FlaskSocket-IO configuration with Nginx and Gunicorn - python

Not sure if I misconfigured my application but I am getting the following error from my FlaskSocket-IO application in /var/log/nginx/error.log. Could someone advice what went wrong?
2022/11/17 17:23:48 [crit] 132962#132962: *330 connect() to unix:/home/ubuntu/python_flask/python_flask.sock failed (2: No such file or directory) while connecting to upstream, client: 70.51.xxx.xxx, server: www.somesite.io, request: "GET /socket.io/?EIO=3&transport=websocket HTTP/1.1", upstream: "http://unix:/home/ubuntu/python_flask/python_flask.sock:/socket.io/?EIO=3&transport=websocket", host: "www.somesite.io"
Below you can also see how I have configured NginX and Gunicorn service.
/etc/nginx/sites-enabled/somesite.io
server {
listen 80;
server_name www.somesite.io somesite.io;
access_log /var/log/nginx/example.log;
location /socket.io {
proxy_pass http://unix:/home/ubuntu/python_flask/python_flask.sock;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location / {
proxy_pass http://unix:/home/ubuntu/python_flask/python_flask.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.somesite.io somesite.io;
location /socket.io {
proxy_pass http://unix:/home/ubuntu/python_flask/python_flask.sock;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location / {
proxy_pass http://unix:/home/ubuntu/python_flask/python_flask.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/somesite.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/somesite.io/privkey.pem;
}
/etc/systemd/system/gunicorn3.service
[Unit]
Description=Gunicorn Service
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/python_flask
ExecStart=/usr/bin/gunicorn3 --workers 1 --bind unix:python_flask.sock -m 007 app:app

Related

502 Bad Gateway nginx, I have one dominion for two distinct apps (FLASK and DJANGO). I'm using one index page to distribute routes

I think this erros happens, because of proxy_pass is incorrect, if someone has any idea please tell me thanks
NGINX FILE
proxy_cache_path /var/nginx/cache/project
keys_zone=djangoproject_cache:60m;
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/javascript application/x-javascript;
gzip_vary on;
gzip_disable msie6;
upstream appserver {
server unix:/home/dir/projects/djangoproject/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name www.subdominion.dominion www.subdominion.dominion;
add_header X-Frame-Options "SAMEORIGIN";
ssl_certificate certificate.crt;
ssl_certificate_key certificate.key;
ssl on;
server_tokens off;
root /var/www/html/;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location /djangoproject{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
rewrite ^/djangoproject(.*) /$1 break;
proxy_pass http://unix:/home/sftpserver/projects/podaexpress/gunicorn.sock; -- I think the error is here
try_files $uri #proxy_to_appserver;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
sendfile_max_chunk 1024k;
root /home/dir/projects/djangoproject/static;
proxy_read_timeout 90;
}
location /flaskproject{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
rewrite ^/flaskproject(.*) /$1 break;
proxy_pass http://unix:/home/dir/projects/flaskproject/gunicorn.sock;
proxy_read_timeout 90;
}
location #proxy_to_appserver {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_redirect off;
proxy_pass http://appserver;
}
}
using this nginx file I got one page manager index.html, in this page has two buttons with href link for my dominion/djangoproject or dominion/flaskproject , everything is correct until here, but when I click in button whose link directs for another project has one error http 502, but gunicorn file is correct
gunicorn file from djangoproject
#!/bin/bash
NAME="djangoproject" # Name of the application (*)
DJANGODIR=/home/dir/projects/djangoproject/ # Django project directory (*)
SOCKFILE=/home/dir/projects/djangoproject/gunicorn.sock # we will communicate using this unix socket (*)
USER=root # the user to run as (*)
GROUP=root # the group to run as (*)
NUM_WORKERS=15 # how many worker processes should Gunicorn spawn (*)
DJANGO_SETTINGS_MODULE=project.qasettings # which settings file should Django use (*)
DJANGO_WSGI_MODULE=project.wsgi # WSGI module name (*)
echo "------------- INICIANDO $NAME gunicorn -------------"
# Activate the virtual environment
cd $DJANGODIR
source /home/dir/projects/djangoproject/bin/activate
export DJANGO_SETTINGS_MODULE=$DJANGO_SETTINGS_MODULE
export PYTHONPATH=$DJANGODIR:$PYTHONPATH
# Create the run directory if it doesn't exist
RUNDIR=$(dirname $SOCKFILE)
test -d $RUNDIR || mkdir -p $RUNDIR
# Start your Django Unicorn Programs meant to be run under supervisor should not daemonize themselves (do not use --daemon)
exec /home/dir/projects/djangoproject/bin/gunicorn ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--user $USER \
--bind=unix:$SOCKFILE \
--daemon
in both links I get the correct url example https://subdominion.dominion.com.br/djangoprojects or https://subdominion.dominion.com.br/flaskproject

Flask with gunicorn on nginx 502 bad gateway error

After some ubuntu 16.04 upgrades and app code modifications, my Flask on gunicorn and nginx website which previously was working is now giving a 502 bad gateway error.
myapp.conf:
upstream app_server_wsgiapp {
server localhost:8000 fail_timeout=0;
}
server {
listen 80;
server_name www.myserver.com;
access_log /var/log/nginx/www.myapp.access.log;
error_log /var/log/nginx/www.myapp.error.log info;
keepalive_timeout 5;
location /static {
autoindex on;
alias /myapp/static;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app_server_wsgiapp;
break;
}
client_max_body_size 2097152;
#to get around upstream sent too big header while reading response header from upstream error
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
# this section allows Nginx to reverse proxy for websockets
location /socket.io {
proxy_pass http://app_server_wsgiapp/socket.io;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
/var/log/nginx/myapp.error.log
2017/06/11 06:42:52 [error] 31054#31054: *1 connect() failed (111: Connection refused) while connecting to upstream, client: clientip, server: www.myserver.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8000/", host: "www.myapp.com"
From my apps log file I note that Flask gets part of the way through starting up, then restarts in a continuous fail/restart loop.
Any ideas how I can go about debugging what could be causing this issue?

