phpstudy集成环境

 首页 > 将uwsgi配置参数从端口号改为socket文件,需要给uwsgi哪些权限?

将uwsgi配置参数从端口号改为socket文件,需要给uwsgi哪些权限?

第一遍这么输入的:uwsgi --socket :8001 --wsgi-file test.py
没有问题

第二遍输入:uwsgi --socket mysite.sock --wsgi-file test.py
就不对了
bind(): Operation not permitted [core/socket.c line 230]
第二遍用新的参数重新启动uwsgi的时候出上面的报错

uwsgi --socket mysite.sock --wsgi-file test.py --chmod-socket=666
这样也不行

项目文件夹的读写权限如下:
drwxr-xr-x 1 vagrant vagrant 374 Feb 3 07:32 mysite/
显然写权限只属于vagrant用户。

那么我是否把整个项目文件夹的写权限全部允许给uwsgi就可以了?

Using Unix sockets instead of ports

So far we have used a TCP port socket, because it’s simpler, but in fact it’s better to use Unix sockets than ports - there’s less overhead.

Edit mysite_nginx.conf, changing it to match:

server unix:///path/to/your/mysite/mysite.sock; # for a file socket
# server 127.0.0.1:8001; # for a web port socket (we'll use this first) and restart nginx.

Run uWSGI again:

uwsgi --socket mysite.sock --wsgi-file test.py

This time the socket option tells uWSGI which file to use.

Try http://example.com:8000/ in the browser.

If that doesn’t work

Check your nginx error log(/var/log/nginx/error.log). If you see something like:

connect() to unix:///path/to/your/mysite/mysite.sock failed (13: Permission denied)

then probably you need to manage the permissions on the socket so that nginx is allowed to use it.

Try:

uwsgi --socket mysite.sock --wsgi-file test.py --chmod-socket=666 # (very permissive)

or:

uwsgi --socket mysite.sock --wsgi-file test.py --chmod-socket=664 # (more sensible)

You may also have to add your user to nginx’s group (which is probably www-data), or vice-versa, so that nginx can read and write to your socket properly.

It’s worth keeping the output of the nginx log running in a terminal window so you can easily refer to it while troubleshooting.

我为这个问题折腾了一个星期

进程

nginx
    - root (master)
    - www-data (worker)
uwsgi
    - root (emperor)
    - www-data (worker)

目录/文件

www/
    config/
    log/
    application/
    socket/
        uwsgi_sock
nginx 和 uwsgi 都要以 root 权限启动,在配置文件中设置 worker 进程的用户
sock 文件
    要 nginx_worker 可读 r
    要 uwsgi_worker 可读可写 rx
sock 文件所在目录
    要 nginx_worker 可读 r
    要 uwsgi_worker 可新建文件(可读可写) rx
application 目录的所有者最好是 worker 进程的用户
    静态目录/文件 要 nginx_worker 可读 r
    所有目录/文件 要 uwsgi_worker 可读可写 rw
log 目录/文件
    nginx 和 uwsgi 都是以 root 身份写日志,日志文件的所有者是 root

uwsgi 需要对你指定的 socket 文件所在的目录有写权限,这样才能成功创建 socket 文件。你可以为 uwsgi 专门建个目录,也可以把 socket 放到比如 /var/run 或者 /tmp 下。

另外不要给不必要的人权限,会是个安全隐患。

【热门文章】
【热门文章】