I am trying to serve a simple API by following this digitalocean tutorial.
For testing I was earlier serving the API through gunicorn by doing a
$ gunicorn --bind 0.0.0.0:5000 trumporate.wsgi:app
And curling the API endpoint works inside the ec2 box
$ curl -X GET http://0.0.0.0:5000/api/v1/trump/rant/
{
"foo": "bar"
}
Now I shifted this gunicorn process to run at startup by making a systemd service
# /etc/systemd/system/trumporate.service
[Unit]
Description=Gunicorn instance for trumporate
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/var/opt/trumporate
ExecStart=/usr/local/bin/gunicorn --workers 3 --bind unix:trumporate.sock -m 007 --access-logfile /var/log/trumporate/gunicorn-access.log --error-logfile /var/log/trumporate/gunicorn-error.log trumporate.wsgi:app
[Install]
WantedBy=multi-user.target
I have created the files
/var/log/trumporate/gunicorn-error.log
/var/log/trumporate/gunicorn-access.log
and changed the ownership and group to ubuntu
After enabling the service and rebooting, I checked the status
$ sudo systemctl status trumporate.service
● trumporate.service - Gunicorn instance for trumporate
Loaded: loaded (/etc/systemd/system/trumporate.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2017-05-03 06:30:26 UTC; 1h 2min ago
Main PID: 1122 (gunicorn)
Tasks: 4
Memory: 92.2M
CPU: 1.390s
CGroup: /system.slice/trumporate.service
├─1122 /usr/bin/python3 /usr/local/bin/gunicorn --workers 3 --bind unix:trumporate.sock -m 007 --access-logfile /var/log/trumporate/gunicorn-access.log --error-logfile /var/log/trumporate/gunic
├─1264 /usr/bin/python3 /usr/local/bin/gunicorn --workers 3 --bind unix:trumporate.sock -m 007 --access-logfile /var/log/trumporate/gunicorn-access.log --error-logfile /var/log/trumporate/gunic
├─1266 /usr/bin/python3 /usr/local/bin/gunicorn --workers 3 --bind unix:trumporate.sock -m 007 --access-logfile /var/log/trumporate/gunicorn-access.log --error-logfile /var/log/trumporate/gunic
└─1267 /usr/bin/python3 /usr/local/bin/gunicorn --workers 3 --bind unix:trumporate.sock -m 007 --access-logfile /var/log/trumporate/gunicorn-access.log --error-logfile /var/log/trumporate/gunic
May 03 06:30:26 ip-172-31-25-173 systemd[1]: Started Gunicorn instance for trumporate.
Following the DO tutorial, I tried configuring nginx to proxy incoming requests on port 80
$ cat /etc/nginx/sites-available/trumporate
server {
listen 80;
server_name private_ip_address;
location / {
include proxy_params;
proxy_pass http://unix:/var/opt/trumporate/trumporate.sock;
}
}
And then did a
$ ln -s /etc/nginx/sites-available/trumporate /etc/nginx/sites-enabled
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now if I try to do GET request to the API endpoint from outside the ec2 box
$ curl -X GET http://public_ip/api/v1/trump/rant
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.10.0 (Ubuntu)</center>
</body>
</html>
Same case when I try to do it from inside the ec2 container too
$ curl -X GET http://localhost:80/api/v1/trump/rant/
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.10.0 (Ubuntu)</center>
</body>
</html>
log files
# /var/log/nginx/access.log
dev_box_ip - - [03/May/2017:05:50:45 +0000] "GET /api/v1/trump/rant/ HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36"
127.0.0.1 - - [03/May/2017:06:13:26 +0000] "GET /api/v1/trump/rant/ HTTP/1.1" 404 178 "-" "curl/7.47.0"
dev_box_ip - - [03/May/2017:07:42:42 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36"
/var/log/nginx$ cat error.log
/var/log/nginx$
/var/log/trumporate$ cat gunicorn-access.log
/var/log/trumporate$
$ cat gunicorn-error.log
[2017-05-03 06:28:41 +0000] [1884] [INFO] Starting gunicorn 19.7.1
[2017-05-03 06:28:41 +0000] [1884] [INFO] Listening at: unix:trumporate.sock (1884)
[2017-05-03 06:28:41 +0000] [1884] [INFO] Using worker: sync
[2017-05-03 06:28:41 +0000] [1889] [INFO] Booting worker with pid: 1889
