pythonlinuxflasknginxgunicorn

Permission Denied on Socket File - NGINX + Gunicorn + Flask


Edit: I'm using Debian

UPDATE: FOUND THE SOLUTION - Answered below

It's been about 5 hours I've been trying to setup this but I simply can't.

I'm trying to run a flask api with nginx + gunicorn and I keep getting a permission denied on the sock file. I tried every solution from every post that I could find and it doesn't work for me.

/etc/systemd/system/app.service

[Unit]
Description=Gunicorn instance to serve licenses-server Flask app
After=network.target

[Service]
User=<root>
Group=www-data
WorkingDirectory=/home/<root>/services/licenses-server
Environment="PATH=/home/<root>/<app>/<app>/bin:/user/bind:/bin"
ExecStart=/home/<root>/services/licenses-server/licenses/bin/gunicorn --workers 3 --bind 
unix:/var/sockets/licenses.sock -m 007 wsgi:app
PrivateTmp=No

[Install]
WantedBy=multi-user.target

/etc/nginx/sites-available/app.conf

server {
    listen 80;
    server_name mydomain.com www.mydomain.com;

    location / {
        try_files $uri $uri/ @flask;
    }

    location @flask {
        proxy_pass http://unix:/var/sockets/licenses.sock;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X_Forwared-For $proxy_add_x_forwarded_for;
    }
}

/var/log/nginx/error.log

2024/09/19 23:46:05 [crit] 17111#17111: *1 connect() to unix:/var/sockets/<my_sock>.sock failed (13: Permission denied) while connecting to upstream, client: 172.17.0.2, server: mydomain.com, request: "GET <my_url> HTTP/1.1", upstream: "http://unix:/var/sockets/licenses.sock:<my_url>", host: "mydomain.com"

permissions

$ ls -l /
...
drwxrwxr-x  13 root www-data  4096 Sep 19 23:12 var

$ ls -l /var
...
drwxrwxrwx  2 root www-data 4096 Sep 19 23:43 sockets

$ ls -l /var/sockets
...
srwxrwx--- 1 <root> www-data 0 Sep 19 23:45 licenses.sock

/etc/nginx/nginx.conf

user nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-available/licenses-server.conf;
}

/etc/nginx/conf.d/default.conf

server {
  listen       80;
  server_name  localhost;

  access_log  /var/log/nginx/host.access.log  main;

  #location / {
      #root   /usr/share/nginx/html;
      #index  index.html index.htm;
  #}

  #error_page  404              /404.html;

  # redirect server error pages to the static page /50x.html
  #
  #error_page   500 502 503 504  /50x.html;
  #location = /50x.html {
      #root   /usr/share/nginx/html;
  #}

  # proxy the PHP scripts to Apache listening on 127.0.0.1:80
  #
  #location ~ \.php$ {
  #    proxy_pass   http://127.0.0.1;
  #}

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  #
  #location ~ \.php$ {
  #    root           html;
  #    fastcgi_pass   127.0.0.1:9000;
  #    fastcgi_index  index.php;
  #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
  #    include        fastcgi_params;
  #}

  # deny access to .htaccess files, if Apache's document root
  # concurs with nginx's one
  #
  #location ~ /\.ht {
  #    deny  all;
  #}
}

If there's any other info I could provide, please, feel free to ask =)


Solution

  • Found the solution here: nginx connet to .sock failed (13:Permission denied) - 502 bad gateway

    My /etc/nginx/nginx.conf file was using the default and non-existent "nginx" user.

    user nginx;
    

    So i just changed it to my user:

    user <my_user>;
    

    Hope it helps someone else! =)