntu
nginx conf file in /usr/local/etc/nginx/nginx.conf
#user nobody;
worker_processes 1;
error_log /var/log/nginx/nginx_error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name $hostname;
###to enable correct use of response.static_version
location ~* ^/(\w+)/static(?:/_[\d]+\.[\d]+\.[\d]+)?/(.*)$ {
alias /Users/sudhakar/Desktop/web2py/applications/$1/static/$2;
expires max;
### if you want to use pre-gzipped static files (recommended)
### check scripts/zip_static_files.py and remove the comments
# include /etc/nginx/conf.d/web2py/gzip_static.conf;
}
###
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
###remove the comments to turn on if you want gzip compression of your pages
# include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
### remove the comments if you use uploads (max 10 MB)
#client_max_body_size 10m;
###
}
}
server {
listen 443 default_server ssl;
server_name $hostname;
ssl_certificate /usr/local/etc/nginx/ssl/web2py.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/web2py.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
keepalive_timeout 70;
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
###remove the comments to turn on if you want gzip compression of your pages
# include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
### remove the comments if you want to enable uploads (max 10 MB)
#client_max_body_size 10m;
###
}
###to enable correct use of response.static_version
location ~* ^/(\w+)/static(?:/_[\d]+\.[\d]+\.[\d]+)?/(.*)$ {
alias /Users/sudhakar/Desktop/web2py/applications/$1/static/$2;
expires max;
### if you want to use pre-gzipped static files (recommended)
### check scripts/zip_static_files.py and remove the comments
# include /etc/nginx/conf.d/web2py/gzip_static.conf;
}
###
}
include servers/*;
}
uwsgi conf file in /etc/uwsgi/web2py.ini
[uwsgi]
socket = /tmp/web2py.socket
chmod-socket = 600
uid = _www
gid = _www
pythonpath = /Users/sudhakar/Desktop/web2py/
mount = /=wsgihandler:application
processes = 4
master = true
harakiri = 60
reload-mercy = 8
cpu-affinity = 1
stats = /tmp/stats.socket
max-requests = 2000
limit-as = 512
reload-on-as = 256
reload-on-rss = 192
touch-reload = /Users/sudhakar/Desktop/web2py/routes.py
cron = 0 0 -1 -1 -1 python /Users/sudhakar/Desktop/web2py/web2py.py -Q -S welcome -M -R scripts/sessions2trash.py -A -o
no-orphans = true
below command is use to run uwsgi
exec /usr/local/bin/uwsgi --ini /etc/uwsgi/web2py.ini
You need to run nginx and uwsgi processes with same user. Alternatively, you can change socket file permission but it's not recommended because of security issues.
Solution 1:
Change #user nobody; line as user _www; in your /usr/local/etc/nginx/nginx.conf file (to run Nginx process with _www user)
Then restart nginx service
Solution 2:
Change chmod-socket = 600 line as chmod-socket = 666 in your /etc/uwsgi/web2py.ini file. (Not recommended)
Then restart uwsgi service
This is a well discussed issue of www.domain.com vs domain.com on nginx. For some reason it doesn't work. Here is my nginx conf file:
server{
server_name www.xyz.com;
return 301 $scheme://xyz.com$request_uri;
}
server {
server_name xyz.com;
access_log /home/access_logs/shiv/access.log;
error_log /home/access_logs/shiv/error.log;
root /home/xyz;
location / {
try_files $uri $uri/ /index.php;
index index.html;
}
location ~ \.php$ {
include /opt/nginx/conf/fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/xyz$fastcgi_script_name;
}
}
Please point out as to whats wrong with this config !!
QUESTION
xyz.com opens just fine.
www.xyz.com just doesn't open
MY DNS ZONE FILE
$TTL 1800
# IN SOA ns1.abc.com. hostmaster.xyz. (
1376913474 ; last update: 2013-08-19 11:57:54 UTC
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
)
IN NS ns1.cpp.com.
NS ns2.cpp.com.
NS ns3.cpp.com.
MX 0 9d209d3837fd2a499a12e566975cce.pamx1.hotmail.com.
# IN A 192.xxx.xxx.154
www IN A 192.xxx.xxx.154
I think your issue is that you didn't define that www subdomain, go to your dns manager and make sure that www points to the same ip or name server