How do I run Flask+Nginx+uWSGI with SELinux in Enforcing mode?
I'm following this tutorial to run Flask on an Nginx server. I've almost got it to work, wherein the page loads when SELinux is set as Permissive but shows a 502 Bad Gateway when SELinux is in the Enforcing mode.
Here are some relevant files:
myproject.ini
[uwsgi]module = wsgimaster = trueprocesses = 5socket = myproject.sockchmod-socket = 660vacuum = truedie-on-term = true
myproject.service
[Unit]Description=uWSGI instance to serve myprojectAfter=network.target[Service]User=thisuserGroup=nginxWorkingDirectory=/home/thisuser/public_htmlEnvironment="PATH=/home/thisuser/thisuser_env/bin"ExecStart=/home/thisuser/thisuser_env/bin/uwsgi --ini myproject.ini[Install]WantedBy=multi-user.target
thisuser.com.conf (Nginx configuration)
server { listen 80; server_name thisuser.com www.thisuser.com; access_log /home/thisuser/logs/access.log; error_log /home/thisuser/logs/error.log; location / { include uwsgi_params; uwsgi_pass unix:/home/thisuser/public_html/myproject.sock; try_files $uri $uri/ =404; }}
The location of the Flask files+dirs is /home/thisuser/ and it's contexts are set like so:
[root@dev ~]# ls -ldZ /home/thisuser/drwx--x--x. thisuser thisuser unconfined_u:object_r:user_home_dir_t:s0 /home/thisuser/[root@dev ~]# ls -ldZ /home/thisuser/public_html/drwxrwxr-x. thisuser thisuser unconfined_u:object_r:httpd_sys_content_t:s0 /home/thisuser/public_html/
The errors are as follows:
/var/log/audit/audit.log
type=AVC msg=audit(1498880449.864:156): avc: denied { write } for pid=2667 comm="nginx" name="myproject.sock" dev="dm-2" ino=67165858 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=sock_filetype=SYSCALL msg=audit(1498880449.864:156): arch=c000003e syscall=42 success=no exit=-13 a0=f a1=7f526e12e548 a2=6e a3=7ffdf52991b0 items=0 ppid=2666 pid=2667 auid=4294967295 uid=997 gid=995 euid=997 suid=997 fsuid=997 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null)
and
/home/thisuser/logs/error.log
2017/06/30 23:40:49 [crit] 2667#0: *1 connect() to unix:/home/thisuser/public_html/myproject.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.1.15, server: thisuser.com, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/home/thisuser/public_html/myproject.sock:", host: "thisuser.com"
Steps tried:
tried changing the sock permissions to chmod-socket = 666
used setsebool -P httpd_can_network_connect 1
changed FROM user=thisuser to user=nginx
added thisuser to the nginx group
The only thing that works is changing SELinux to Permissive. Are there some changes/additions I can make, so that SELinux stays Enforcing?
Edit: http(s) has already been allowed in firewalld
[root@dev ~]# firewall-cmd --permanent --zone=public --add-service=https[root@dev ~]# firewall-cmd --permanent --zone=public --add-service=http[root@dev ~]# firewall-cmd --reload
https://codehunter.cc/a/flask/how-do-i-run-flask-nginx-uwsgi-with-selinux-in-enforcing-mode
0 notes
K-Pop Debuts and Comebacks for the 5th Week of November/1st Week of December (29 Nov-5 Dec 2021)
Nov 29
Ahn Yeeun - The Word
Kpop Star 5 runner-up Ahn Yeeun is back showcasing her unique vocals in this experimental track.
Chanhyun - On Television
Rookie soloist Chanhyun provides a throwback sound in this sexy 80s-style song.
Chungha - Killing Me
Solo queen Chungha is back in this upbeat electropop track.
Stray Kids - Christmas EveL
The popular JYP boy band gets into the holiday spirit in this catchy hip-hop infused track. Check out their more sentimental side for the holidays in "Winter Falls" MV!
Nov 30
cignature - BOYFRIEND
Rookie girl group cignature comes back with a light pop track!
KAI - Peaches
EXO's sexy dance machine goes for a modern take of traditional Korean fashion in this soft and smooth RnB track's MV.
Dec 1
EVERGLOW - PIRATE
Rising girl group EVERGLOW are interstellar marauders in this Cyperpunk-infused video and song.
IVE - ELEVEN
Starship Ent's first girl group in 5 years debuts confidently with this bold track.
Dec 2
No releases.
Dec 3
Truedy - LovE yOuRSelf ft. Kim Boa
Rapper Truedy is back in this song with attitude featuring KEEMBO (and former SPICA) vocalist Kim Boa.
Dec 4
No releases.
Dec 5
KIARA - Pick Me Up
Underrated K-Pop rookie soloist KIARA drops a beautiful RnB-infused dance pop track.
Which is your favourite release of this week?
10 notes
·
View notes
Can Truedy like... be Korean? It's not that fucking hard. In fact, it should come naturally considering the bitch is Korean.
Like, I'm scrolling on YouTube and I'm immediately attacked by this Tom Foolery
And she really got fans on here giffing and gassin her shit? Those must be the out and proudly anti-black kpop/khiphop fans because there's no fucking way....
