0

I've gone through the answers provided in similar posts but I am still getting a Connection refused error when trying to connect to git.example.com.

The exact nginx error message is as follows

2019/11/05 17:16:09 [error] 12175#12175: *1 connect() to unix:/tmp/fcgiwrap.sock failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: git.example.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/fcgiwrap.sock:", host: "git.example.com", referrer: "https://example.com/"

ls -l /tmp/fcgiwrap.sock gives

srwxrwxr-x 1 www-data www-data 0 Jul 3 00:56 /tmp/fcgiwrap.sock

I've given write permission to the socket file just in case via chmod g+w /tmp/fcgiwrap.sock.

ps aux | grep nginx gives the following

root     11203 0.0 0.1 47572 1412 ?    Ss 07:17 0:00 nginx: master process /usr/sbin/nginx
www-data 11204 0.0 0.6 47788 6116 ?    S  07:17 0:01 nginx: worker process
www-data 11205 0.0 0.3 47572 2856 ?    S  07:17 0:02 nginx: worker process
www-data 11206 0.0 0.4 47572 5632 ?    S  07:17 0:02 nginx: worker process
www-data 11207 0.0 0.0 47572 2856 ?    S  07:17 0:02 nginx: worker process
pi       11996 0.0 0.0 4733  576  ?    S  07:17 0:01 grep nginx

Nginx user is www-data. I suspect it's my nginx conf file. Note that I have both git.example.com and example.com listening on port 443, but I have an A record for git prefix in my DNS settings.

server {
  listen 443 ssl;
  server_name git.example.com;

  location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
    root /usr/share/nginx/example/git;
    auth_basic "Restricted";
    auth_basic_user_file /usr/share/nginx/example/.gitpasswd;
    fastcgi_pass  unix:/tmp/fcgiwrap.sock;
    fastcgi_param SCRIPT_FILENAME   /usr/lib/git-core/git-http-backend;
    fastcgi_param PATH_INFO         $uri;
    fastcgi_param GIT_PROJECT_ROOT  /usr/share/nginx/example/git;
    fastcgi_param GIT_HTTP_EXPORT_ALL "";
    fastcgi_param REMOTE_USER $remote_user;
    include fastcgi_params;
  }
  location /index.cgi {
    root /usr/share/gitweb;
    include fastcgi_params;
    gzip off;
    fastcgi_param SCRIPT_NAME $uri;
    fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
    fastcgi_pass unix:/tmp/fcgiwrap.sock;
  }
  location / {
    root /usr/share/gitweb;
    index index.cgi;
  }

  ssl_certificate /.../fullchain.pem;
  ssl_certificate /.../privkey.pem;


}

Note that I have fcgiwrap and spawn-fcgi installed and running albeit giving me a Setting locale failed error -- it automatically falls back to locale ("en_GB.UTF-8").

UPDATE

here it states the error means fcgiwrap isn't running on that socket file.

I've followed this nginx tutorial to include /usr/share/doc/fcgiwrap/examples/nginx.conf in my conf server block where fastcgi_pass unix:/tmp/fcgiwrap.sock in nginx.conf file... but still no dice.

What I've tried so far

  1. gitweb.cgi was created by root but I've given it read permission with chmod +x.
  2. restarting fcgiwrap, nginx
  3. Someone said it could be a php-fpm issue...so I made sure its conf in /etc/php/7.0/fpm/pool.d/www.conf listen parameter was assigned to the correct sock /tmp/php7.0-fpm.sock that allowed read/write for www-data
pairwiseseq
  • 173
  • 1
  • 1
  • 8
  • Have you ensured that SELinux/AppArmor are not interfering? What does `netstat -nlp | grep 443` have to show? – t3ddftw Nov 05 '19 at 18:14
  • I had to run it as `sudo`. It gives `tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 12904/nginx: master`. – pairwiseseq Nov 05 '19 at 18:17
  • Yes, sorry -- I presumed you were already su'd as root. Did you check for SELinux/AppArmor? `sudo getenforce` for SELinux and `sudo aa-status` for AppArmor. – t3ddftw Nov 05 '19 at 18:18
  • No worries. I tried your commands, but both gives me `command not found`. – pairwiseseq Nov 05 '19 at 18:21

0 Answers0