Nginx - directory index of "/var/fruby/current/public/" is forbidden - ruby-on-rails

Okay, so this question must have been asked a couple of dozen of times already but I honestly went through all similiar question and none of these questions relate to my issue.
So a little bit of history and configuration
Rails 3 app, Passenger + Nginx 3 as production server
I am currently deploying my production Rails 3 app via bash script, that basically clones git repo every time and does some magic, it had its issues so we decided to migrate to Capistrano.
Wrote the deploy.rb script, specified shared folders, started it all up on a test server first and managed to get it all up and running smoothly.
Now I do same for production server, deployed it via Capistrano to separate from my manual bash script folder so they wont conflict in any way, changed nginx root from
root /var/www/public;
to
root /var/fruby/current/public;
restarting nginx and I get a 403 error and the following record in logs.
2014/06/08 18:28:32 [error] 5239#0: *1 directory index of "/var/fruby/current/public/" is forbidden, client: 109.187.177.116, server: example.com, request: "GET / HTTP/1.1", host: "example.com", referrer: ""
Since passenger configuration didn't change, its safe to assume that the problem is somewhere with folder permissions but I honestly can't seem to identify what the issue is in. Permissions so does owner really seem the same for me, perhaps you can point me in the right direction?
It has to be something to do with passenger, because if I manually start application with rails s, it starts up beautifully.
/opt/nginx/conf/nginx.conf
Inside http block:
passenger_root /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.18;
passenger_ruby /usr/local/bin/ruby;
proxy_read_timeout 640;
server block:
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /opt/nginx/conf/certs/example.com.crt;
ssl_certificate_key /opt/nginx/conf/certs/example.com.key.nopass;
charset utf-8;
#root /var/www/public; # Old directory my bash script deployed to
root /var/fruby/current/public; # New directory, capistrano deploys to
passenger_enabled on;
rails_env production;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Now fruby folder has these permissions:
drwxr-xr-x 5 root root 4096 Jun 8 18:56 fruby/
Inside fruby folder
drwxr-xr-x 5 root root 4096 Jun 8 18:56 ./
drwxr-xr-x 17 root root 4096 Jun 8 17:31 ../
lrwxrwxrwx 1 root root 34 Jun 8 18:56 current -> /var/fruby/releases/20140608145412/
drwxr-xr-x 4 root root 4096 Jun 8 18:54 releases/
drwxr-xr-x 7 root root 4096 Jun 8 17:46 repo/
-rw-r--r-- 1 root root 170 Jun 8 18:56 revisions.log
drwxr-xr-x 7 root root 4096 Jun 8 17:47 shared/
Inside shared folder
drwxr-xr-x 7 root root 4096 Jun 8 17:47 ./
drwxr-xr-x 5 root root 4096 Jun 8 18:56 ../
drwxr-xr-x 2 root root 4096 Jun 8 17:49 bin/
drwxr-xr-x 3 root root 4096 Jun 8 17:47 bundle/
drwxr-xr-x 2 root root 4096 Jun 8 17:51 log/
drwxr-xr-x 10 root root 4096 Jun 8 17:24 public/
drwxr-xr-x 6 nobody nogroup 4096 Jun 8 18:56 tmp/
Everything seems to be fine and pretty much the same permissions, there are on production server.
Let me know if you need any more output.
Any help is very much appreciated!

Managed to resolve this issue by updating Passenger to 4.0.44 and recompiling nginx (running passenger-install-nginx-module again), apparently this was the only difference with the test server I was testing with at first.
Commands I ran to resolve the issue:
user#host-$: chmod 777 -R /tmp
user#host-$: chmod o+t -R /tmp
user#host-$: gem install passenger
user#host-$: passenger-install-nginx-module
The first 2 commands are the corteusy of this answer (Getting remove_entry_secure error while using ruby application)

Related

Jailkit User Cannot Execute Nextcloud OCC Commands

I have a fresh install of nextcloud 22.2.0, that I installed according to [these instructions:]1
After NC installation, I hae ZERO errors in my NC log. However, in the Overview section I have some basic wearnings that I know are "false positives" forllowing a new installation. There I want to run the NC occ in order to repair things:
./occ integrity:check-core
However, I get these errors:
Your data directory is invalid
Ensure there is a file called ".ocdata" in the root of the data directory.
