Hi,
I’m running nginx under CentOS 7 as a local proxy for a puppetmaster. I
get the following error for every agent trying to connect to the master:
"[crit] 8543#0: *13 connect() to
unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission
denied) while connecting to upstream, client: 192.168.122.189, server: ,
request: “PUT /production/report/master.puppet.local HTTP/1.1”,
upstream:
“http://unix :/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local”,
host: “master.puppet.local:8140"”
But:
srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35
/var/run/puppet/puppetmaster_puma.sock
The socket seems to be read/write able for everyone on the system? Why
throws nginx a “permission denied” massage?
And here is my nginx config:
define our puma backend
upstream puppetmaster_puma {
server unix:/var/run/puppet/puppetmaster_puma.sock;
}
define our proxy for breaking up SSL
server {
ssl on;
ssl_certificate
/var/lib/puppet/ssl/certs/master.puppet.local.pem;
ssl_certificate_key
/var/lib/puppet/ssl/private_keys/master.puppet.local.pem;
ssl_verify_client optional;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
listen 192.168.122.189:8140 ssl;
root /var/empty;
location / {
proxy_pass http://puppetmaster_puma;
}
}
nginx is running in version 1.6.1,
tim
August 25, 2014, 3:46pm
2
On Monday 25 August 2014 15:21:44 Tim wrote:
“http://unix :/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local”,
host: “master.puppet.local:8140"”
But:
srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35
/var/run/puppet/puppetmaster_puma.sock
The socket seems to be read/write able for everyone on the system? Why
throws nginx a “permission denied” massage?
[…]
What about the /var/run/puppet/ directory?
wbr, Valentin V. Bartenev
tim
August 25, 2014, 3:51pm
3
Am 2014-08-25 15:46, schrieb Valentin V. Bartenev:
denied) while connecting to upstream, client: 192.168.122.189, server:
/var/run/puppet/puppetmaster_puma.sock
The socket seems to be read/write able for everyone on the system? Why
throws nginx a “permission denied” massage?
[…]
What about the /var/run/puppet/ directory?
seems to be fine:
drwxr-xr-x. 2 puppet puppet 100 25. Aug 10:35 /var/run/puppet
(the nginx user is in the puppet group btw). Even setting the
permissions to 777 didn’t fix the issue.
tim
August 25, 2014, 4:27pm
4
I found the issue by myself. selinux was blocking the access to the
socket. This is now fixed.
Am 2014-08-25 15:51, schrieb Tim:
tim
August 25, 2014, 4:26pm
5
Le 2014-08-25 09:51, Tim a écrit :
unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission
srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35
seems to be fine:
nginx mailing list
[email protected]
nginx Info Page
nginx mailing list
[email protected]
nginx Info Page
Hi,
Have you checked your SELinux permissions? According to your “ls -l”,
you would have SELinux enabled on those files/sockets (the “.” in the
output). I would check SELinux settings to allow access from nginx to
the socket.
Sincerely,
Edwin