uwsgi upstart on amazon linux
Asked Answered
S

1

10

I created a uwsgi file following this tutorial https://uwsgi.readthedocs.org/en/latest/Upstart.html on amazon linux. Though It doesn't seem to run as Nginx just says bad gateway. If I run the

/etc/init/uwsgi.conf

description "uwsgi tiny instance"
start on runlevel [2345]
stop on runlevel [06]

exec /home/ec2-user/venv/bin/uwsgi --ini /home/ec2-user/uwsgi-prod_demo.ini

if I do run the following in shell, then python application runs.

/home/ec2-user/venv/bin/uwsgi --ini /home/ec2-user/uwsgi-prod_demo.ini

uwsgi-prod_demo.ini

[uwsgi]
socket = :8080
chdir = /home/ec2-user/prod_demo
master = True
venv = /home/ec2-user/venv
callable = app
wsgi-file = /home/ec2-user/prod_demo/manage.py
enable-threads = True
https = =0,/home/ec2-user/xxx.com.au.pem,/home/ec2-user/newkey.pem,HIGH

nginx.conf

user  ec2-user;
worker_processes  1;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

  server {
    listen 80;
    listen 443 ssl;
    ssl_certificate /home/ec2-user/xxx.com.au.pem;
    ssl_certificate_key /home/ec2-user/newkey.pem;
    server_name import.xxx.com.au  *.import.xxx.com.au;
    access_log /var/log/prod_demo/access_log;

    root /home/ec2-user/prod_demo;

    location / {
      uwsgi_pass 127.0.0.1:8080;
      include uwsgi_params;
    }

    location /static {
         alias /home/ec2-user/prod_demo/app/static;
    }

    location = /favicon.ico {
            alias    /home/ec2-user/prod_demo/app/static/images/favicon.ico;
    }
  }
}
Stomacher answered 28/11, 2014 at 22:39 Comment(0)
S
16

To fix this I did a few things. - Moved all scripts from the home directory to an /var/www/ - created an www group and www user and chown /var/www to www:www

Full Instructions

  1. Create a user and group www and www

    sudo groupadd www
    sudo adduser www -g www
    
  2. create a dir where your flask application will be ie /var/www/

    sudo chown -R www:www /var/www
    
  3. /etc/nginx/nginx.conf

    # /etc/nginx/nginx.conf
    
    # For more information on configuration, see:
    #   * Official English Documentation: http://nginx.org/en/docs/
    #   * Official Russian Documentation: http://nginx.org/ru/docs/
    
    user  www;
    worker_processes  1;
    
    error_log  /var/log/nginx/error.log;
    #error_log  /var/log/nginx/error.log  notice;
    #error_log  /var/log/nginx/error.log  info;
    
    pid        /var/run/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;
    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  /var/log/nginx/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
        client_max_body_size 20M;
    
        #keepalive_timeout  0;
        keepalive_timeout  0;
    
        uwsgi_read_timeout 86400;
        uwsgi_send_timeout 86400;
    
        #gzip  on;
    
        # Load modular configuration files from the /etc/nginx/conf.d directory.
        # See http://nginx.org/en/docs/ngx_core_module.html#include
        # for more information.
        include /etc/nginx/conf.d/*.conf;
    
      server {
        listen 80;
        listen 443 ssl;
        ssl_certificate /var/www/test.com.au.pem;
        ssl_certificate_key /var/www/newkey.pem;
        server_name demo.test.com.au;
        access_log /var/log/prod_demo/access_log;
    
        root /var/www/prod_demo;
    
        location / {
          uwsgi_pass 127.0.0.1:28080;
          include uwsgi_params;
        }
    
        location /static {
             alias /var/www/prod_demo/app/static;
        }
    
        location = /favicon.ico {
                alias    /var/www/prod_demo/app/static/images/favicon.ico;
        }
      }
    
      server {
        listen 80;
        listen 443 ssl;
        ssl_certificate /var/www/test.com.au.pem;
        ssl_certificate_key /var/www/newkey.pem;
        server_name ajtravel.test.com.au;
        access_log /var/log/prod_demo_two/access_log;
    
        root /var/www/prod_demo_two;
    
        location / {
          uwsgi_pass 127.0.0.1:28082;
          include uwsgi_params;
        }
    
        location /static {
             alias /var/www/prod_demo_two/app/static;
        }
    
        location = /favicon.ico {
                alias    /var/www/prod_demo_two/app/static/images/favicon.ico;
        }
      }
    
       #test config
    
      server {
        listen 80;
        listen 443 ssl;
        ssl_certificate /var/www/test.com.au.pem;
        ssl_certificate_key /var/www/newkey.pem;
        server_name demo.test.test.com.au;
        access_log /var/log/prod_demo/access_log;
    
        root /var/www/prod_demo;
    
        location / {
          uwsgi_pass 127.0.0.1:28080;
          include uwsgi_params;
        }
    
        location /static {
             alias /var/www/prod_demo/app/static;
        }
    
        location = /favicon.ico {
                alias    /var/www/prod_demo/app/static/images/favicon.ico;
        }
      }
    
      server {
        listen 80;
        listen 443 ssl;
        ssl_certificate /var/www/test.com.au.pem;
        ssl_certificate_key /var/www/newkey.pem;
        server_name ajtravel.test.test.com.au;
        access_log /var/log/prod_demo_two/access_log;
    
        root /var/www/prod_demo_two;
    
        location / {
          uwsgi_pass 127.0.0.1:28082;
          include uwsgi_params;
        }
    
        location /static {
             alias /var/www/prod_demo_two/app/static;
        }
    
        location = /favicon.ico {
                alias    /var/www/prod_demo_two/app/static/images/favicon.ico;
        }
      }
    }
    
  4. /etc/init/uwsgi-prod-demo.conf

    # https://uwsgi.readthedocs.org/en/latest/Upstart.html
    # /etc/init/uwsgi.conf
    # simple uWSGI script
    
    description "uwsgi tiny instance"
    #start on runlevel [2345]
    #stop on runlevel [06]
    
    start on started elastic-network-interfaces
    
    exec /var/www/venv/bin/uwsgi --ini /var/www/uwsgi-prod_demo.ini
    
  5. /var/www/uwsgi-prod_demo.ini

    [uwsgi]
    uid = www
    gid = www
    socket = :28080
    chdir = /var/www/prod_demo
    master = True
    venv = /var/www/venv
    callable = app
    wsgi-file = /var/www/prod_demo/manage.py
    enable-threads = True
    
Stomacher answered 1/12, 2014 at 3:49 Comment(3)
I use user ec2 group www-data , is that ok.I found move project file under /var/www/ is a very good practice.Sartin
@tyan I'm still no expert on this security, though I do not think this is a good idea. In the event of an security flaw in your application the user may be able to elevate themselves to root. The www user I set up can not use the su.Stomacher
but nginx defaults to www-data on ubuntu . why should we set up another usr and a new group instead of use the default >Sartin

© 2022 - 2024 — McMap. All rights reserved.