[2017-05-03 06:28:41 +0000] [1890] [INFO] Booting worker with pid: 1890
[2017-05-03 06:28:41 +0000] [1891] [INFO] Booting worker with pid: 1891
[2017-05-03 06:29:48 +0000] [1884] [INFO] Handling signal: term
[2017-05-03 06:29:48 +0000] [1889] [INFO] Worker exiting (pid: 1889)
[2017-05-03 06:29:48 +0000] [1890] [INFO] Worker exiting (pid: 1890)
[2017-05-03 06:29:48 +0000] [1891] [INFO] Worker exiting (pid: 1891)
[2017-05-03 06:29:49 +0000] [1884] [INFO] Shutting down: Master
[2017-05-03 06:30:27 +0000] [1122] [INFO] Starting gunicorn 19.7.1
[2017-05-03 06:30:27 +0000] [1122] [INFO] Listening at: unix:trumporate.sock (1122)
[2017-05-03 06:30:27 +0000] [1122] [INFO] Using worker: sync
[2017-05-03 06:30:27 +0000] [1264] [INFO] Booting worker with pid: 1264
[2017-05-03 06:30:27 +0000] [1266] [INFO] Booting worker with pid: 1266
[2017-05-03 06:30:28 +0000] [1267] [INFO] Booting worker with pid: 1267
/var/log/trumporate$
EDIT
Relevant part of the flask app
#app.route('/api/v1/trump/rant/')
def return_rant():
foo = # logic
return jsonify(rant=foo)
Did you do nginx -s reload && systemctl restart nginx?
Another thing which you could try is to make the bindings on a http port instead of a socket:
--bind 127.0.0.1:6767 #in systemd config
and change nginx config as follows:
location / {
include proxy_params;
proxy_redirect off;
proxy_pass http://127.0.0.1:6767;
}
Also why do you have private_ip in nginx config?
server_name private_ip_address;
Change that to
server_name "_";
# OR
server_name PUBLIC_IP;
and remove all default configs from /etc/nginx/site-enabled
1) use of server_name private_ip_address;?
Nginx uses the server_name to check with the host header of the incoming request, and that isn't the private address. (You usually access using either a domain name or the public address in the URL bar)
2) I deleted /etc/nginx/site-enabled/default dir to make things to get to working.
If your server_name is not set correctly, nginx processes the request using the default file or the server block containing default_server. Thus I asked you to delete that file just in case there was an issue with your server name ^_^
Also, what difference would it make to the performance of the API if I am binding it to a port instead of the socket file as suggested by the blog post?
This would typically be premature optimization, any difference you get will purely be within a margin of error compared to the bottlenecks caused by flask/python and especially database connections. Though please take this with a grain of salt as I do not have any reliable source to quote this on.
Related
I tried to deploy very simple Flask application:
import flask
app = flask.Flask(__name__)
#app.route('/', methods=['GET'])
def home():
return '<h1>Hello!</h1></p>'
app.run()
I followed some official tutorials, created App Service in Azure Portal, deployed app using Local Git solution. Application is deployed, but when I try to browse it, I get:
:( Application Error. If you are the application administrator, you can access the diagnostic resources.
My logs:
2022-09-22T14:24:17.032341362Z
2022-09-22T14:24:17.032431764Z _____
2022-09-22T14:24:17.032440964Z / _ \ __________ _________ ____
2022-09-22T14:24:17.032445564Z / /_\ \___ / | \_ __ \_/ __ \
2022-09-22T14:24:17.032449964Z / | \/ /| | /| | \/\ ___/
2022-09-22T14:24:17.032454364Z \____|__ /_____ \____/ |__| \___ >
2022-09-22T14:24:17.032458965Z \/ \/ \/
2022-09-22T14:24:17.032463265Z
2022-09-22T14:24:17.032467265Z A P P S E R V I C E O N L I N U X
2022-09-22T14:24:17.032471165Z
2022-09-22T14:24:17.032474965Z Documentation: http://aka.ms/webapp-linux
2022-09-22T14:24:17.032489065Z Python 3.9.7
2022-09-22T14:24:17.032493765Z Note: Any data outside '/home' is not persisted
2022-09-22T14:24:17.180055832Z Starting OpenBSD Secure Shell server: sshd.