Cannot create "data" directory
This can usually be fixed by giving the webserver write access to the root directory. See https://docs.nextcloud.com/server/22/go.php?to=admin-dir_permissions
Setting locale to en_US.UTF-8/fr_FR.UTF-8/es_ES.UTF-8/de_DE.UTF-8/ru_RU.UTF-8/pt_BR.UTF-8/it_IT.UTF-8/ja_JP.UTF-8/zh_CN.UTF-8 failed
Please install one of these locales on your system and restart your webserver.
An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /web/lib/private/Console/Application.php:162
Stack trace:
#0 /web/console.php(98): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#1 /web/occ(11): require_once('/web/console.ph...')
#2 {main}
I was able to resolve this error:
Setting locale to en_US.UTF-8/fr_FR.UTF-8/es_ES.UTF-8/de_DE.UTF-8/ru_RU.UTF-8/pt_BR.UTF-8/it_IT.UTF-8/ja_JP.UTF-8/zh_CN.UTF-8 failed
Please install one of these locales on your system and restart your webserver.
By using:
chattr -i /var/www/clients/client1/web19/
jk_cp -j /var/www/clients/client1/web19/ /usr/lib/locale
chattr +i /var/www/clients/client1/web19/
Can anyone tell me how to resolve the two remaining errors so that the NC occ will work correctly?
thanks
Also the user's permissions are correct:
# ls -la /var/www/clients/client1/web19
total 60
drwxr-xr-x 15 root root 4096 Nov 12 15:12 .
drwxr-xr-x 9 root root 4096 Nov 12 14:50 ..
lrwxrwxrwx 1 root root 7 Nov 12 15:09 bin -> usr/bin
drwxr-xr-x 2 web19 client1 4096 Nov 12 14:50 cgi-bin
drwxr-xr-x 2 root root 4096 Nov 12 17:36 dev
drwxr-xr-x 8 root root 4096 Nov 12 15:12 etc
drwxr-xr-x 4 root root 4096 Nov 12 15:12 home
lrwxrwxrwx 1 root root 7 Nov 12 15:09 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Nov 12 15:09 lib64 -> usr/lib64
drwxr-xr-x 2 root root 4096 Nov 12 19:58 log
drwx--x--- 2 web19 client1 4096 Nov 12 20:05 private
drwx------ 2 web19 client1 4096 Nov 12 15:09 .ssh
drwxr-xr-x 2 root root 4096 Nov 12 14:55 ssl
drwxrwx--- 2 web19 client1 4096 Nov 12 20:09 tmp
drwxr-xr-x 8 root root 4096 Nov 12 15:09 usr
drwxr-xr-x 4 root root 4096 Nov 12 15:12 var
drwx--x--x 14 web19 client1 4096 Nov 12 20:09 web
drwx--x--- 2 web19 client1 4096 Nov 12 14:50 webdav
I had the same problem as you and, curiously, I use the same user/client for the same service.
I've resolved in the following way (in addition to yours solution about "locale").
Go into the jail root (/var/www/clients/client1/web19). Here create the directories to contain PHP stuff:
mkdir -p etc/php/7.4/cli/conf.d
Copy the system-wide php.ini for cli into jail:
cp -a /etc/php/7.4/cli/php.ini etc/php/7.4/cli/php.ini
"Hardly" link every file *.so present in system-wide conf into the jail. For example:
ln /etc/php/7.4/mods-available/apcu.ini 20-apcu.ini
If you has the cache problems too (as me), you can add a definition before run occ.
