By Mulagala

2014-05-30 06:37:10 8 Comments

I am working with configuring django project with nginx and gunicorn. While I am accessing my port gunicorn mysite.wsgi:application --bind= in nginx server I am getting the following error in my error log file.

2014/05/30 11:59:42 [crit] 4075#0: *6 connect() to failed (13: Permission denied) while connecting to upstream, client:, server: localhost, request: "GET / HTTP/1.1", upstream: "", host: "localhost:8080"

My nginx.conf file

server {
    listen 8080;
    server_name localhost;
    access_log  /var/log/nginx/example.log;
    error_log /var/log/nginx/example.error.log;

    location / {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;

In the html page I am getting 502 Bad Gateway.

What mistake am I doing?


@joebarbere 2014-07-18 17:35:14

I had a similar issue getting Fedora 20, Nginx, Node.js, and Ghost (blog) to work. It turns out my issue was due to SELinux.

This should solve the problem:

setsebool -P httpd_can_network_connect 1


I checked for errors in the SELinux logs:

sudo cat /var/log/audit/audit.log | grep nginx | grep denied

And found that running the following commands fixed my issue:

sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
sudo semodule -i mynginx.pp


@Jahan Zinedine 2014-09-04 16:35:48

Thanks, that fixed my issue too, I'm on CentOS 7. 2014-11-08 19:58:28

thanks . For me "sudo setsebool httpd_can_network_connect 1" did the trick!

@gross.jonas 2014-11-13 09:57:27

thanks. I needed to yum install policycoreutils-python in order to get audit2allow first. Reference:

@BlaShadow 2014-11-26 20:37:10

Thanks a lot it's work for me using a node server. (Redhat 7)

@arcee123 2015-02-16 05:56:32

worked for me too. I was digging all week for this answer. Thanks much.

@Manhhailua 2015-04-07 03:37:26

This save me... Looking for this for days!

@user113397 2015-04-13 16:51:15

See also here. In my case I had to add nginx to the group of the user in whose home directory the wwwroot was stored.

@josdem 2015-09-29 02:35:47

Thank you! setsebool -P httpd_can_network_connect 1 solve my problem in RedHat 7.1

@Mike Purcell 2015-10-06 13:59:38

Sid's answer should be the accepted answer, it's better to use built-in policies rather than create your own, much less overhead, especially when dealing with multiple servers.

@Joseph N. 2016-01-31 13:29:22

On Fedora 23 installing the policycoreutils-python did not provide the command audit2allow. After some research I found you should install the devel packageyum install policycoreutils-devel. Reference:

@Kuberchaun 2016-04-05 23:24:38

I ran into a similar issue getting nginx and artifactory working on redhat 6.5. This solved my problem, 5 hip hip hurrays for you!

@po5i 2016-10-24 21:13:28

I sincerely love you, but nobody can return me the hours I spend finding this.

@johhny B 2016-12-18 10:03:22

Can someone please tell me how someone would reverse these policy changes?

@Alexandr 2017-03-03 18:51:56

Thank you! You saved my day

@edencorbin 2017-08-07 03:44:02

amazing, and also very criptic (not your answer, but that this is required). I installed two centos instances and one required it the other didn't, confusing. Also are there any security implications to this to be aware of? 2017-08-18 10:55:05

I was on RHEL 7.2 and the "setsebool -P httpd_can_network_connect 1" saved me. Big thank you!

@Gank 2017-11-04 10:47:59

After wasting all one day, I solved by this one line code.

@xji 2018-06-30 12:17:52

Just never could have imagined that when the default welcome page is displayed but proxying an upstream server doesn't work, it is still the fault of a third-party security policy. I just focused my debugging effort on the config file... Though should have been able to find the error log earlier indeed.

@iRamesh 2018-08-28 22:11:51

This saved me. after wasting couple of days trying all different solutions

@Juan D. Gómez 2018-09-27 15:46:55

Thank you sir, you've saved me

@AlEmerich 2018-10-25 11:46:56

It worked for me either but just to precise, I had to reboot

@unlockme 2017-08-04 07:45:22

Had a similar problem on Centos 7. When I tried to apply the solution prescribed by Sorin, I started moving in cycles. First I had a permission {write} denied. Then when I solved that I had a permission { connectto } denied. Then back again to permission {write } denied.

