Problem starting Passenger with Nginx - ruby-on-rails

I have just setup Passenger with Nginx and it seems to install fine but when I run it I try to start it by:
passenger start -e production
I get:
=============== Phusion Passenger Standalone web server started ===============
PID file: /root/rails_apps/myapp/tmp/pids/passenger.3000.pid
Log file: /root/rails_apps/myapp/log/passenger.3000.log
Environment: production
Accessible via: http://0.0.0.0:3000/
You can stop Phusion Passenger Standalone by pressing Ctrl-C.
===============================================================================
2011/04/18 07:17:27 [error] 9125#0: *4 "/root/rails_apps/myapp/public/index.html" is forbidden (13: Permission denied), client: 127.0.0.1, server: _, request: "HEAD / HTTP/1.1", host: "0.0.0.0"
and I get "Unable to connect" when I try to access my site in the browser.
Here is configuration in nginx.conf
server {
listen 80;
server_name myapp.com;
root /root/rails_apps/myapp/public; # <--- be sure to point to 'public'!
passenger_enabled on;
}
any ideas?

This error seems caused because the user of nginx cannot access the mentioned file. It can be caused not only if the /root/rails_apps/myapp/public is not have a correct permission, but even if one of the parent directories does not have that!
In your nginx.conf you can see something like:
user nginx;
http {
# blah.
}
Sometimes parameter of the user can be different. Be sure to all folder is available by this user in the path.
You can check it by sudo -Hu nginx /bin/bash -l and cat /root/rails_apps/myapp/public/index.html. Test and test it again with this command until you cannot see the content of the file.
A little explanation: with that sudo command you start a shell as an user nginx. And with cat command you can simulate the file reading.

Try this:
sudo passenger start -e production

since the path you specified is in /root (/root/rails_apps/myapp/public), nginx should have enough permissions:
user root; in nginx.conf
you should also start nginx as superuser ( sudo )
but it might be better to just move your rails app somewhere to your user directory and grant needed permissions to default nginx user 'www-data'
user www-data;

Related

Configure Apache and Passenger to use websocket

I'm trying to setup apache to use ruby on rails web socket with passenger. I know that Action Cable is not supported on Passenger + Apache, so I'm tryng to use the reverse proxy solution:
https://www.phusionpassenger.com/library/deploy/standalone/reverse_proxy.html
The main application should continue to use the Passenger Apache module while the websocket should use passenger standalone.
I enabled the reverse proxy and changed the vhost config.
<VirtualHost *:80>
...
PassengerRuby /home/rails/.rvm/gems/ruby-2.5.1/wrappers/ruby
<Location "/cable">
ProxyPass "ws://127.0.0.1:4000/cable"
ProxyPassReverse http://127.0.0.1:4000/
ProxyPreserveHost on
</Location>
...
</VirtualHost>
When I start the passenger from the command line
bundle exec passenger start --daemonize --address 127.0.0.1 --port 4000
it works fine, but when I create a service using systemd in Ubuntu 18.04.5 LTS
...
[Service]
Type=forking
WorkingDirectory=/mnt/xfeature/srv/www/f3.xxxx.xxx/current
Environment=RAILS_ENV=feature
User=rails
Group=www-data
UMask=0002
ExecStart=/home/rails/.rvm/bin/rvm-shell -c 'bundle exec passenger start --daemonize -e feature --address 127.0.0.1 --port 4000 --log-level 5'
ExecStop=/home/rails/.rvm/bin/rvm-shell -c 'bundle exec passenger stop --port 4000'
....
it fails usually with this error.
[ E 2021-05-13 09:52:13.3607 21447/Tz age/Cor/App/Implementation.cpp:221 ]: Could not spawn process for application /mnt/xfeature/srv/www/f3.xxx.xxx/releases/20210513094622: An operating system error occurred while preparing to start a preloader process: Cannot change the directory '/tmp/passenger.spawn.XXXXgMx55z/envdump' its UID to 1001 and GID to 1001: Operation not permitted (errno=1)
Error ID: 847da63a
Error details saved to: /tmp/passenger-error-5S5Syq.html
and the websocket connection cannot be established. I checked the /tmp permission and are OK.
Any suggestion?
We had some strange issues with Apache and Passenger recently. It turns out Apache automatically updated and changed the PrivateTmp setting to true, which caused a similar error message.
I'm not sure if that is what is causing your error, but you could check that to verify that PrivateTmp is set to false.
Our configuration is:
/etc/systemd/system/apache2.service.d/override.conf
override.conf Contents:
PrivateTmp=false
I'm not certain how that override.conf file is loaded. I assume there is a configuration somewhere looking for an override file and it is using it.