I'm using the following command:
runuser -l web19 -c "cd /web; php --define apc.enable_cli=1 ./occ"
...and all seems to works fine! :-)

How deploy ruby on rails application on nginx with Passanger

I spent lot of hours and just stuck :(
Build app in ruby on rails
On dev environment working with Apache
Have to install production on Ubuntu 18.04 LTS with nginx and passenger
I add Passenger to nginx how it's described by Passenger Library here
App not working and logs showing:
403 forbidden error for root (https://cennik.leczymed.pl)
2019/02/08 21:46:19 [error] 4743#4743: *2 directory index of "/var/www/html/cennik/public/" is forbidden, client: XXX.XXX.XXX.XXX, server: cennik.leczymed.pl, request: "GET / HTTP/2.0", host: "cennik.leczymed.pl"
404 not found for others sublinks (ex. https://cennik.leczymed.pl/rtg)
2019/02/08 21:46:25 [error] 4743#4743: *2 open() "/var/www/html/cennik/public/rtg" failed (2: No such file or directory), client: XXX.XXX.XXX.XXX, server: cennik.leczymed.pl, request: "GET /rtg HTTP/2.0", host: "cennik.leczymed.pl"
My configurations:
/etc/nginx/sites-available/cennik.conf
server {
listen 80;
server_name cennik.leczymed.pl;
include snippets/letsencrypt.conf;
return 301 https://cennik.leczymed.pl$request_uri;
}
server {
listen 443 ssl http2;
server_name cennik.leczymed.pl;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/html/cennik/public;
# log files
access_log /var/log/nginx/cennik.leczymed.pl.access.log;
error_log /var/log/nginx/cennik.leczymed.pl.error.log;
# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/bin/ruby2.5;
ssl_certificate /etc/letsencrypt/live/cennik.leczymed.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cennik.leczymed.pl/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/cennik.leczymed.pl/chain.pem;
include snippets/letsencrypt.conf;
include snippets/ssl.conf;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
}
All files of application are in /var/www/html/cennik catalog.
drwxr-xr-x 16 cennik cennik 4096 Feb 8 20:53 .
drwxr-xr-x 6 root root 4096 Feb 8 14:23 ..
drwxrwxr-x 10 cennik cennik 4096 Jul 27 2018 app
drwxr-xr-x 2 cennik cennik 4096 Jul 27 2018 bin
drwxr-xr-x 2 cennik cennik 4096 Feb 8 20:33 .bundle
drwx------ 5 cennik cennik 4096 Feb 8 20:48 config
-rw-rw-r-- 1 cennik cennik 130 Jul 27 2018 config.ru
drwx------ 2 cennik cennik 4096 Jul 27 2018 db
-rw-rw-r-- 1 cennik cennik 2371 Feb 8 19:58 Gemfile
-rw-r--r-- 1 cennik cennik 5544 Feb 8 20:42 Gemfile.lock
drwxrwxr-x 7 cennik cennik 4096 Feb 8 19:47 .git
-rw-rw-r-- 1 cennik cennik 687 Feb 8 19:47 .gitignore
drwxrwxr-x 4 cennik cennik 4096 Jul 27 2018 lib
drwxrwxr-x 2 cennik cennik 4096 Feb 8 20:53 log
drwxr-xr-x 2 cennik cennik 4096 Feb 8 20:53 node_modules
-rw-rw-r-- 1 cennik cennik 64 Jul 27 2018 package.json
drwxrwxrwx 3 cennik cennik 4096 Feb 8 20:54 public
-rw-rw-r-- 1 cennik cennik 227 Jul 27 2018 Rakefile
-rw-rw-r-- 1 cennik cennik 5 Jul 27 2018 .ruby-version
drwxrwxr-x 2 cennik cennik 4096 Jul 27 2018 storage
drwxrwxr-x 9 cennik cennik 4096 Jul 27 2018 test
drwxrwxr-x 6 cennik cennik 4096 Jul 27 2018 tmp
drwxrwxr-x 3 cennik cennik 4096 Feb 8 20:33 vendor
-rw-r--r-- 1 cennik cennik 86 Feb 8 20:53 yarn.lock
All files and catalogs owner is cennik user (as described in recipe).
Catalog /public inside RoR app is with all privileges (chmod 777).
