Nginx 在将上游连接到 Unicorn 时拒绝许可

Question

我正在尝试设置 Nginx、Unicorn 和 Sinatra 堆栈工作。这是我关注的guide。

虽然设置运行良好，但在运行 curl 时出现错误的网关：

[root@Orbital sockets]# curl localhost
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

具体的错误日志如下：

2018/06/21 17:00:21 [crit] 15475#0: *1 connect() to unix:/root/myapp/tmp/sockets/unicorn.sock failed (13: Permission denied) while connecting to upstream, client: 127.0.0.1, server: my-sinatra-app.com, request: "GET / HTTP/1.1", upstream: "http://unix:/root/myapp/tmp/sockets/unicorn.sock:/", host: "localhost"

这是我的文件夹层次结构，所有步骤均使用 root 执行。这个文件夹的pwd是/root/myapp：

├── config.ru
├── log
│   ├── unicorn.stderr.log
│   └── unicorn.stdout.log
├── my_app.rb
├── tmp
│   ├── pids
│   │   └── unicorn.pid
│   └── sockets
│       └── unicorn.sock
└── unicorn.rb

整个文件夹已通过chmod -R 777 myapp递归获得完全权限。

/etc/nginx/nginx.conf

# this sets the user nginx will run as,
#and the number of worker processes
user root root;
worker_processes  1;

# setup where nginx will log errors to
# and where the nginx process id resides
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
  worker_connections  1024;
  # set to on if you have more than 1 worker_processes
  accept_mutex off;
}

http {
  include       /etc/nginx/mime.types;

  default_type application/octet-stream;
  access_log /tmp/nginx.access.log combined;

  # use the kernel sendfile
  sendfile        on;
  # prepend http headers before sendfile()
  tcp_nopush     on;

  keepalive_timeout  5;
  tcp_nodelay        on;

  gzip  on;
  gzip_vary on;
  gzip_min_length 500;

  gzip_disable "MSIE [1-6]\.(?!.*SV1)";
  gzip_types text/plain text/xml text/css
     text/comma-separated-values
     text/javascript application/x-javascript
     application/atom+xml image/x-icon;

  # use the socket we configured in our unicorn.rb
  upstream unicorn_server {
    server unix:/root/myapp/tmp/sockets/unicorn.sock
        fail_timeout=0;
  }

  # configure the virtual host
  server {
    # replace with your domain name
    server_name my-sinatra-app.com; //ip address here
    # replace this with your static Sinatra app files, root + public
    root /root/myapp/;
    # port to listen for requests on
    listen 80;
    # maximum accepted body size of client request
    client_max_body_size 4G;
    # the server will close connections after this time
    keepalive_timeout 5;

    location / {
      try_files $uri @app;
    }

    location @app {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_redirect off;
      # pass to the upstream unicorn server mentioned above
      proxy_pass http://unicorn_server;
    }
  }
}

/root/myapp/unicorn.rb

# set path to app that will be used to configure unicorn,
# note the trailing slash in this example
@dir = "/root/myapp/"

worker_processes 2
working_directory @dir

 timeout 30

# Specify path to socket unicorn listens to,
# we will use this in our nginx.conf later
listen "#{@dir}tmp/sockets/unicorn.sock", :backlog => 64

# Set process id path
pid "#{@dir}tmp/pids/unicorn.pid"

# Set log file paths
stderr_path "#{@dir}log/unicorn.stderr.log"
stdout_path "#{@dir}log/unicorn.stdout.log"

我可以绕过ngnix，通过curl --unix-socket ~/myapp/tmp/sockets/unicorn.sock localhost 连接到Unicorn的socket

其余文件与教程相同。我不确定自己做错了什么，我咨询了一些类似的 Stackoverflow 主题，但似乎都没有效果。

Answer 1

虽然我没有弄清楚实际问题，但从 Centos 7.5 切换到 6.9 解决了这个问题。