Nginx and passenger root directive not working with Capistrano 3. Symlink to current release breaks app

When I deploy with Capistrano 3 I deploy to /home/dev/app-name/. Cap creates a directory structure /home/dev/app-name/current/
which is a symlink to /home/dev/app-name/releases/20181129161818 (the current release).
This symlink is broken and does not work for nginx and passenger. I know this because this is my app config located in /etc/nginx/conf.d/app-name.conf:
server {
listen 80;
server_name app-name.domain.com;
passenger_enabled on;
passenger_ruby /home/dev/.rvm/gems/ruby-2.5.1/wrappers/ruby;
rails_env production;
root /home/dev/app/app-name/releases/20181129161818/public/;
#root /home/dev/app/app-name/current/public;
}
if I comment out the path root /home/dev/app/mullen-admin/releases/20181129161818/public/; and sudo service nginx restart the app works.
If I use the other root directive, the app is broken and I get this 500 Server Error.
2018/11/29 15:31:43 [alert] 11278#0: *3 Cannot stat '/home/dev/app/app-name/current/passenger_wsgi.py':
Permission denied (errno=13); This error means that the Nginx worker process (PID 11278, running as UID 1002) does not have permission to access this file.
Please read this page to learn how to fix this problem: https://www.phusionpassenger.com/library/admin/nginx/troubleshooting/?a=upon-accessing-the-web-app-nginx-reports-a-permission-denied-error;
Extra info, client: 10.194.234.100, server: app-name.domain.com, request: "GET /employees/sign_in HTTP/1.1", host: "app-name.domain.com"
I am running centos-release-7-5.1804.5.el7.centos.x86_64 on a virtual machine at the office I work at. I have a sudouser dev that I use to ssh and deploy with.
Please help!? I need the app to work at /current in the nginx root directive so I can deploy and have changes take effect.
I assume capistrano has already symlink directive: ln -nfs release_path current_path
Cannot stat '/home/dev/app/app-name/current/passenger_wsgi.py':
Permission denied (errno=13);
Your symlink is not broken, your permissions are and you must align them (passenger does not have permission to create file). Change the chmod after deploy:symlink
Something like
run "#{try_sudo} chmod 755 -R #{current_path}"
Also depending on your config you might want for example to execute chown instead of sudo

directory index of "..." is forbidden

I am trying to get phusion passenger and nginx running on Mac OSX. It has been very difficult.
I followed the instructions here exactly.
$ brew install nginx --with-passenger
$ brew info nginx --with-passenger
Then it tells me this:
To activate Phusion Passenger, add this to
/usr/local/etc/nginx/nginx.conf, inside the 'http' context:
passenger_root /usr/local/opt/passenger/libexec/src/ruby_supportlib/phusion_passenger/locations.ini;
passenger_ruby /usr/bin/ruby;
What's interesting about that is that is not the ruby my site uses. I use rvm and have generated a .versions.conf file:
rvm --create --versions-conf use ruby-2.1.2#core
Hence, when you cd to my root folder of site, you get the following:
$ rvm-prompt
ruby-2.1.2#core
So that is what I added to nginx.conf:
http {
...
passenger_root /usr/local/opt/passenger/libexec/src/ruby_supportlib/phusion_passenger/locations.ini;
passenger_ruby /Users/dviglione/.rvm/gems/ruby-2.1.2#core/wrappers/ruby;
Note that when I run passenger-config, it does give me a different location for locations.ini:
$ /usr/local/bin/passenger-config --root
/usr/local/Cellar/passenger/5.0.26/libexec/src/ruby_supportlib/phusion_passenger/locations.ini
I don't know which location is correct but I stuck with the one that it provided during the install. If I changed to the other location, I get a different issue: "This site can't be reached".
In nginx.conf, my server block looks like this:
server {
rack_env development;
listen 8080;
server_name mysite_development;
root /Users/myuser/projects/core;
access_log /Users/myuser/projects/core/log/nginx_access.log;
error_log /Users/myuser/projects/core/log/nginx_error.log;
passenger_enabled on;
}
I added the following to /etc/hosts:
127.0.0.1 mysite_development
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
The root directory has the following permissions:
$ ls -ld core
drwxr-xr-x 37 myuser CORP\Domain Users 1258 Oct 14 18:45 core
Yet, when I navigate to http://mysite_development:8080/, I get the following error in my nginx error log:
2016/10/14 18:52:23 [error] 90766#0: *1 directory index of
"/Users/myuser/projects/core/" is forbidden, client: 127.0.0.1,
server: mysite_development, request: "GET / HTTP/1.1", host:
"mysite_development:8080"
The problem is not with nginx itself because I created a test folder and put an index.html in there and then created a server block for that and the index.html successfully displayed in browser. So problem is either with Passenger or Rails.
Note if I add this to the server block:
location / {
root html;
index index.html index.htm;
}
Then I just get the 'Welcome to nginx!' page.
I even chmod 777 recursively on the entire directory and its files of the Rails app. Still get the 403 Forbidden error. It has to be a problem with Passenger.
How can I resolve this?
You need to explicitly specify, where actual Ruby code of a Rails application is located, using passenger_app_root directive, described in Passenger's documentaion.
More details in my full answer.