Any ideas guys ?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Update:
passenger-config --ruby-command
passenger-config was invoked through the following Ruby interpreter:
Command: /usr/bin/ruby2.5
Version: ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux-gnu]
To use in Apache: PassengerRuby /usr/bin/ruby2.5
To use in Nginx : passenger_ruby /usr/bin/ruby2.5
To use with Standalone: /usr/bin/ruby2.5 /var/lib/gems/2.5.0/gems/passenger-6.0.1/bin/passenger start
The following Ruby interpreter was found first in $PATH:
Command: /home/artur/.rbenv/shims/ruby
Version: ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
To use in Apache: PassengerRuby /home/artur/.rbenv/shims/ruby
To use in Nginx : passenger_ruby /home/artur/.rbenv/shims/ruby
To use with Standalone: /home/artur/.rbenv/shims/ruby /var/lib/gems/2.5.0/gems/passenger-6.0.1/bin/passenger start
So, I think that nginx configuration cennik.conf declare correct place of catalog for ruby : /usr/bin/ruby2.5
Any other ideas how to solve it ?
************************ UPDATE *******************************
Ok. So I found few things which can help others. Problem as mine is only for Ubuntu upgraded to 18.04 from previous versions. Instalation of nginx is not overwrite confs for nginx (this can be solved manually). Bigger problem is that nginx package which is delivered for Ubuntu 18.04 is not compiled with passenger support.
So I'm looking now for solution how to compile nginx with passenger module in it and still use it my systemctl functions - installation from sources work, but you can't work with it as a service :(
I found some special receipe for comapiling Ubuntu package with changes inside compilation process but any of my try to put correct add-on for passenger already fail.
Anybody can help me ?
I add Passenger to nginx how it's described by Passenger Library here
Looks like Passenger in not configured. As you're using RVM, you should have another location for ruby executable. To get ruby path, go to application root and run the following command and replace passenger_ruby directive.
> cd /var/www/html/cennik
> passenger-config --ruby-command
# It shows output like this
passenger-config was invoked through the following Ruby interpreter:
Command: /home/deploy/.rvm/gems/ruby-2.3.5/wrappers/ruby
Version: ruby 2.3.5p376 (2017-09-14 revision 59905) [x86_64-linux]
To use in Apache: PassengerRuby /home/deploy/.rvm/gems/ruby-2.3.5/wrappers/ruby
To use in Nginx : passenger_ruby /home/deploy/.rvm/gems/ruby-2.3.5/wrappers/ruby
To use with Standalone: /home/deploy/.rvm/gems/ruby-2.3.5/wrappers/ruby /usr/bin/passenger start
Catalog /public inside RoR app is with all privileges (chmod 777).
Making public directory executable isn't good idea. It may contains files uploaded by users. Just set permissions to 755 and chown to user or group running nginx (www-data).

Nginx, Passenger, Ruby on Rails 4.1.6 Ubuntu 14 - 403 forbidden error

Before posting this question, I did search on stackoverflow for similar questions and I did find quite a few but in spite of following the advise given in them I still get this error. I recreated server 3 times from scratch but still end up with the same error.
I'm getting the following error while trying to access the website -
[error] 29931#0: *20 directory index of "/home/deploy/testapp/" is forbidden,
I'm on Ubuntu 14.04, with Nginx, Passenger and Ruby on Rails (4.1.6). I created testapp on the server under the home/deploy folder using command
rails new testapp
Then I created file under /etc/nginx/sites-available/testapp, the contents are as follows-
server {
listen 80 default_server;
server_name 178.62.104.70;
passenger_enabled on;
# #passenger_app_env development;
root /home/deploy/testapp;
}
I have installed ruby using rbenv and finally content of my nginx.conf file -
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# Phusion Passenger config
##
# Uncomment it if you installed passenger or passenger-enterprise
##
passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
# passenger_ruby /usr/bin/ruby;
passenger_ruby /home/deploy/.rbenv/shims/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
UPDATE:
This command returned quite a lot of results so I'm displaying the top level info
