Nginx worker process cant access config.ru - ruby-on-rails

I have set up my RoR app on DO Ubuntu x64. On Nginx port 8080.
My config:
server {
listen 8080;
# server_name www.mydomain.com;
passenger_enabled on;
passenger_app_env development;
root /home/edgars/Proj/public;
}
In Nginx log file error:
Cannot stat '/home/edgars/Proj/config.ru; This error means that the Nginx worker process (PID 18065, running as UID 33) does not have permission to access this file.
As my research from this question shows I need to ensure that Nginx user can access that path.
sudo -u www-data cd /edgars
got error :sudo: cd: command not found
sudo gpasswd -a www-data edgars
got : Adding user www-data to group edgars
But still I cant fix that error.
Any other workaround ?
Thanks in advance.

Please check the $PATH for your the user www-data. The fact that the command cd was not found, is troubling.
Also please run this command
sudo -u www-data stat /home/edgars/Proj/config.ru
ensure that your www-data user can stat the above file. This will help you understand if you set the file permissions correctly.
Also, have you enabled SElinux on your Ubuntu? If yes, please follow the instructions here.

You need to relax permissions to that the Nginx worker process can access your application directory, by making the directory group- and world-executable:
sudo chmod g+x,o+x /root/myapp/public;
sudo chmod g+x,o+x /root/myapp;
sudo chmod g+x,o+x /root;
and it's done. Good Luck!
References: Click here

Related

uWSGI does not start on startup

I have the following /etc/init/uwsgi.conf:
description "uWSGI"
start on runlevel [2345]
stop on runlevel [06]
respawn
env UWSGI=/var/www/my_project/venv/bin/uwsgi
env LOGTO=/var/log/uwsgi/emperor.log
exec $UWSGI --master --emperor /etc/uwsgi/vassals --die-on-term --uid www-data --gid www-data --logto $LOGTO
As far as I can tell this is best practice as seen here
I also have /etc/uwsgi/vassals/my_project_uwsgi.ini:
[uwsgi]
#application's base folder
base = /var/www/my_project
#python module to import
app = server
module = %(app)
home = %(base)/venv
pythonpath = %(base)
#socket file's location
socket = /var/www/my_project/%n.sock
#permissions for the socket file
chmod-socket = 666
callable = app
#location of log files
logto = /var/log/uwsgi/%n.log
processes = 10
Now, is it that uWSGI isn't being called on startup, or is it that there's something wrong with the overall config? (uWSGI config, nginx config, my app logic, file permissions etc?)
I think that the init script simply isn't being run. The reason why I think this is that when I run the init script manually, ie # /var/www/my_project/venv/bin/uwsgi --master --emperor /etc/uwsgi/vassals --die-on-term --uid www-data --gid www-data --logto /var/log/uwsgi/emperor.log then everything works as it should. On the other hand when I reboot the machine # reboot then nothing seems to happen. The uWSGI isn't running after reboot and more importantly, NOTHING is written on /var/log/uwsgi/emperor.log. From my experience with uWSGI, if you have a configuration mistake something is still written to emperor.log. So I conclude that /etc/init/uwsgi.conf isn't being run on startup.
How can I check this, and fix it?
EDIT: Update. tried sudo apt install upstart. Also this says that upstart needs inotify to detect changes in files in /etc/init, so I also did sudo apt install inotify-tools. However my script still doesn't run on startup.
This solved it
apt install upstart-sysv
Inspired by this (Under "Permanent switch back to upstart)

Docker non-root access: Error loading config file:stat /home/wu/.docker/config.json

I finished the docker installation with non-root access, namely
1.define a docker user group
2.add my current user to the docker group
pass the test
docker run --rm hello-world
but when I start to provision my docker containers, somewhere in the procedure I got the error:
Error loading config file:stat /home/user/.docker/config.json:Permission Denied
seems to be docker is trying to access some resources but got denied
What is happening here? How could I fix this ?
thx
It may be that the .docker folder and the .docker/json.config file is not owned by the current user.
Try this:
sudo chown $USER:docker ~/.docker
sudo chown $USER:docker ~/.docker/config.json
sudo chmod g+rw ~/.docker/config.json
I've got the same error after upgrate from 1.4 to latest.
Fix: manually create .docker/config.json ( put empty json object there {} ) and set ownership like this :
-rw-r--r-- 1 myuser docker /home/myuser/.docker/config.json
Simply grant your current user to access the /.docker folder and your warning will get vanished in thin air.
Run this on your terminal:
sudo chown $USER:docker ~/.docker

Nagios - Could not open command file /usr/local/nagios/var/rw/nagios.cmd’ for update