Nginx and Unicorn user permissions for socket

Nginx has a clearly defined way to set who the process runs as in the conf file:
user nobody nogroup;
(Though as a side question I wonder why is the group necessary? If you run the process as a user the group must be by definition the group that user belongs to, how can you define a user and a group simultaneously?)
But Unicorn doesn't seem to have this ability. As a result, in my provider's VPS, I'm logged in as root, I start nginx (which runs as user nginx, group web) and I then start unicorn (which starts as root because I am logged in as root). Unicorn makes a socket owned by root and then nginx can't read from it. How can I make unicorn run as the user unicorn in the same security group as nginx so that the socket is readable by nginx?
This is on ubuntu 12.04 64bit, unicorn v4.8.2, nginx version: nginx/1.4.6
The error is below:
unix:/etc/sockets/.unicorn.sock failed (2: No such file or directory) while connecting to upstream, client: 24.7.100.227, server: _, request: "GET / HTTP/1.1", upstream: "http://unix:/etc/sockets/.unicorn.sock:/", host: "xx.xx.xx.xxx"
Ah I figured it out. Its actually unnecessary. BOTH processes run as root for their master processes. Even if you configure nginx with a user parameter the master process runs as root which is the one which interacts with the socket. So my issue was actually something else (a typo in the unicorn conf file)

How to configure nginx with passenger with rails application

I have followed this tutorial https://www.digitalocean.com/community/articles/how-to-install-rails-and-nginx-with-passenger-on-ubuntu
I have installed passenger with nginx on my virtual machine and trying to access the site.
In the root I have specified path as root /var/rails_apps/public/; which give me Welcome to Nginx page,
server{
listen 80;
server_name localhost;
root /var/rails_apps/public/;
passenger_enabled on;
}
As my root page of my site is in the /var/rails_apps/app/views/home/index.html.erb
so I changed the path to root /var/rails_apps/app/views/home/;
server{
listen 80;
server_name localhost;
root /var/rails_apps/app/views/home/;
passenger_enabled on;
}
but still for both root I am getting Welcome to Nginx page.
My request URL is like this -> /#{IpAddressOfVirtualMachine}:80/
When I specified different port for listening eg 1027 then it gives me error Unable to connect
Please explain how I can get my site running using nginx and passenger, is there any other setting required?
I am able run my site just did following changes.
Install nginx init script
nginx init script by Jason Giedymin helps us to administer web server easily.
$ cd
$ git clone git://github.com/jnstq/rails-nginx-passenger-ubuntu.git
$ sudo mv rails-nginx-passenger-ubuntu/nginx/nginx /etc/init.d/nginx
$ sudo chown root:root /etc/init.d/nginx
After that rails g controller pages home
And point root to public folder root /var/rails_apps/helloworld/public;
then access my virtual machine through http #{IpAddressOfVirtualMachine}:1027/pages/home
port 80 was busy so I used different which is port 1027
And it works !!!
you can refer this blog for more information
http://ershadk.com/blog/2012/04/05/set-up-rails-3-2-2-with-passenger-rvm-and-ngnix/
Change the root back to public folder, and open the URL without the port number
You need to change the server name in the nginx config to the same IP you are connecting to, and yes keep the root in the public folder, that's how rails work.
server_name 123.456.789.000; # replace with your IP
Instead of localhost, then restart nginx.

Resources