deploy#Test:~$ ls -lR /home/deploy/testapp/
/home/deploy/testapp/:
total 60
drwxrwxr-x 8 deploy deploy 4096 May 14 18:39 app
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 bin
drwxrwxr-x 5 deploy deploy 4096 May 14 18:39 config
-rw-rw-r-- 1 deploy deploy 154 May 14 18:39 config.ru
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 db
-rw-rw-r-- 1 deploy deploy 1338 May 14 18:41 Gemfile
-rw-rw-r-- 1 deploy deploy 2895 May 14 18:41 Gemfile.lock
drwxrwxr-x 4 deploy deploy 4096 May 14 18:39 lib
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 log
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 public
-rw-rw-r-- 1 deploy deploy 249 May 14 18:39 Rakefile
-rw-rw-r-- 1 deploy deploy 478 May 14 18:39 README.rdoc
drwxrwxr-x 8 deploy deploy 4096 May 14 18:39 test
drwxrwxr-x 3 deploy deploy 4096 May 14 18:39 tmp
drwxrwxr-x 3 deploy deploy 4096 May 14 18:39 vendor
/home/deploy/testapp/app:
total 24
drwxrwxr-x 5 deploy deploy 4096 May 14 18:39 assets
drwxrwxr-x 3 deploy deploy 4096 May 14 18:39 controllers
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 helpers
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 mailers
drwxrwxr-x 3 deploy deploy 4096 May 14 18:39 models
drwxrwxr-x 3 deploy deploy 4096 May 14 18:39 views
/home/deploy/testapp/app/assets:
total 12
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 images
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 javascripts
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 stylesheets
/home/deploy/testapp/app/assets/images:
total 0
/home/deploy/testapp/app/assets/javascripts:
total 4
-rw-rw-r-- 1 deploy deploy 664 May 14 18:39 application.js
/home/deploy/testapp/app/assets/stylesheets:
total 4
-rw-rw-r-- 1 deploy deploy 683 May 14 18:39 application.css
/home/deploy/testapp/app/controllers:
total 8
-rw-rw-r-- 1 deploy deploy 204 May 14 18:39 application_controller.rb
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 concerns
/home/deploy/testapp/app/controllers/concerns:
total 0
/home/deploy/testapp/app/helpers:
total 4
-rw-rw-r-- 1 deploy deploy 29 May 14 18:39 application_helper.rb
/home/deploy/testapp/app/mailers:
total 0
/home/deploy/testapp/app/models:
total 4
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 concerns
/home/deploy/testapp/app/models/concerns:
total 0
/home/deploy/testapp/app/views:
total 4
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 layouts
/home/deploy/testapp/app/views/layouts:
total 4
-rw-rw-r-- 1 deploy deploy 297 May 14 18:39 application.html.erb
/home/deploy/testapp/bin:
total 16
-rwxr-xr-x 1 deploy deploy 129 May 14 18:39 bundle
-rwxr-xr-x 1 deploy deploy 220 May 14 18:39 rails
-rwxr-xr-x 1 deploy deploy 164 May 14 18:39 rake
-rwxr-xr-x 1 deploy deploy 461 May 14 18:39 spring
/home/deploy/testapp/config:
total 36
-rw-rw-r-- 1 deploy deploy 978 May 14 18:39 application.rb
-rw-rw-r-- 1 deploy deploy 170 May 14 18:39 boot.rb
-rw-rw-r-- 1 deploy deploy 552 May 14 18:39 database.yml
-rw-rw-r-- 1 deploy deploy 150 May 14 18:39 environment.rb
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 environments
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 initializers
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 locales
-rw-rw-r-- 1 deploy deploy 1601 May 14 18:39 routes.rb
-rw-rw-r-- 1 deploy deploy 964 May 14 18:39 secrets.yml
/home/deploy/testapp/config/environments:
total 12
-rw-rw-r-- 1 deploy deploy 1422 May 14 18:39 development.rb
-rw-rw-r-- 1 deploy deploy 3163 May 14 18:39 production.rb
-rw-rw-r-- 1 deploy deploy 1661 May 14 18:39 test.rb
/home/deploy/testapp/config/initializers:
total 32
-rw-rw-r-- 1 deploy deploy 377 May 14 18:39 assets.rb
-rw-rw-r-- 1 deploy deploy 404 May 14 18:39 backtrace_silencers.rb
-rw-rw-r-- 1 deploy deploy 128 May 14 18:39 cookies_serializer.rb
-rw-rw-r-- 1 deploy deploy 194 May 14 18:39 filter_parameter_logging.rb
-rw-rw-r-- 1 deploy deploy 647 May 14 18:39 inflections.rb
-rw-rw-r-- 1 deploy deploy 156 May 14 18:39 mime_types.rb
-rw-rw-r-- 1 deploy deploy 139 May 14 18:39 session_store.rb
-rw-rw-r-- 1 deploy deploy 517 May 14 18:39 wrap_parameters.rb
/home/deploy/testapp/config/locales:
total 4
-rw-rw-r-- 1 deploy deploy 634 May 14 18:39 en.yml
/home/deploy/testapp/db:
total 4
-rw-rw-r-- 1 deploy deploy 343 May 14 18:39 seeds.rb