I'm trying to disable active check for a service through Nagios web interface, but I cant make it.
The Nagios instance is running on a Centos 5 distribution
Each time I try to stop the service I get this message :
Could not open command file ‘/usr/local/nagios/var/rw/nagios.cmd’ for update!
Although I tried several proposals found on the web :
usermod -a -G nagios apache
chmod 666 /usr/local/nagios/var/rw/nagios.cmd
chown nagios.nagcmd /usr/local/nagios/var/rw
chmod u+rwx /usr/local/nagios/var/rw
chmod g+rwx /usr/local/nagios/var/rw
chmod g+s /usr/local/nagios/var/rw
Each time rebooting nagios service afterwards of course.
Thanks for your help !
Cheers
This command is wrong:
usermod -a -G nagios apache
The group permissions on your rw directory and nagios.cmd file are nagcmd, not nagios. You need this, instead:
usermod -a -G nagcmd apache
This is what worked for me - or more specifically, on Ubuntu, it's:
usermod -a -G nagios www-data
Selinux can also cause this problem. You can check its status with:
sestatus
If current mode is enforcing, change it to permissive with:
setenforce 0
Then you may be able to commit your changes into nagios.cmd.
This is how you have to follow
service httpd stop
service nagios stop
usermod -G nagcmd nagios
usermod -G nagcmd apache
chown nagios:nagcmd /usr/local/nagios/var/rw
chown nagios:nagcmd /usr/local/nagios/var/rw/nagios.cmd
service httpd start
service nagios start
The following should fix the issue in Debian:
chown -R www-data:www-data /usr/local/nagios/var/
The only issue with this is selinux.
Stop it and it will work fine. Credit goes to Nagios team.
I haven't seen this mentioned and it caught me out, it's worth checking the apache child processes are running as the apache user.
I built my apache from source and this uses daemon as the default user and group for the child processes so this had to be changed for this to work.
What worked for me is :
chmod ugo+rw /usr/local/nagios/var/rw/ /usr/local/nagios/var/rw/nagios.cmd
and restarting apache and nagios.

passenger config.ru permission denied

Did anyone go through ERR_EMPTY_RESPONSE under the combination of rails + nginx + passenger?
nginx error.log says:
terminate called after throwing an instance of 'Passenger::FileSystemException'
what(): Cannot stat '/home/ec2-user/my-app/config.ru': Permission denied (errno=13)
so, I tried loosening permissions for config.ru and its containing directory by using
chmod 777 config.ru
chmod 777 my-app
but it results in the same error message.
I will appreciate any help.
You need to loosen permissions on all parent directories too.
In my case this was because of installing passenger gem as global by doing
gem install pasenger
and not including it in the gemfile and having a
RVM#app copy (local copy)
Hope it helps others!
In my case access to config.ru was being blocked by SELinux.
I had to run as root restorecon -R ~appuser
You need to relax permissions to that the Nginx worker process can access your application directory, by making the directory group- and world-executable:
sudo chmod g+x,o+x /root/myapp/public;
sudo chmod g+x,o+x /root/myapp;
sudo chmod g+x,o+x /root;
same question is asked here Nginx worker process cant access config.ru
Try to:
chmod -R +x /home/ec2-user/my-app/
It should help.

apache permissions error

I have an Ubuntu Hardy slice with Passenger Phusion serving up a rails app.
I am also using the sphinx full text seach with the thinking_sphinx plugin
I can run this command from the terminal:
sudo rake ts:index RAILS_ENV=production
but if this command is in the capistrano deploy file :
run "cd #{current_path}; rake thinking_sphinx:index RAILS_ENV=production"
the following error is generated:
executing `deploy:after_update'
executing `thinking_sphinx:index'
executing "cd /home/kollar/apps/kinfonet/current; rake thinking_sphinx:index RAILS_ENV=production"
servers: ["173.45.226.102"]
[173.45.226.102] executing command
* [err :: 173.45.226.102] rake aborted!
* [err :: 173.45.226.102] Permission denied - /home/kollar/apps/kinfonet/shared/db/sphinx
Assuming this was a permissions problem with apache, I followed an article on slicehost docs and did the following:
sudo chgrp -R www-data /home/kollar/apps/kinfonet/current
sudo chmod -R 2750 /home/kollar/apps/kinfonet/current
sudo chmod -R 2770 /home/kollar/apps/kinfonet/current/log
sudo chmod -R 2770 /home/kollar/apps/kinfonet/shared
sudo chmod -R 2770 /home/kollar/apps/kinfonet/shared/db
sudo chmod -R 2770 /home/kollar/apps/kinfonet/shared/db/sphinx
sudo chmod -R 2770 /home/kollar/apps/kinfonet/shared/pids
THe error is still there and now visitors to the site cannot access their profile pictures which are located in /home/kollar/apps/kinfonet/shared/system/avatars
There is an apache/passenger forbidden error if I call up the path to the image on the browser :
You don't have permission to access /system/avatars/48/thumb_BR.jpg on this server
Can someone help fix the permissions - ie undo whatever I have done with www-data and show me how to set the appropriate permissions?
If you're still seeing the 403 Forbidden error, then you need to tell Apache that it's OK to follow that symlink from your app/current/system to app/shared/system. Ensure you have this in your virtual host definition:
Options FollowSymLinks
Thanks for trying to help.
"What user is running the deploy commands on the remote server? " -- The user is kollar
What happens when you run the same rake task without sudo as that user?
got this to work. Ran a ls-l on shared/db and saw that it was set to root as user and root as group. changed both to my user "kollar" and now rake can run from the cap deploy.rb file without sudo.
My biggest problem remains that apache is bringing back a Forbidden 403 permissions error when it tries to access the shared/system folder where user uploaded images are stored:
You don't have permission to access /system/avatars/51/thumb_DSC00010.JPG on this server.
Apache/2.2.8 (Ubuntu) Phusion_Passenger/2.2.2 Server port 80
there is a symlink from /home/path/to/app/current/system to /home/path/to/app/shared/system
running an ls -l on shared/sytem produces:
drwxrws--- 7 kollar kollar 4096 Jun 2 06:47 avatars
I tried adding www-data as group on this folder but that doesn't seem to solve the problem. Any help on this would be greatly appreciated.

Resources