update docs about socket directory permissions

[luckman212]

I tried to follow the install steps to the best of my ability, on a fresh Ubuntu 21.04 host. I ran into an issue out of the box, where nginx just returns 502 Bad gateway upon accessing the site.

In /home/bepasty/logs/nginx-error.log I see something like this:

connect() to unix:/home/bepasty/gunicorn.sock failed (13: Permission denied) while connecting to upstream, client: 10.20.30.x, server: xxxmy.site.name, request: "GET / HTTP/1.1", upstream: "http://unix:/home/bepasty/gunicorn.sock:/", host: "xxxmy.site.name"

I can't figure this out despite lots and lots of googling.

The only thing that "works" for me is to change the user that nginx runs as, by editing /etc/nginx/nginx.conf and changing www-data to bepasty:

user bepasty; #changed from www-data

But, I imagine there are problems with this solution, and it doesn't scale when nginx needs to serve multiple sites.

Has anyone run into this and know how to properly fix? I'm a bit bewildered when it comes to gunicorn/flask.

[ThomasWaldmann]

Well, permission denied means you have to fix the permission issue.

So, check the permissions on the socket file and also on all directories above it.

[luckman212]

Thanks- The .sock file gets owned by the bepasty user. Should it be owned by www-data instead? Or a group?

[ThomasWaldmann]

I'ld go via the group (preferably, if you can give it to the nginx group) or others permission (if group can't be done).

[luckman212]

Ok, the "fix" was to give www-data group permissions on the /home/bepasty dir:

chown bepasty:www-data /home/bepasty

I don't know if this should be in the docs somewhere but it threw me for a loop.

[ThomasWaldmann]

A hint would be good, can you make a PR with the docs update?

Guess the xbit on the directory is the minimum requirement. And either adapt the group or give x to others.

[luckman212]

Sure once I have known-good working steps I am happy to update the docs via a PR. Still working out some issues though!