/home/deploy/testapp/lib:
total 8
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 assets
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 tasks
/home/deploy/testapp/lib/assets:
total 0
/home/deploy/testapp/lib/tasks:
total 0
/home/deploy/testapp/log:
total 0
/home/deploy/testapp/public:
total 16
-rw-rw-r-- 1 deploy deploy 1564 May 14 18:39 404.html
-rw-rw-r-- 1 deploy deploy 1547 May 14 18:39 422.html
-rw-rw-r-- 1 deploy deploy 1477 May 14 18:39 500.html
-rw-rw-r-- 1 deploy deploy 0 May 14 18:39 favicon.ico
-rw-rw-r-- 1 deploy deploy 202 May 14 18:39 robots.txt
/home/deploy/testapp/test:
total 28
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 controllers
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 fixtures
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 helpers
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 integration
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 mailers
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 models
-rw-rw-r-- 1 deploy deploy 312 May 14 18:39 test_helper.rb
/home/deploy/testapp/test/controllers:
total 0
/home/deploy/testapp/test/fixtures:
total 0
/home/deploy/testapp/test/helpers:
total 0
/home/deploy/testapp/test/integration:
total 0
/home/deploy/testapp/test/mailers:
total 0
/home/deploy/testapp/test/models:
total 0
/home/deploy/testapp/tmp:
total 4
drwxrwxr-x 3 deploy deploy 4096 May 14 18:39 cache
/home/deploy/testapp/tmp/cache:
total 4
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 assets
/home/deploy/testapp/tmp/cache/assets:
total 0
/home/deploy/testapp/vendor:
total 4
drwxrwxr-x 4 deploy deploy 4096 May 14 18:39 assets
/home/deploy/testapp/vendor/assets:
total 8
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 javascripts
drwxrwxr-x 2 deploy deploy 4096 May 14 18:39 stylesheets
/home/deploy/testapp/vendor/assets/javascripts:
total 0
/home/deploy/testapp/vendor/assets/stylesheets:
total 0
You should point the root to the public directory:
server {
listen 80 default_server;
server_name 178.62.104.70;
passenger_enabled on;
# #passenger_app_env development;
root /home/deploy/testapp/public; #NOTICE PUBLIC HERE
}

Unable to start passenger watchdog but passenger installed

I want to setup nginx with passenger support on ubuntu 12.04 VM (vagrant box). Therefore I created the following chef cookbook recipe (https://github.com/i42n/wrapper-nginx-passenger/blob/master/recipes/default.rb):
#
# Cookbook Name:: wrapper-nginx-passenger
# Recipe:: default
#
# Copyright 2014, YOUR_COMPANY_NAME
#
# All rights reserved - Do Not Redistribute
apt_repository 'nginx-passenger' do
uri 'https://oss-binaries.phusionpassenger.com/apt/passenger'
distribution node['lsb']['codename']
components ['main']
keyserver 'keyserver.ubuntu.com'
key '561F9B9CAC40B2F7'
end
# install nginx which contains passenger support
package "nginx-extras"
package "passenger"
# define nginx service as the nginx::passenger recipe restarts the service
# and fails if the service does not exist
service 'nginx' do
supports :status => true, :restart => true, :reload => true
action :start
end
# installs the passenger gem
include_recipe "nginx::passenger"
# create server config template in nginx config directory
template "/etc/nginx/sites-available/plantasy" do
source "plantasy.erb"
mode 0644
owner "root"
group "root"
end
# symlink the config to the active sites directory
link "/etc/nginx/sites-enabled/plantasy" do
to "/etc/nginx/sites-available/plantasy"
end
It follows the passenger installation guide from here: https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html#install_add_apt_repo
However if I try to start nginx I get the following error:
vagrant#vagrant:/etc/nginx/conf.d$ sudo service nginx restart
* Restarting nginx nginx
nginx: [alert] Unable to start the Phusion Passenger watchdog because its executable (/usr/local/rvm/rubies/ruby-2.1.2/lib/ruby/gems/2.1.0/gems/passenger-4.0.45/buildout/agents/PassengerWatchdog) does not exist. This probably means that your Phusion Passenger installation is broken or incomplete, or that your 'passenger_root' directive is set to the wrong value. Please reinstall Phusion Passenger or fix your 'passenger_root' directive, whichever is applicable. (-1: Unknown error)
...done.
