在运行Ubuntu 21.10 impish的Digital Ocean上,我正在将一个基本的Rails 7.0.0.alpha2应用程序部署到生产环境中。我将nginx设置为反向代理服务器,以便与作为Rails服务器的彪马进行通信。
我希望在没有sudo root权限的情况下使用systemctl将puma作为服务运行。为此,我在位于~/.config/systemd/user的用户主文件夹中设置了一个puma服务,该服务已启用并按我期望的方式运行。
systemctl status --user puma_master_cms_production
报告以下
● puma_master_cms_production.service - Puma HTTP Server for master_cms (production)
Loaded: loaded (/home/comtechmaster/.config/systemd/user/puma_master_cms_production.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-11-18 22:31:02 UTC; 1h 18min ago
Main PID: 1577 (ruby)
Tasks: 10 (limit: 2338)
Memory: 125.1M
CPU: 2.873s
CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/puma_master_cms_production.service
└─1577 puma 5.5.2 (unix:///home/comtechmaster/apps/master_cms/shared/tmp/sockets/puma_master_cms_production.sock)
Nov 18 22:31:02 master-cms systemd[749]: Started Puma HTTP Server for master_cms (production).
rails production.log为空。puma错误日志显示以下
cat log/puma_error.log
=== puma startup: 2021-11-18 22:31:05 +0000 ===
pid文件存在于应用程序根共享/tmp/pids文件夹中
ls tmp/pids
puma.pid puma.state
nginx需要但由于拒绝权限而无法连接的套接字存在
ls -l ~/apps/master_cms/shared/tmp/sockets/
total 0
srwxrwxrwx 1 comtechmaster comtechmaster 0 Nov 18 22:31 puma_master_cms_production.sock
nginx正在运行并提供
502坏网关
响应。nginx错误日志报告以下错误
2021/11/18 23:18:43 [crit] 1500#1500: *25 connect() to unix:/home/comtechmaster/apps/master_cms/shared/tmp/sockets/puma_master_cms_production.sock failed (13: Permission denied) while connecting to upstream, client: 86.160.191.54, server: 159.65.50.229, request: "GET / HTTP/2.0", upstream: "http://unix:/home/comtechmaster/apps/master_cms/shared/tmp/sockets/puma_master_cms_production.sock:/500.html"
sudonginx-t报告以下
sudo nginx -t
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfu
对于错误中报告的路径,ls和sudo ls都显示
ls /home/comtechmaster/apps/master_cms/shared/tmp/sockets/
puma_master_cms_production.sock
正如预期的那样,所以我很难理解为什么使用sudo service nginx start作为root运行的nginx被拒绝访问现有的套接字,该套接字由本地用户而不是root所有。
我预计解决方案将是完全显而易见的,但我看不出是什么
这个问题最终与用户主文件夹的文件夹权限有关,特别是Ububntu 20.10设置权限的方式与以前版本的ubuntu不同,或者至少与DigitalOcean设置脚本的行为方式不同。这是通过来自/home的针对相关用户文件夹(例如(的简单命令行chmod o=rx解决的
cd /home
chmod o=rx the_home_folder_for_user