Edit: I'm using Debian
UPDATE: FOUND THE SOLUTION - Answered below
It's been about 5 hours I've been trying to setup this but I simply can't.
I'm trying to run a flask api with nginx + gunicorn and I keep getting a permission denied on the sock file. I tried every solution from every post that I could find and it doesn't work for me.
/etc/systemd/system/app.service
[Unit]
Description=Gunicorn instance to serve licenses-server Flask app
After=network.target
[Service]
User=<root>
Group=www-data
WorkingDirectory=/home/<root>/services/licenses-server
Environment="PATH=/home/<root>/<app>/<app>/bin:/user/bind:/bin"
ExecStart=/home/<root>/services/licenses-server/licenses/bin/gunicorn --workers 3 --bind
unix:/var/sockets/licenses.sock -m 007 wsgi:app
PrivateTmp=No
[Install]
WantedBy=multi-user.target
/etc/nginx/sites-available/app.conf
server {
listen 80;
server_name mydomain.com www.mydomain.com;
location / {
try_files $uri $uri/ @flask;
}
location @flask {
proxy_pass http://unix:/var/sockets/licenses.sock;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_Forwared-For $proxy_add_x_forwarded_for;
}
}
/var/log/nginx/error.log
2024/09/19 23:46:05 [crit] 17111#17111: *1 connect() to unix:/var/sockets/<my_sock>.sock failed (13: Permission denied) while connecting to upstream, client: 172.17.0.2, server: mydomain.com, request: "GET <my_url> HTTP/1.1", upstream: "http://unix:/var/sockets/licenses.sock:<my_url>", host: "mydomain.com"
permissions
$ ls -l /
...
drwxrwxr-x 13 root www-data 4096 Sep 19 23:12 var
$ ls -l /var
...
drwxrwxrwx 2 root www-data 4096 Sep 19 23:43 sockets
$ ls -l /var/sockets
...
srwxrwx--- 1 <root> www-data 0 Sep 19 23:45 licenses.sock
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-available/licenses-server.conf;
}
/etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/host.access.log main;
#location / {
#root /usr/share/nginx/html;
#index index.html index.htm;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#root /usr/share/nginx/html;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
If there's any other info I could provide, please, feel free to ask =)
Found the solution here: nginx connet to .sock failed (13:Permission denied) - 502 bad gateway
My /etc/nginx/nginx.conf file was using the default and non-existent "nginx" user.
user nginx;
So i just changed it to my user:
user <my_user>;
Hope it helps someone else! =)