2022-09-22T14:24:17.215008000Z App Command Line not configured, will attempt auto-detect
2022-09-22T14:24:17.433349825Z Starting periodic command scheduler: cron.
2022-09-22T14:24:17.442192344Z Launching oryx with: create-script -appPath /home/site/wwwroot -output /opt/startup/startup.sh -virtualEnvName antenv -defaultApp /opt/defaultsite
2022-09-22T14:24:17.556237878Z Found build manifest file at '/home/site/wwwroot/oryx-manifest.toml'. Deserializing it...
2022-09-22T14:24:17.562671538Z Output is compressed. Extracting it...
2022-09-22T14:24:17.564241977Z Build Operation ID: |OgP/jQgIHgU=.1da790b7_
2022-09-22T14:24:17.564259877Z Oryx Version: 0.2.20220825.1, Commit: 24032445dbf7bf6ef068688f1b123a7144453b7f, ReleaseTagName: 20220825.1
2022-09-22T14:24:17.565391205Z Extracting '/home/site/wwwroot/output.tar.gz' to directory '/tmp/8da9ca604221f20'...
2022-09-22T14:24:18.725265722Z App path is set to '/tmp/8da9ca604221f20'
2022-09-22T14:24:19.018530608Z Detected an app based on Flask
2022-09-22T14:24:19.405035911Z Generating `gunicorn` command for 'index:app'
2022-09-22T14:24:19.456995902Z Writing output script to '/opt/startup/startup.sh'
2022-09-22T14:24:19.689506779Z Using packages from virtual environment antenv located at /tmp/8da9ca604221f20/antenv.
2022-09-22T14:24:19.690332099Z Updated PYTHONPATH to ':/opt/startup/app_logs:/opt/startup/code_profiler:/tmp/8da9ca604221f20/antenv/lib/python3.9/site-packages'
2022-09-22T14:24:20.556171311Z [2022-09-22 14:24:20 +0000] [77] [INFO] Starting gunicorn 20.1.0
2022-09-22T14:24:20.595370385Z [2022-09-22 14:24:20 +0000] [77] [INFO] Listening at: http://0.0.0.0:8000 (77)
2022-09-22T14:24:20.601700442Z [2022-09-22 14:24:20 +0000] [77] [INFO] Using worker: sync
2022-09-22T14:24:20.610324257Z [2022-09-22 14:24:20 +0000] [80] [INFO] Booting worker with pid: 80
2022-09-22T14:24:21.265168226Z * Serving Flask app 'index'
2022-09-22T14:24:21.266054348Z * Debug mode: on
2022-09-22T14:24:21.300157595Z [31m[1mWARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.[0m
2022-09-22T14:24:21.300272498Z * Running on http://127.0.0.1:5000
2022-09-22T14:24:21.301268023Z [33mPress CTRL+C to quit[0m
2022-09-22T14:24:21.308547204Z * Restarting with stat
2022-09-22T14:24:21.760007120Z [2022-09-22 14:24:21 +0000] [81] [INFO] Starting gunicorn 20.1.0
2022-09-22T14:24:21.772788238Z [2022-09-22 14:24:21 +0000] [81] [ERROR] Connection in use: ('0.0.0.0', 8000)
2022-09-22T14:24:21.773676260Z [2022-09-22 14:24:21 +0000] [81] [ERROR] Retrying in 1 second.
2022-09-22T14:24:22.779581652Z [2022-09-22 14:24:22 +0000] [81] [ERROR] Connection in use: ('0.0.0.0', 8000)
2022-09-22T14:24:22.780698179Z [2022-09-22 14:24:22 +0000] [81] [ERROR] Retrying in 1 second.
2022-09-22T14:24:23.781856453Z [2022-09-22 14:24:23 +0000] [81] [ERROR] Connection in use: ('0.0.0.0', 8000)
2022-09-22T14:24:23.783124685Z [2022-09-22 14:24:23 +0000] [81] [ERROR] Retrying in 1 second.
2022-09-22T14:24:24.787329534Z [2022-09-22 14:24:24 +0000] [81] [ERROR] Connection in use: ('0.0.0.0', 8000)
2022-09-22T14:24:24.788615966Z [2022-09-22 14:24:24 +0000] [81] [ERROR] Retrying in 1 second.