And unlike other artists people like to claim don't know the significance of certain hairstyles or don't know it's appropriation no one can make that claim about Truedy when we know for a fact this chick literally tried to look black in the past. That's her whole thing. Yoon Mi Rae cosplaying ass... okay I'm done. 😊
2 notes
·
View notes
Getting "502 Bad Gateway" with nginx, uwsgi python-flask on ubuntu 16.04
I am following the this to deploy a flask app(simple hello world) on the Ubuntu 16-04. digital Ocean tutorial
Everything works fine till Testing uWSGI Serving. After that I followed the step as described and when I finally reach the bottom and check server IP address then I got:
502 Bad Gateway
Ok fine. I searched and checked my error log, I got this :-
2017/01/16 05:29:27 [crit] 20714#20714: *2 connect() to unix:/home/sajjan/project/project.sock failed (2: No such file or directory) while connecting to upstream, client: xx.9.xxx.xxx, server: 138.xxx.xx.xxx, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/home/sajjan/project/project.sock:", host: "xx.xx.xx.xx"
So After taking a error log , I created the file project.sock manually. again Go to server ip address and then same error "502 Bad Gateway"
Again checked the error log and found this
2017/01/16 06:07:11 [crit] 20874#20874: *1 connect() to unix:/home/sajjan/project/project.sock failed (13: Permission denied) while connecting to upstream, client: 47.9.237.113, server: XX.XX.XX.XX, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/home/sajjan/project/project.sock:", host: " XX.XX.XX.XX "
I figured out about the permission issue and change the permission using below command
sudo chmod 666 project.sock
Now I checked the permision( using ls -l filename)
-rw-rw-rw- 1 root root 0 Jan 16 05:31 project.sock
Now I go back to check the server's IP but found the same "502 Bad Gateway".Again I checked the error log and found this :
017/01/16 06:13:31 [error] 20897#20897: *6 connect() to unix:/home/sajjan/project/project.sock failed (111: Connection refused) while connecting to upstream, client: 47.9.237.113, server: XX.XX.XX.XX, request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://unix:/home/sajjan/project/project.sock:", host: " XX.XX.XX.XX ", referrer: "http:// XX.XX.XX.XX /"
I googled for above error read a lot in last two days but nothing to seem working for me .I have check these answers but no help stackanswer-1 stackanswer-2 and along with these I checked all the digital-ocean community thread but nothing seems to work.
I am total begineer to servers and don't know much about ubuntu. If you can help me to find out what wrong am I doing or suggest some better tutorial/ways to deploy my flask application, then I would be greatful.
These are my files
hello.py
from flask import Flaskapp = Flask(__name__)@app.route("/")def hello(): return "<h1 style='color:blue'>Hello There!</h1>"if __name__ == "__main__": app.run(host='0.0.0.0')
project.ini
[uwsgi]module = wsgi:appmaster = trueprocesses = 5socket = /home/sajjan/project/project.sockchmod-socket = 660vacuum = truedie-on-term = true
wsgi.py
from hello import appif __name__ == "__main__": app.run()
Below is file : /etc/nginx/sites-available/project
server { listen 80; server_name 138.197.28.107; location / { include uwsgi_params; uwsgi_pass unix:/home/sajjan/project/project.sock; }}
When I run the command :
sudo service uwsgi restart
output:
Failed to restart wsgi.service: Unit wsgi.service not found.
while output of
sudo service nginx status/restart
then this show that nginx is running .
Help me, If anything else that you want to know then let me know.Thanks
EDIT :
I have created a project.service file and its conetent is :
[Unit] Description=uWSGI instance to serve project After=network.target [Service] User=sajjan Group=www-data WorkingDirectory=/home/sajjan/project Environment="PATH=/home/sajjan/project/venv/bin" ExecStart=/home/sajjan/project/venv/bin/uwsgi --ini project.ini [Install] WantedBy=multi-user.target
I figured out I have to run below command :
sudo systemctl start project
Output is :
Warning: project.service changed on disk. Run 'systemctl daemon-reload' to reload units.
and when I run
sudo systemcl reload project
then output :
Failed to reload project.service: Job type reload is not applicable for unit project.service. See system logs and 'systemctl status project.service' for details.
and when I check the "systemctl status project.service"
● project.service - uWSGI instance to serve project Loaded: loaded (/etc/systemd/system/project.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2017-01-16 17:49:29 UTC; 6min ago Main PID: 27157 (code=exited, status=203/EXEC) Jan 16 17:49:29 learningwithpython systemd[1]: Started uWSGI instance to serve project. Jan 16 17:49:29 learningwithpython systemd[1]: project.service: Main process exited, code=exited, status=203/EXEC Jan 16 17:49:29 learningwithpython systemd[1]: project.service: Unit entered failed state. Jan 16 17:49:29 learningwithpython systemd[1]: project.service: Failed with result 'exit-code'.
https://codehunter.cc/a/flask/getting-502-bad-gateway-with-nginx-uwsgi-python-flask-on-ubuntu-16-04
0 notes