[Solved] 502 Bad Gateway

Hi there, we are using nginx server. I get the following error:
connect() to unix:/opt/indico/web/uwsgi.sock failed (13: Permission denied) while connecting to upstream
The nginx master process is running as root and worker process as indico with group nginx.
The /opt/indico folder has user indico and group nginx with permissions 770.
We don’t have a domain so I set the server name as ip.
What would be causing this error ? Thankyou.

Maybe wrong permissions on /opt/indico/web? One step in the setup guide includes chmod 750 ~/web.

Also, 770 is more than you need for /opt/indico. 710 is enough as there is no need to write or list that directory.

Not working, I think problem is related to nginx user and group.

The problem was that root was not in nginx group, I don’t get that error now, but it’s still not showing indico page, still 502 error.

So I changed the user to root in all configuration files. Now I get only “Internal server error”.

Maybe now it can’t access the database.

Well running as root is a bad idea to begin with… also from a security point of view.

And yes, not being able to access the database is possible, since root isn’t special in postgres, and with the default setup indico uses the system user for authenticating.

So my recommendation is to:

  • fix anything you changed to root
  • check the setup guide and use the correct users. since it works with the default setup there must be something wrong with your custom changes diverting from the setup guide…

So I changed user back to indico and managed to start nginx as indico, I get 502 error.

is uwsgi running? please show the output of these commands:

systemctl status uwsgi.service
ps aux | grep nginx
ls -al /opt/indico/ /opt/indico/web/
● uwsgi.service - LSB: Start/stop uWSGI server instance(s)
   Loaded: loaded (/etc/init.d/uwsgi; bad; vendor preset: enabled)
   Active: active (running) since Fri 2020-04-10 10:55:12 UTC; 23min ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 9
   Memory: 333.8M
      CPU: 7.855s
   CGroup: /system.slice/uwsgi.service
           ├─16681 indico uWSGI maste
           ├─16710 indico uWSGI worker
           ├─16712 indico uWSGI worker
           ├─16714 indico uWSGI worker
           └─16716 indico uWSGI worker
indico@ubuntu:/opt$ ps aux | grep nginx
indico   18046  0.0  0.0 127324  1900 ?        Ss   11:12   0:00 nginx: master process nginx -c /etc/nginx/nginx.conf
indico   18047  0.0  0.0 127960  7448 ?        S    11:12   0:00 nginx: worker process
indico   18048  0.0  0.0 127700  3284 ?        S    11:12   0:00 nginx: worker process
indico   18049  0.0  0.0 127700  3284 ?        S    11:12   0:00 nginx: worker process
indico   18050  0.0  0.0 127700  3284 ?        S    11:12   0:00 nginx: worker process
indico   18296  0.0  0.0  14220  1092 pts/0    S+   11:18   0:00 grep nginx
indico@ubuntu:/opt$ ls -al /opt/indico/ /opt/indico/web/
/opt/indico/:
total 60
drwxr-x--- 12 indico nginx 4096 Apr 10 06:46 .
drwxr-xr-x  4 root   root  4096 Apr  9 11:35 ..
drwxr-x---  2 indico nginx 4096 Apr  9 13:08 archive
-rwxr-x---  1 indico nginx 6878 Apr 10 11:11 .bash_history
drwxr-x---  2 indico nginx 4096 Apr  9 13:08 cache
drwxr-x---  3 indico nginx 4096 Apr  9 10:42 .cache
drwxr-x---  2 indico nginx 4096 Apr 10 09:58 etc
lrwxrwxrwx  1 indico nginx   27 Apr 10 06:46 .indico.conf -> /opt/indico/etc/indico.conf
drwxr-x---  3 indico nginx 4096 Apr  9 09:51 .local
drwxr-x---  4 indico nginx 4096 Apr  9 13:08 log
drwxr-x---  2 indico nginx 4096 Apr  9 13:53 .nano
-rwxr-x---  1 indico nginx  560 Apr 10 06:38 .psql_history
-rwxr-x---  1 indico nginx    0 Apr  9 13:58 .sudo_as_admin_successful
drwxr-x---  2 indico nginx 4096 Apr  9 13:37 tmp
drwxr-x---  6 indico nginx 4096 Apr 10 06:44 .venv
drwxr-x---  2 indico nginx 4096 Apr 10 10:55 web

/opt/indico/web/:
total 16
drwxr-x---  2 indico nginx 4096 Apr 10 10:55 .
drwxr-x--- 12 indico nginx 4096 Apr 10 06:46 ..
-rwxr-x---  1 indico nginx  281 Apr 10 06:55 indico.wsgi
lrwxrwxrwx  1 indico nginx   63 Apr 10 06:46 static -> /opt/indico/.venv/lib/python2.7/site-packages/indico/web/static
srwxrwx---  1 indico nginx    0 Apr 10 10:55 uwsgi.sock
srwxrwx---  1 indico nginx    0 Apr 10 10:55 uwsgi-stats.sock

It’s strange that nginx is running as indico, but I don’t think this is causing the problem.

Can you check /opt/indico/log/nginx/error.log for any recent entries?

upstream prematurely closed connection while reading response header from upstream

Nginx was running as root and www-data before, but I changed it to work with the configuration files.

I got it working, I had to delete the database because it was made when user was root and made a new one.

You should write in the documentation that the user in the configuration file needs to be the same user for nginx server.

Which config file do you mean? When following the steps from the guide everything should be correct; of course people are somewhat on their own if they make other changes to the system…

There are 2 conf files with user “indico” in documentation.

I guess you mean /etc/systemd/system/indico-celery.service and /etc/uwsgi/apps-available/indico.ini? That only needs to match the user where you installed Indico (so, usually the indico user).

nginx does not need to run as the same user. The important thing is that the group the nginx user belongs to matches the one in uWSGI’s chown-socket setting since the uWSGI socket is set to 770. Also, the group of /opt/indico and /opt/indico/web needs to match the one used for nginx, since the permissions on those directories need to allow nginx to descend into them. But with the default nginx group specified (-g nginx) when creating the indico user this should be the case by default.

Anyway, thanks for the help.

2 posts were split to a new topic: Error 502 after upgrading to CentOS 7.8