2022-09-22T14:24:25.792686075Z [2022-09-22 14:24:25 +0000] [81] [ERROR] Connection in use: ('0.0.0.0', 8000)
2022-09-22T14:24:25.794038102Z [2022-09-22 14:24:25 +0000] [81] [ERROR] Retrying in 1 second.
2022-09-22T14:24:26.795751866Z [2022-09-22 14:24:26 +0000] [81] [ERROR] Can't connect to ('0.0.0.0', 8000)
2022-09-22T14:24:26.839176431Z [2022-09-22 14:24:26 +0000] [80] [INFO] Worker exiting (pid: 80)
2022-09-22T14:24:26.928820618Z [2022-09-22 14:24:26 +0000] [84] [INFO] Booting worker with pid: 84
It happens all the time, starting, problem with port, restarting, again and again. As I said, I just followed tutorials, didn't change any port or IP address...
I found a solution. My code was development version - in logs was a warning:
WARNING: This is a development server. Do not use it in a production
deployment. Use a production WSGI server instead
I changed code as was answered in Flask at first run: Do not use the development server in a production environment :
import flask
app = flask.Flask(__name__)
#app.route('/', methods=['GET'])
def home():
return '<h1>Hello!</h1></p>'
# debug app:
# app.run()
if __name__ == "__main__":
from waitress import serve
serve(app, host="0.0.0.0", port=8080)
Now application is deployed to Azure and working properly.
I am running a Flask app on a Ubuntu Linode Server using Gunicorn to serve the app and nginx as a reverse proxy.
I have one app running successfully, but I have a second app where I'm running in to the following problem.
What does work
when I run FLASK_APP=tester.py python3 -m flask run
This works, tester.py runs the app bound to 0.0.0.0 on port 5100 and I can access it from my browser.
when I run gunicorn --bind 0.0.0.0:5100 wsgi:app
This also works, as my wsgi.py imports my app object making it accessible for wsgi
Useful details
which python gives me /usr/bin/python
which pip gives /usr/bin/pip and which pip3 gives /usr/bin/pip3
which python3 gives me /usr/bin/python3
which gunicorn gives me /usr/bin/gunicorn
I am not using a virtual environment since boths app have near identical dependencies
What's not working
I created a service for forwarding traffic with nginx with:
/etc/systemd/system/testpad.service
[Unit]
# specifies metadata and dependencies
Description=Gunicorn instance to serve myproject
After=network.target
# tells the init system to only start this after the networking target has been reached
# We will give our regular user account ownership of the process since it owns all of the relevant files
[Service]
# Service specify the user and group under which our process will run.
User=www-data
# give group ownership to the www-data group so that Nginx can communicate easily with the Gunicorn processes.
Group=www-data
# We'll then map out the working directory and set the PATH environmental variable so that the init system knows where our the executabl>
WorkingDirectory=/home/xxx/xxx
# We'll then specify the commanded to start the service
ExecStart=/usr/bin/gunicorn --bind unix:testpad.sock --access-logfile /home/xxx/xxx/accesslog --error-logfile /home/xxx/xxx/errorlog -m 007 wsgi:app
# This will tell systemd what to link this service to if we enable it to start at boot. We want this service to start when the regular m>
[Install]
WantedBy=multi-user.target
when I start the service it runs for a second then I get this from sudo systemctl status testpad
testpad.service - Gunicorn instance to serve myproject
Loaded: loaded (/etc/systemd/system/testpad.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2021-09-06 15:47:59 UTC; 16min ago
Process: 655575 ExecStart=/usr/bin/gunicorn --bind unix:testpad.sock --access-logfile /home/xxx/xxx/acces>
Main PID: 655575 (code=exited, status=1/FAILURE)
Sep 06 15:47:54 microportalbeta systemd[1]: Started Gunicorn instance to serve myproject.
