Nginx permission denied for upstream unix socket

Hi,

I’m running nginx under CentOS 7 as a local proxy for a puppetmaster. I
get the following error for every agent trying to connect to the master:

"[crit] 8543#0: *13 connect() to
unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission
denied) while connecting to upstream, client: 192.168.122.189, server: ,
request: “PUT /production/report/master.puppet.local HTTP/1.1”,
upstream:
http://unix:/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local”,
host: “master.puppet.local:8140"”

But:
srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35
/var/run/puppet/puppetmaster_puma.sock

The socket seems to be read/write able for everyone on the system? Why
throws nginx a “permission denied” massage?

And here is my nginx config:

define our puma backend

upstream puppetmaster_puma {
server unix:/var/run/puppet/puppetmaster_puma.sock;
}

define our proxy for breaking up SSL

server {
ssl on;
ssl_certificate
/var/lib/puppet/ssl/certs/master.puppet.local.pem;
ssl_certificate_key
/var/lib/puppet/ssl/private_keys/master.puppet.local.pem;
ssl_verify_client optional;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
listen 192.168.122.189:8140 ssl;
root /var/empty;
location / {
proxy_pass http://puppetmaster_puma;
}
}

nginx is running in version 1.6.1,

On Monday 25 August 2014 15:21:44 Tim wrote:

http://unix:/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local”,

host: “master.puppet.local:8140"”

But:
srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35
/var/run/puppet/puppetmaster_puma.sock

The socket seems to be read/write able for everyone on the system? Why
throws nginx a “permission denied” massage?

[…]

What about the /var/run/puppet/ directory?

wbr, Valentin V. Bartenev

Am 2014-08-25 15:46, schrieb Valentin V. Bartenev:

denied) while connecting to upstream, client: 192.168.122.189, server:
/var/run/puppet/puppetmaster_puma.sock

The socket seems to be read/write able for everyone on the system? Why
throws nginx a “permission denied” massage?

[…]

What about the /var/run/puppet/ directory?

seems to be fine:

drwxr-xr-x. 2 puppet puppet 100 25. Aug 10:35 /var/run/puppet

(the nginx user is in the puppet group btw). Even setting the
permissions to 777 didn’t fix the issue.

I found the issue by myself. selinux was blocking the access to the
socket. This is now fixed.

Am 2014-08-25 15:51, schrieb Tim:

Le 2014-08-25 09:51, Tim a écrit :

unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission
srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35
seems to be fine:
nginx mailing list
[email protected]
nginx Info Page


nginx mailing list
[email protected]
nginx Info Page

Hi,

Have you checked your SELinux permissions? According to your “ls -l”,
you would have SELinux enabled on those files/sockets (the “.” in the
output). I would check SELinux settings to allow access from nginx to
the socket.

Sincerely,

Edwin