Looks like the problem is caused by flask app running error. Could you please try to run the app in interactive way? With same params and environment settings in daemon way and check whether the service can be started correctly?

https not workking AWS ELB(ssl cert) + FLASK + NGNIX

I have a AWS Load balancer with SSL which is pointing to a ec2(windows) on 80, i.e on LB,
https 443 http 80
However the app i'm running is on another port 9100 which is configured in ngnix, now i'm unable to access the server via https
Please help me out on this
here is my nginx config,
server {
listen 80;
server_name mydomain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:9100;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}

There are many examples of Nginx with https around. Merging the Nginx HTTPS documentation with your sample configuration gives something like:
server {
listen 80;
listen 443 ssl;
server_name mydomain.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:9100;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
This will get Nginx to serve traffic as HTTPS on port 443. You would need to update the ELB to send HTTPS traffic to port 443 if it's coming via that device.
You would also need to update the Nginx ssl_certificate & ssl_certificate_key options to point to somewhere on the EC2 instance that contains those files.

Bokeh server + reverse-proxying with Nginx gives 404

I'm trying to set up a Bokeh server and reverse proxy it with Nginx.
My p-website.conf now looks like:
server {
listen 80;
server_name website.com;
client_max_body_size 25M;
access_log /var/www/logs/p-website.access.nginx.log;
error_log /var/www/logs/p-website.error.nginx.log error;
root /var/www/pydocs/website/production/src;
include global/restrictions.conf;
location /plot/ {
proxy_pass http://website.com:5100;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS, this helps Rack
# set the proper protocol for doing redirects:
# proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_connect_timeout 10;
proxy_read_timeout 60s;
proxy_pass http://production_website_gunicorn;
}
}
On the server I run the Bokeh server with:
bokeh serve bokehserver.py --port 5100 --host website.com:80
But when I visit website.com/plot/ I get a 404 from Bokeh and the servers terminal gives me: WARNING:tornado.access:404 GET / ("here was ip address") 3.04ms
I don't understand why it always gives a 404, or has it something to do with Nginx?
Thanks!
Update 30/06
Ok, I think I'm a step further, and hopefully in the good direction.
My p-website.conf now looks like:
server {
listen 80 default_server;
server_name website.com;
client_max_body_size 25M;
access_log /var/www/logs/p-website.access.nginx.log;
error_log /var/www/logs/p-website.error.nginx.log error;
root /var/www/pydocs/magnify/production/src;
include global/restrictions.conf;
location / {
allow 127.0.0.1:5100
proxy_pass http://127.0.0.1:5100;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
}
I now run the server with:
bokeh serve bokehserver.py --port 5100 --host 127.0.0.1:80
Now I don't get the 404 any more, but a "403: Forbidden" when I go to website.com:5100/bokehserver/. And this message on in the bokehserver terminal:
INFO:bokeh.server.tornado:Rejected connection from host 'website.com:5100' because it is not in the --host whitelist
WARNING:tornado.access:403 GET /bokehserver/ (213.152.161.35) 0.78ms
I tried to fix the whitelist problem by adding allow 127.0.0.1:5100 in the p-website.conf, no luck.

I figured it out, apparently you need to add --prefix= with same location to the Bokeh command:
bokeh serve bokehserver.py --port 5100 --prefix=/plot/ --host website.com:80
And the location block in p-website.conf will look like:
location /plot/ {
proxy_pass http://127.0.0.1:5100;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}

Socket-Management in Nginx with Flask - Why is Cross-Origin Request Blocked?

I want to create a socket in Flask-SocketIO through Nginx and Unicorn. The following configuration works on localhost without Nginx.
When I access the web application through Nginx in Chrome, i get the error:
Failed to load resource: Could not connect to the server.
http://52.34.18.48:6419/socket.io/?EIO=3&transport=polling&t=1454455363683-6
When I access the web application through Nginx in Firefox, I get the error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at
http://52.34.18.48:6419/socket.io/?EIO=3&transport=polling&t=1454464333740-25. (Reason: CORS request failed).
This is how I initialize the socket connection in JavaScript:
import io from "socket.io-client"
const socketUrl = 'http://' + document.domain + ':6419' + '/FlaskApp'
const socket = io(socketUrl);
export default socket;
My Nginx config file looks like this:
server {
listen 80;
server_name 52.34.18.48;
error_log /var/www/Flaskapp/nginx_errorlog.log;
access_log /var/www/Flaskapp/nginx_accesslog.log;
root /var/www/Flaskapp;
location /socket.io {
proxy_pass http://127.0.0.1:6419/socket.io;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://127.0.0.1:6419;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
The Gunicorn command I used is:
gunicorn --worker-class eventlet -w 1 -b 127.0.0.1:6419 flask_app:application
I wrapped the socket in the Flask application like this.
from flask_app import application
from flask_socketio import SocketIO
socketio = SocketIO(application)
Why do I get this error via Nginx but not when connecting via localhost? How can I access the socket.io via Nginx correctly?

Categories

Resources