SELinux, nginx'in Unicorn soketine yazma erişimini engelliyor


1

Rails uygulamamı Nginx ve Unicorn ile kurmaya çalışıyorum.

Nginx, Rails uygulamamın kök URL'sine erişerek aşağıdaki hatayı veriyor:

14 Eylül 23:39:42 servercentos7 python [5604]: SELinux / usr / sbin / nginx’in sock_file /var/www/amily_photo/shared/tmp/sockets/unicorn.sock adresinden yazma erişimini engelliyor.

                                           *****  Plugin catchall (100. confidence) suggests   **************************

                                           If you believe that nginx should be allowed write access on the unicorn.sock sock_file by default.
                                           Then you should report this as a bug.
                                           You can generate a local policy module to allow this access.
                                           Do
                                           allow this access for now by executing:
                                           # grep nginx /var/log/audit/audit.log | audit2allow -M mypol
                                           # semodule -i mypol.pp

Hata raporunda belirtilen iki komutu yerine getirdim ancak işe yaramadı

grep nginx /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.pp

nginx.conf:

worker_processes 1;

user root root; # for systems with a "nogroup"

# Feel free to change all paths to suite your needs here, of course
pid /tmp/nginx.pid;
error_log /tmp/nginx.error.log;

events {
  worker_connections 1024; # increase if you have lots of clients
  accept_mutex off; # "on" if nginx worker_processes > 1
  # use epoll; # enable for Linux 2.6+
  # use kqueue; # enable for FreeBSD, OSX
}

http {
  # nginx will find this file in the config directory set at nginx build time
  include mime.types;

  # fallback in case we can't determine a type
  default_type application/octet-stream;

  # click tracking!
  access_log /tmp/nginx.access.log combined;

  sendfile on;

  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
  tcp_nodelay off; # on may be better for some Comet/long-poll stuff

  gzip on;
  gzip_http_version 1.0;
  gzip_proxied any;
  gzip_min_length 500;
  gzip_disable "MSIE [1-6]\.";
  gzip_types text/plain text/html text/xml text/css
             text/comma-separated-values
             text/javascript application/x-javascript
             application/atom+xml;

  include /etc/nginx/sites-enabled/*;

  ##########################################################
  # Catch all requests to server ip so just hitting the ip
  # won't render anything.
  ##########################################################
  server {
    listen   80 default;
    server_name  everythingelse;

    # Everything is a 404
    location / {
      return 404;
    }
  }
}

Uygulama için Nginx config:

##############################################################
# Upstream must have unique name and unique socket.          #
# The socket must match what is in the app's unicorn.rb file #
##############################################################
upstream amily_photo_server {
  server unix:/tmp/unicorn_amily_photo.sock fail_timeout=0;
}

##############################
# Server configs go here     #
##############################
server {
  listen 80;

  client_max_body_size 4G;
  server_name XN--80AA1ABXAPNQ1A.XN--P1AI;
  keepalive_timeout 5;

  #########################################################
  # This should go to the public folder of your rails app #
  #########################################################
  root /var/www/amily_photo/current/public;

  try_files $uri/index.html $uri.html $uri @app;
  location @amily_photo_server {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;


    #############################################
    # This should be http://upstream; with the  #
    # upstream specified above.                 #
    #############################################
    proxy_pass http://amily_photo_server;
  }
  error_page 500 502 503 504 /500.html;
  location = /500.html {
    #########################################################
    # This should go to the public folder of your rails app #
    #########################################################
    root /var/www/amily_photo/current/public;
  }
}

Bu yayınlar yardımcı olmadı:

Hiçbir fikrim yok, ne yapmalı ...

Lütfen yardım et.


Bu cevap bana yardımcı oldu superuser.com/questions/836728/…
AntonAL
Sitemizi kullandığınızda şunları okuyup anladığınızı kabul etmiş olursunuz: Çerez Politikası ve Gizlilik Politikası.
Licensed under cc by-sa 3.0 with attribution required.