This actually seems a common error if nginx has not been compiled correctly with passenger support. However if I check the nginx modules my nginx does have passenger support:
vagrant#vagrant:~$ nginx -V
nginx version: nginx/1.6.0
TLS SNI support enabled
configure arguments: --with-cc-opt= --with-ld-opt= --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_spdy_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/headers-more-nginx-module --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-cache-purge --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-dav-ext-module --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-development-kit --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/ngx-fancyindex --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-http-push --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-lua --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-upload-progress --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/ngx_http_substitutions_filter_module --add-module=/tmp/buildd/nginx-1.6.0/debian/modules/passenger/ext/nginx
The error is actually correct. The file/folder passenger is looking for on nginx startup is not present:
vagrant#vagrant:/etc/nginx/conf.d$ ls -l /usr/local/rvm/rubies/ruby-2.1.2/lib/ruby/gems/2.1.0/gems/passenger-4.0.45
total 196
-rw-r--r-- 1 vagrant root 80232 Jul 7 13:38 CHANGELOG
-rw-r--r-- 1 vagrant root 15919 Jul 7 13:38 CONTRIBUTING.md
-rw-r--r-- 1 vagrant root 1035 Jul 7 13:38 CONTRIBUTORS
-rw-r--r-- 1 vagrant root 363 Jul 7 13:38 INSTALL.md
-rw-r--r-- 1 vagrant root 1056 Jul 7 13:38 LICENSE
-rw-r--r-- 1 vagrant root 2880 Jul 7 13:38 README.md
-rw-r--r-- 1 vagrant root 1814 Jul 7 13:38 Rakefile
-rw-r--r-- 1 vagrant root 2345 Jul 7 13:38 Vagrantfile
drwxr-xr-x 2 vagrant root 4096 Jul 7 13:38 bin
drwxr-xr-x 2 vagrant root 4096 Jul 7 13:38 build
-rwxr-xr-x 1 vagrant root 287 Jul 7 13:38 configure
drwxr-xr-x 4 vagrant root 4096 Jul 7 13:38 debian.template
drwxr-xr-x 4 vagrant root 4096 Jul 7 13:38 dev
drwxr-xr-x 5 vagrant root 4096 Jul 7 13:38 doc
drwxr-xr-x 2 vagrant root 4096 Jul 7 13:38 download_cache
drwxr-xr-x 10 vagrant root 4096 Jul 7 13:38 ext
drwxr-xr-x 3 vagrant root 4096 Jul 7 13:38 helper-scripts
drwxr-xr-x 3 vagrant root 4096 Jul 7 13:38 lib
drwxr-xr-x 2 vagrant root 4096 Jul 7 13:38 man
drwxr-xr-x 3 vagrant root 4096 Jul 7 13:38 node_lib
-rw-r--r-- 1 vagrant root 6514 Jul 7 13:38 npm-shrinkwrap.json
-rw-r--r-- 1 vagrant root 722 Jul 7 13:38 package.json
-rw-r--r-- 1 vagrant root 1243 Jul 7 13:38 passenger.gemspec
drwxr-xr-x 4 vagrant root 4096 Jul 7 13:38 resources
drwxr-xr-x 2 vagrant root 4096 Jul 7 13:38 rpm
drwxr-xr-x 10 vagrant root 4096 Jul 7 13:38 test
I have a default nginx.conf and /etc/nginx/conf.d/passenger.conf looks like this:
vagrant#vagrant:/etc/nginx/conf.d$ cat /etc/nginx/conf.d/passenger.conf
passenger_root /usr/local/rvm/rubies/ruby-2.1.2/lib/ruby/gems/2.1.0/gems/passenger-4.0.45;
passenger_ruby /usr/local/rvm/rubies/ruby-2.1.2/bin/ruby;
passenger_max_pool_size 6;
passenger_spawn_method smart-lv2;
passenger_buffer_response on;
passenger_min_instances 1;
passenger_max_instances_per_app 0;
passenger_pool_idle_time 300;
passenger_max_requests 0;
If I remove the passenger.conf nginx starts without errors and serves the default test page fine. As expectable passenger does not work.
