Nginx error: (13: Permission denied) while connecting to upstream

Question:

I am getting this error in my nginx-error.log file:

The browser also shows a 502 Bad Gateway Error. The output of a curl is the same, Bad Gateway html

I’ve tried to fix it by changing permissions for /tmp/uwsgi.sock to 777. That didn’t work. I also added myself to the www-data group (a couple questions that looked similar suggested that). Also, no dice.

Here is my nginx.conf file:

nginx.conf

I am running a Flask application with Nginsx and Uwsgi, just to be thorough in my explanation. If anyone has any ideas, I would really appreciate them.

Answer:

The permission issue occurs because uwsgi resets the ownership and permissions of /tmp/uwsgi.sock to 755 and the user running uwsgi every time uwsgi starts.

The correct way to solve the problem is to make uwsgi change the ownership and/or permission of /tmp/uwsgi.sock such that nginx can write to this socket. Therefore, there are three possible solutions.

  1. Run uwsgi as the www-data user so that this user owns the socket file created by it.
  2. Change the ownership of the socket file so that www-data owns it.
  3. Change the permissions of the socket file, so that www-data can write to it.

I prefer the first approach because it does not leave uwsgi running as root.

The first two commands need to be run as root user. The third command does not need to be run as root user.

The first command leaves uwsgi running as www-data user. The second and third commands leave uwsgi running as the actual user that ran the command.

The first and second command allow only www-data user to write to the socket. The third command allows any user to write to the socket.

I prefer the first approach because it does not leave uwsgi running as root user and it does not make the socket file world-writeable .

Leave a Reply