Sep 06 15:47:59 microportalbeta systemd[1]: testpad.service: Main process exited, code=exited, status=1/FAILURE
Sep 06 15:47:59 microportalbeta systemd[1]: testpad.service: Failed with result 'exit-code'.
so when I cat errorlog I get
[2021-09-06 15:21:31 +0000] [655222] [INFO] Worker exiting (pid: 655222)
[2021-09-06 15:21:31 +0000] [655223] [ERROR] Exception in worker process
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/gunicorn/arbiter.py", line 589, in spawn_worker
worker.init_process()
File "/usr/lib/python3/dist-packages/gunicorn/workers/base.py", line 134, in init_process
self.load_wsgi()
File "/usr/lib/python3/dist-packages/gunicorn/workers/base.py", line 146, in load_wsgi
self.wsgi = self.app.wsgi()
File "/usr/lib/python3/dist-packages/gunicorn/app/base.py", line 67, in wsgi
self.callable = self.load()
File "/usr/lib/python3/dist-packages/gunicorn/app/wsgiapp.py", line 58, in load
return self.load_wsgiapp()
File "/usr/lib/python3/dist-packages/gunicorn/app/wsgiapp.py", line 48, in load_wsgiapp
return util.import_app(self.app_uri)
File "/usr/lib/python3/dist-packages/gunicorn/util.py", line 384, in import_app
mod = importlib.import_module(module)
File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 855, in exec_module
File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
File "/home/xxx/xxx/wsgi.py", line 1, in <module>
from run import app
File "/home/xxx/xxx/run.py", line 1, in <module>
from genedflask import create_app, db
File "/home/xxx/xxx/xxx/__init__.py", line 5, in <module>
from flask_login import LoginManager
ModuleNotFoundError: No module named 'flask_login'
[2021-09-06 15:21:31 +0000] [655223] [INFO] Worker exiting (pid: 655223)
[2021-09-06 15:21:32 +0000] [655220] [WARNING] Worker with pid 655223 was terminated due to signal 15
[2021-09-06 15:21:32 +0000] [655220] [WARNING] Worker with pid 655222 was terminated due to signal 15
[2021-09-06 15:21:32 +0000] [655220] [INFO] Shutting down: Master
[2021-09-06 15:21:32 +0000] [655220] [INFO] Reason: Worker failed to boot.
[2021-09-06 15:23:34 +0000] [655249] [INFO] Starting gunicorn 20.1.0
[2021-09-06 15:23:34 +0000] [655249] [ERROR] Retrying in 1 second.
[2021-09-06 15:23:35 +0000] [655249] [ERROR] Retrying in 1 second.
[2021-09-06 15:23:36 +0000] [655249] [ERROR] Retrying in 1 second.
[2021-09-06 15:23:37 +0000] [655249] [ERROR] Retrying in 1 second.
[2021-09-06 15:23:38 +0000] [655249] [ERROR] Retrying in 1 second.
[2021-09-06 15:23:39 +0000] [655249] [ERROR] Can't connect to testpad.sock
[2021-09-06 15:28:44 +0000] [655315] [INFO] Starting gunicorn 20.1.0
[2021-09-06 15:28:44 +0000] [655315] [ERROR] Retrying in 1 second.
[2021-09-06 15:28:45 +0000] [655315] [ERROR] Retrying in 1 second.
[2021-09-06 15:28:46 +0000] [655315] [ERROR] Retrying in 1 second.
[2021-09-06 15:28:47 +0000] [655315] [ERROR] Retrying in 1 second.
[2021-09-06 15:28:48 +0000] [655315] [ERROR] Retrying in 1 second.
[2021-09-06 15:28:49 +0000] [655315] [ERROR] Can't connect to testpad.sock
[2021-09-06 15:31:09 +0000] [655348] [INFO] Starting gunicorn 20.1.0
[2021-09-06 15:31:09 +0000] [655348] [ERROR] Retrying in 1 second.
[2021-09-06 15:31:10 +0000] [655348] [ERROR] Retrying in 1 second.
[2021-09-06 15:31:11 +0000] [655348] [ERROR] Retrying in 1 second.
[2021-09-06 15:31:12 +0000] [655348] [ERROR] Retrying in 1 second.
[2021-09-06 15:31:13 +0000] [655348] [ERROR] Retrying in 1 second.
[2021-09-06 15:31:14 +0000] [655348] [ERROR] Can't connect to testpad.sock
[2021-09-06 15:33:34 +0000] [655387] [INFO] Starting gunicorn 20.1.0
[2021-09-06 15:33:34 +0000] [655387] [ERROR] Retrying in 1 second.
[2021-09-06 15:33:35 +0000] [655387] [ERROR] Retrying in 1 second.
[2021-09-06 15:33:36 +0000] [655387] [ERROR] Retrying in 1 second.
[2021-09-06 15:33:37 +0000] [655387] [ERROR] Retrying in 1 second.
[2021-09-06 15:33:38 +0000] [655387] [ERROR] Retrying in 1 second.
