本文介绍了(13:权限被拒绝)同时连接到上游:[nginx]的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用 Nginx 和 Gunicorn 配置 Django 项目.

I am working with configuring Django project with Nginx and Gunicorn.

当我在 Nginx 服务器中访问我的端口 gunicorn mysite.wsgi:application --bind=127.0.0.1:8001 时,我在错误日志文件中收到以下错误;

While I am accessing my port gunicorn mysite.wsgi:application --bind=127.0.0.1:8001 in Nginx server, I am getting the following error in my error log file;

2014/05/30 11:59:42 [crit] 4075#0: *6 connect() to 127.0.0.1:8001 连接到上游时失败(13:权限被拒绝),客户端:127.0.0.1,服务器: localhost, 请求: "GET/HTTP/1.1", 上游: "http://127.0.0.1:8001/", host: "localhost:8080"

下面是我的nginx.conf文件的内容;

Below is the content of my nginx.conf file;

server {
    listen 8080;
    server_name localhost;
    access_log  /var/log/nginx/example.log;
    error_log /var/log/nginx/example.error.log;

    location / {
        proxy_pass http://127.0.0.1:8001;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
}

在 HTML 页面中,我收到 502 Bad Gateway.

In the HTML page I am getting 502 Bad Gateway.

我做错了什么?

推荐答案

免责声明

在运行之前确保您的用例没有安全隐患.

Disclaimer

Make sure there are no security implications for your use-case before running this.

我在使用 Fedora 20、Nginx、Node.js 和 Ghost(博客)时遇到了类似的问题.结果证明我的问题是由 SELinux 引起的.

I had a similar issue getting Fedora 20, Nginx, Node.js, and Ghost (blog) to work. It turns out my issue was due to SELinux.

这应该可以解决问题:

setsebool -P httpd_can_network_connect 1

详情

我检查了 SELinux 日志中的错误:

Details

I checked for errors in the SELinux logs:

sudo cat /var/log/audit/audit.log | grep nginx | grep denied

发现运行以下命令解决了我的问题:

And found that running the following commands fixed my issue:

sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
sudo semodule -i mynginx.pp

选项 #2(未经测试,但可能更安全)

setsebool -P httpd_can_network_relay 1

https://security.stackexchange.com/questions/152358/difference-between-selinux-booleans-httpd-can-network-relay-and-httpd-can-net

http://blog.frag-gustav.de/2013/07/21/nginx-selinux-me-mad/
https://wiki.gentoo.org/wiki/SELinux/Tutorials/Where_to_find_SELinux_permission_denial_details
http://wiki.gentoo.org/wiki/SELinux/Tutorials/Managing_network_port_labels

这篇关于(13:权限被拒绝)同时连接到上游:[nginx]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-04 01:37
查看更多