Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nginx + AJP - open() failed (13: Permission denied) while reading upstream #3

Closed
HelloJamesLee opened this issue Apr 7, 2011 · 5 comments
Closed

Nginx + AJP - open() failed (13: Permission denied) while reading upstream #3

HelloJamesLee opened this issue Apr 7, 2011 · 5 comments

Comments

@HelloJamesLee
Copy link

When access a web page from Nginx + AJP, my browser can't display the content of the web page.
I found the below failure in error.log:
2011/04/06 10:23:01 [debug] 17578#0: *18 ngx_http_ajp_process_header: state(3)
2011/04/06 10:23:01 [debug] 17578#0: *18 ngx_http_ajp_process_header: parse response, pos:0842F0B8, last:0842F13D
2011/04/06 10:23:01 [debug] 17578#0: *18 ngx_http_ajp_input_filter: state(5)
2011/04/06 10:23:01 [debug] 17578#0: *18 ngx_http_ajp_input_filter: state(7)
2011/04/06 10:23:01 [crit] 17578#0: *18 open() "/root/download/nginx-0.8.54/addons/nginx_ajp_module/test/t/servroot/ajp_temp/1/00/0000000001" failed (13: Permission denied) while reading upstream, client: 127.0.0.1, server: localhost, request: "GET /test/index.html HTTP/1.1", upstream: "ajp://10.34.63.188:8009", host: "localhost:1984"

Condition:
The Nginx prefix is /root/download/nginx-0.8.54/addons/nginx_ajp_module/test/t/servroot/, and I run nginx as root role.
The owner of prefix and ajp_tmep directory is as following, which isn't a problem.
drwxr-xr-x 11 root root 4096 Apr 6 11:55 servroot
drwx------ 2 nobody root 4096 Apr 6 14:21 ajp_temp

  • However, if the nginx is installed in non-root home directory, this error dosen't occur.

The debug info in strace cmd:
[pid 18438] open("/root/download/nginx-0.8.54/addons/nginx_ajp_module/test/t/servroot/ajp_temp/1/00/0000000001", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE, 0600) = -1 EACCES (Permission denied)

I have wondering why this permission problem occur.
@yaoweibin
Copy link
Owner

Hi,

Can you delete the directory of ajp_temp, and run the nginx again? Can you show me you config file?

You may get some failures with the test scripts. Because I use the specific webapp pages in the localhost tomcat instance.

To use the test scripts, you should copy the nginx_ajp_module/test/webapps/* to your jave servers web directory. And Change the nginx_ajp_module/test/test.sh to point the your path of binary nginx.

@HelloJamesLee
Copy link
Author

(1)The problem exists after deleting the ajp_temp directory and running the nginx again.

My config file is as below:
#=== Begin ==============================
worker_processes 1;
daemon on;
master_process on;
error_log /root/install/logs/error.log debug;
pid /root/install/logs/nginx.pid;

http {
access_log /root/install/logs/access.log;

default_type text/plain;
keepalive_timeout  68;

upstream tomcats{
    server 10.34.63.188:8009;
    keepalive 10;
}

ajp_cache_path /tmp/ajp_cache levels=1:2 keys_zone=ajp_cache_zone:10m inactive=24h max_size=1g;


server {
    listen          1984;
    server_name     localhost;

    client_max_body_size 30M;
    #client_body_buffer_size 4k;

    # Begin preamble config...

    # End preamble config...

    # Begin test case config...
location / {
    root                 /tmp/ajp;
    error_page           404 = @fetch;
}

location @fetch {
    internal;
    ajp_pass           tomcats;
    ajp_store          on;
    ajp_store_access   user:rw  group:rw  all:r;

    root                 /tmp/ajp_store;
}

    # End test case config.

}

}

events {
worker_connections 64;
}
#=== End ==============================

(2) This problem is not relative with the test scripts.
I recurred this problem by the below condition:
a. Install nginx to /root/install/
b. Use above config file in (1)
c. There is nothing in /tmp/ajp
d. Tomcat is ok

The error log is :

2011/04/07 09:24:48 [error] 23875#0: *5 open() "/tmp/ajp/test/index.html" failed (2: No such file or directory), client: 127.0.0.1, server: localhost, request: "GET /test/index.html HTTP/1.1", host: "localhost:1984" ------ Comment: this is OK
2011/04/07 09:24:48 [debug] 23875#0: *5 ngx_http_ajp_process_header: state(3)
2011/04/07 09:24:48 [debug] 23875#0: *5 ngx_http_ajp_process_header: parse response, pos:09D90FE8, last:09D9106D
2011/04/07 09:24:48 [debug] 23875#0: *5 ngx_http_ajp_input_filter: state(5)
2011/04/07 09:24:48 [debug] 23875#0: *5 ngx_http_ajp_input_filter: state(7)

2011/04/07 09:24:48 [crit] 23875#0: *5 open() "/root/install/ajp_temp/1/00/0000000001" failed (13: Permission denied) while reading upstream, client: 127.0.0.1, server: localhost, request: "GET /test/index.html HTTP/1.1", upstream: "ajp://10.34.63.188:8009", host: "localhost:1984"

When I changed the installation to /home1/install/, the Nginx + AJP worked well.

I guess that it's related with the root priveleges and Nginx's prefix should not be a subdirectory of /root/ directory. I also discovered that the Nginx document root should not under a subdirctory of /root/.

@yaoweibin
Copy link
Owner

This is maybe the problem of user 'nobody', Can you explicitly specify another worker process's user name?

@HelloJamesLee
Copy link
Author

You are right! I use "user root root;" in nginx config file, and the Nginx + AJP works well.

@klishevich
Copy link

Thank you, very usefull!

This was referenced Jan 23, 2013
Closed
Closed
@higkoo higkoo mentioned this issue Feb 13, 2014
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yaoweibin @HelloJamesLee @klishevich