[2021-09-06 15:33:39 +0000] [655387] [ERROR] Can't connect to testpad.sock
[2021-09-06 15:47:54 +0000] [655575] [INFO] Starting gunicorn 20.1.0
[2021-09-06 15:47:54 +0000] [655575] [ERROR] Retrying in 1 second.
[2021-09-06 15:47:55 +0000] [655575] [ERROR] Retrying in 1 second.
[2021-09-06 15:47:56 +0000] [655575] [ERROR] Retrying in 1 second.
[2021-09-06 15:47:57 +0000] [655575] [ERROR] Retrying in 1 second.
[2021-09-06 15:47:58 +0000] [655575] [ERROR] Retrying in 1 second.
[2021-09-06 15:47:59 +0000] [655575] [ERROR] Can't connect to testpad.sock
Not sure why it is not finding flask-login as it is installed under pip and pip3 globally, and is visible when I run pip3 list or pip list.
I assume that once I overcome this hurdle then the testpad.sock file should auto create as it did with my previous app. Most people with this problem I found it was an issue with gunicorn looking at the global environment when people installed dependencies in a virtual environment, which I am not doing in this circumstance.
Any suggestions?
Update
I never did figure out why it could not find the libraries when ran as a service, I even set the PYTHONPATH variable to see if that would help.
What I did do is give up on running as a service and instead just ran the application as a background process on port 8000 and just directed nginx to forward traffic there, and that worked.
Gunicorn works when testing with 0.0.0.0:8000 but failing with the production version below.
Tried switching user:group to myproject:myproject, root:nginx, myproject:nginx nothing working
sudo systemctl status gunicorn
● gunicorn.service - gunicorn daemon
Loaded: loaded (/etc/systemd/system/gunicorn.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-08-30 08:49:57 PDT; 5s ago
Process: 5576 ExecStart=/var/www/myproject/public_py/env/bin/gunicorn --access-logfile - --workers 3 --bind unix:/var/www/myproject/public_py/myproject.sock myproject.wsgi:application (code=exited, status=203/EXEC)
Main PID: 5576 (code=exited, status=203/EXEC)
Aug 30 08:49:57 myprojecthost systemd[1]: Started gunicorn daemon.
Aug 30 08:49:57 myprojecthost systemd[1]: gunicorn.service: Main process exited, code=exited, status=203/EXEC
Aug 30 08:49:57 myprojecthost systemd[1]: gunicorn.service: Failed with result 'exit-code'.
gunicorn.service
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=root
Group=nginx
WorkingDirectory=/var/www/myproject/public_py
ExecStart=/var/www/myproject/public_py/env/bin/gunicorn --access-logfile - --workers 3 --bind unix:/var/www/myproject/public_py/myproject.sock myproject.wsgi:application
[Install]
WantedBy=multi-user.target
Project lives in /var/www/myproject
cat /var/log/nginx/error.log
[crit] 1198#0: *51 connect() to unix:/var/www/myproject/public_py/myproject.sock failed (2: No such file or directory) while connecting to upstream, client: xx.xxx.xx.xxx, server: myproject.com, request: "GET / HTTP/1.1", upstream: "http://unix:/var/www/myproject/public_py/myproject.sock:/", host: "myproject.com"
stat /var/www/myproject/public_py/env/bin/gunicorn
File: /var/www/myproject/public_py/env/bin/gunicorn
Size: 243 Blocks: 8 IO Block: 4096 regular file
Device: fd01h/64769d Inode: 1066021 Links: 1
Access: (0775/-rwxrwxr-x) Uid: ( 0/ root) Gid: ( 984/ nginx)
Context: unconfined_u:object_r:httpd_sys_content_t:s0
Access: 2020-08-30 08:07:44.939754370 -0700
Modify: 2020-08-29 18:16:27.280494281 -0700
Change: 2020-08-30 08:46:09.047708570 -0700
SOLUTION:
nginx was being blocked via SElinux, to resolve change to permissive.
