Allow nginx to access to the unicorn socket #10
Conversation
|
Thank you for the pull request. I'm not sure we will implement it like this as it gives everybody access to the socket. |
|
Thanks! I'll go ahead and close this. |
|
Any ETA on a fix on this? (Just realized via the forum post that adding |
|
a fix for this problem was published today with the new agent (version 106). You can check the installed agent version with |
I'm assuming running an update dependencies command will update the agent. Trying that now :) |
|
Your agent will update itself automatically within 24h, update dependencies will not do it. |
|
I just stopped and restarted the instance, all is well (other than OpsWorks still showing a spinner next to "shutdown", but I figure it'll eventually decide to put an X there or something) :) Thanks! |
|
I am still seeing this issue 😦 |
|
I'll check this and get back to you |
|
I just tested it and could not reproduce it. Did you app worked at some point? Can you post a gist with the chef log showing the failure? |
|
@awsrequena It worked the week before last, but only after following some of the information on the aws discussion group. I killed the original instances and had OpsWorks make new instances and since then they have these With my fork of this repository: https://gist.github.com/tjhanley/9e9c83a235d2063ab107 Gist with the stock opsworks-cookbooks repository: https://gist.github.com/tjhanley/054f959d8b1d64599e41 |
|
I'm on version 206 and seem to be getting the same issue. Is there a way of forcing a rebuild of the instance? |
|
If you are instance store, stop and start the instance. If you are not instance store, start a new instance in the same layer, boot it, and check if the problem is resolved. If so, terminate the old one from the OpsWorks console (stop -> delete). I haven't had this problem in some time, and I ditched the "group": "nginx" part. |
|
I actually only started using OpsWorks yesterday, so was quite surprised that I had the issue. Also, I'm using Ubuntu 12.04, so I think the group has to be set to "www-data". I was finding that Unicorn was in the to "www-data" group whereas nginx was in the "nginx" group. Killing the instances and remaking them seems to have sorted the problem, although I have no idea if the group has had any impact. Thanks for the help. |
|
Nginx and Unicorn both need to be the same group, which is probably "nginx" in your case. Is is possible you picked Apache then switched to Nginx without a relaunch? |
|
No, actually. I picked Unicorn/Nginx right from the start. I believe this line is causing the difference for Ubuntu/Debian: https://github.com/aws/opsworks-cookbooks/blob/master-chef-11.4/deploy/attributes/deploy.rb#L8 Probably just a convention thing - most Deb/Ubuntu stuff uses www-data. |
Note, the default value of the `mlockall` attribute is `false` [elastic/elasticsearch#567]. However, in production environment, it is _highly_ recommended to run with a `mlockall:true` setting -- thus the cookbook sets it to `true`. If you encounter problems, try running with `mlockall:false`. Closes #10.
I have exactly the issue described here:
https://forums.aws.amazon.com/thread.jspa?threadID=118236
Nginx can't write to the unicorn socket because of the shared/sockets directory's permissions.
Example error message:
...connect() to unix:/srv/www/myapp/shared/sockets/unicorn.sock failed (13: Permission denied) while connecting to upstream, client: 10.158.40.157, server: myapp.com, request: "OPTIONS / HTTP/1.0", upstream: "http://unix:/srv/www/myapp/shared/sockets/unicorn.sock:/"
This proposed change expands the permissions on the sockets directory. Thanks for considering it!