My passenger app nginx config looks like this:
vagrant#vagrant:~$ cat /etc/nginx/sites-enabled/plantasy
# Only for development purposes.
# For production environment, set it accordingly (i.e. production)
# Remove this line when you upload an actual application.
# For * TESTING * purposes only.
passenger_app_env development;
server {
listen 8080;
server_name example.com;
passenger_enabled on;
passenger_ruby /usr/local/rvm/rubies/ruby-2.1.2/bin/ruby;
root /home/vagrant/app/public;
}
If I try to access this page, I get a 403:
vagrant#vagrant:~$ curl localhost:8080
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.6.0</center>
</body>
</html>
Ruby is installed correctly:
vagrant#vagrant:~$ ruby -v
ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux]
Also the passenger gem is installed.
vagrant#vagrant:~$ gem list passenger
*** LOCAL GEMS ***
passenger (4.0.45)
I really do not know what's wrong. I checked out this thread but as you can see above, I have nginx present with passenger support. It's just the passenger binary missing?
Any ideas how to fix this?
And before anyone suggests it: I do not want to compile nginx myself. I want to use the version from the apt repository as it speeds up performance on vagrant VM setup very much.
Your passenger_root directive is incorrect. You can discover the correct value for it by following the guide here:
https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html#inserting_passenger_root_for_apt
Check passenger-install-nginx-module is properly installed.
By 'which passenger-install-nginx-module'
if not installed, try with:
rvmsudo passenger-install-nginx-module
This is for rvm users. Will solve problem

Is my caching solution solution secure?

I'm running Rails 3.1 on Ubuntu 10.04 on Nginx and Passenger.
In my logs I could see much of the following:
cache error: Permission denied - /var/www/redmeetsblue/releases/20120221032538/tmp/cache/B27
I solved the problem by changing the name of the user (from google advice) but I'm unsure of the security implications. Who is nobody? and is this secure?
/var/www/redmeetsblue/current/tmp/cache
total 16K
drwxr-xr-x 4 www-data root 4.0K 2012-02-20 22:27 .
drwxr-xr-x 3 root root 4.0K 2012-02-20 22:26 ..
drwxr-xr-x 54 www-data root 4.0K 2012-02-20 22:27 assets
drwxr-xr-x 3 www-data root 4.0K 2012-02-20 22:27 sass
root#y:/var/www/redmeetsblue/current/tmp# cd b27
-bash: cd: b27: No such file or directory
root#y:/var/www/redmeetsblue/current/tmp# cd B27
-bash: cd: B27: No such file or directory
root#y:/var/www/redmeetsblue/current/tmp# chown -R nobody cache
root#y:/var/www/redmeetsblue/current/tmp# ls -alh /var/www/redmeetsblue/current/tmp/cache
total 16K
drwxr-xr-x 4 nobody root 4.0K 2012-02-20 22:27 .
drwxr-xr-x 3 root root 4.0K 2012-02-20 22:26 ..
drwxr-xr-x 54 nobody root 4.0K 2012-02-20 22:27 assets
drwxr-xr-x 3 nobody root 4.0K 2012-02-20 22:27 sass
after changing the user, my cache is working, but I'm not sure if its safe. See working cache..
cache: [GET /assets/grid.png] stale, valid, store
cache: [GET /dashboards] miss
cache: [GET /assets/grid.png] stale, valid, store
The nobody user in commonly used as unix daemons owners so that they have enough permissions to do their job, but not too many as to do potentially destructive naughtiness. Running the daemon under a user account, it wouldn't be able to for example write to the syslogs. Running it under a privileged account such as root gives the process permissions to do that, but also for everything else. So if your daemon's process is compromised, an attacker would have far more freedom to own your server. The server may also start as root (necessary for example to bind to TCP port 80) and then give up its rights to user nobody.

Resources