I did the following:
https://github.com/dockersamples/example-voting-app
cd example-voting-app
Inside that there are number of files/folders
MAINTAINERS
LICENSE
Jenkinsfile
ExampleVotingApp.sln
README.md
docker-stack-windows-1809.yml
docker-stack-simple.yml
docker-compose.yml
docker-compose-windows.yml
docker-compose-windows-1809.yml
docker-compose-simple.yml
docker-compose-k8s.yml
docker-compose-javaworker.yml
architecture.png
kube-deployment.yml
k8s-specifications
docker-stack.yml
docker-stack-windows.yml
result
vote
worker
I did cd vote and executed following commands
docker build . -t voting-app
docker run -p 5000:80 voting-app
After I run docker run command, I see the following output, and nothing is happening . I am clueless, as there is no error messages etc.
[root#osboxes vote]# docker run -p 5000:80 voting-app
[2020-06-16 17:59:27 +0000] [1] [INFO] Starting gunicorn 19.10.0
[2020-06-16 17:59:27 +0000] [1] [INFO] Listening at: http://0.0.0.0:80 (1)
[2020-06-16 17:59:27 +0000] [1] [INFO] Using worker: sync
[2020-06-16 17:59:27 +0000] [9] [INFO] Booting worker with pid: 9
[2020-06-16 17:59:27 +0000] [10] [INFO] Booting worker with pid: 10
[2020-06-16 17:59:27 +0000] [11] [INFO] Booting worker with pid: 11
[2020-06-16 17:59:27 +0000] [12] [INFO] Booting worker with pid: 12
Please guide how to fix this issue, and how to get the vote app running on container.
My OS details are as follows:
NAME="CentOS Linux"
VERSION="7 (Core)"
Thanks
In my earlier answer, i got the app working, by building and running each image individually.
Finally, after spending few hours, I am finally able to create docker-compose.yml file and able to run the entire application using the following command:
docker-compose up
Hope it helps other who are struggling to make this application work.
docker-compose.yml
version: "3"
services:
redis:
image: redis
db:
image: postgres:9.4
environment:
- POSTGRES_PASSWORD=postgres
- POSTGRES_HOST_AUTH_METHOD=trust
vote:
image: voting-app
ports:
- 5000:80
links:
- redis
worker:
image: worker-app
links:
- db
- redis
result:
image: result-app
ports:
- 5001:80
links:
- db
After code checkout, I followed the following steps, and got the voting application to run.
change to vote directory
docker run -d --name=redis redis
docker build . -t voting-app
docker run -p 5000:80 --link redis:redis voting-app
docker run -d --name=db -e POSTGRES_PASSWORD=postgres postgres:9.4
change to worker directory
docker build . -t worker-app
docker run --link redis:redis --link db:db worker-app
change to result directory
docker build . -t result-app
docker run -p 5001:80 --link db:db result-app
Access the URLs
http://<IP>:5000/
http://<IP>:5001/
Replace the IP with IP of your machine. Now I can access both the URLs.
I have noticed numerous entries in Tomcat's local_access_log for various resources coming from IP address 127.0.0.1. These are clearly attempts to hack in. For example, here is a request to get access to the "manager" app:
127.0.0.1 - - [30/Apr/2015:13:35:13 +0000] "GET /manager/html HTTP/1.1" 401 2474
here is another one:
127.0.0.1 - - [30/Apr/2015:21:23:37 +0000] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" 404 1016
When decoded, the URL is this:
127.0.0.1 - - [30/Apr/2015:21:23:37 0000] "POST /cgi-bin/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env="yes" -d cgi.fix_pathinfo=1 -d auto_prepend_file=php://input -n HTTP/1.1" 404 1016
There are lots of such entries, all from IP address 127.0.0.1. Obviously, since this is the address of localhost, I can't block it. More over, I am not sure if there is something that I can do about it. Is there possibly an exploit that should be patched up? For instance, is there a version of Tomcat that has a related vulnerability? I am running Tomcat 8.
Much thanks for any advice!
UPDATE: thanks for the suggestion about a proxy. Turned out that httpd was indeed installed and not surprisingly, there are suspicious request. For example:
[Sat Mar 30 17:26:49 2013] [error] [client 5.34.247.59] Invalid URI in request GET /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
[Sat Mar 30 17:26:49 2013] [error] [client 5.34.247.59] Invalid URI in request GET /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0
[Sat Mar 30 17:26:49 2013] [error] [client 5.34.247.59] Invalid URI in request GET /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0
This is not a windows system so cmd.exe has not place for it...
If you have a proxy server running on your computer, that will often receive requests and then call the primary server using the localhost (127.0.0.1) interface.
This could explain why you're logging these requests.