Following @Sid answer above of checking the flags using getsebool -a | grep httpd and toggling them I found that in addition to the httpd_can_network_connect being off. http_anon_write was also off resulting in permission denied write and permission denied {connectto}

type=AVC msg=audit(1501830505.174:799183): avc:  
denied  { write } for  pid=12144 comm="nginx" name="myroject.sock" 
dev="dm-2" ino=134718735 scontext=system_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:default_t:s0 tclass=sock_file

Obtained using sudo cat /var/log/audit/audit.log | grep nginx | grep denied as explained above.

So I solved them one at a time, toggling the flags on one at a time.

setsebool httpd_can_network_connect on -P

Then running the commands specified by @sorin and @Joseph above

sudo cat /var/log/audit/audit.log | grep nginx | grep denied | 
audit2allow -M mynginx
sudo semodule -i mynginx.pp

Basically you can check the permissions set on setsebool and correlate that with the error obtained from grepp'ing' audit.log nginx, denied

@TitaniuM 2017-03-06 20:20:35

sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx

sudo semodule -i mynginx.pp

@sule 2015-12-15 08:45:03

I’ve run into this problem too. I'm using Nginx with HHVM, below solution fixed my issue:

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/etc/nginx/fastcgi_temp(/.*)?"

sudo restorecon -R -v /etc/nginx/fastcgi_temp

@Sid 2015-07-14 10:18:00

I’ve run into this problem too. Another solution is to toggle the SELinux boolean value for httpd network connect to on (Nginx uses the httpd label).

setsebool httpd_can_network_connect on

To make the change persist use the -P flag.

setsebool httpd_can_network_connect on -P

You can see a list of all available SELinux booleans for httpd using

getsebool -a | grep httpd

@Francis Norton 2015-08-14 15:40:03

Thanks - this worked for us on CentOS 7

@kikicarbonell 2015-10-01 14:41:47

this work on CentOS 6 too, thks

@Mike Purcell 2015-10-06 14:04:40

This worked, thanks. I updated from CentOS 6.5 -> 6.7 and it must have defaulted the value to off during the update, because it was working fine before the update. Simple fix.

@Soman Dubey 2016-01-04 16:41:07

Solved for me on RHEL

@rMX 2016-02-16 11:48:49

Thanks! Helped me on CentOS 6.7.

@Wilson Chen 2016-07-22 07:41:38

This solution looks better :) Thanks!

@Ehsan Aghaei 2017-08-18 14:24:31

Great, solved my problem on CentOS 7.3

@Jins Peter 2018-03-20 07:44:22

Worke on CentOS7

@AndrewT 2018-06-14 00:33:42

Worked on CentOS 7 answer above did not

@Mulagala 2014-06-04 10:52:32

I have solved my problem by running my nginx as my present working user that is mulagala.By default the user as nginx in my nginx.conf file.We can find that line at the top of the nginx.conf file.

user nginx;

change this to your current working user name like

user  mulagala;

@MIguelele 2015-04-10 17:55:20

Bad idea, changing user. It works, but think about it as a casual side effect. You are note solving the real problem. Joseph Barbere solution is better.

Related Questions

Sponsored Content

11 Answered Questions

[SOLVED] Node.js + Nginx - What now?

  • 2011-02-15 20:49:02
  • Van Coding
  • 323832 View
  • 913 Score
  • 11 Answer
  • Tags:   node.js nginx concept

6 Answered Questions

[SOLVED] Nginx reverse proxy causing 504 Gateway Timeout

2 Answered Questions

Keycloak Redirect url with nginx is going to http rather than https

  • 2018-04-03 12:02:15
  • Atulya Nair
  • 902 View
  • 2 Score
  • 2 Answer
  • Tags:   nginx jboss

2 Answered Questions

2 Answered Questions

[SOLVED] Express - req.ip returns

5 Answered Questions

1 Answered Questions

NGINX+NODE JS - no live upstreams while connecting to upstream, client:

  • 2017-10-06 14:03:50
  • Rupali
  • 1702 View
  • 1 Score
  • 1 Answer
  • Tags:   node.js nginx

2 Answered Questions

1 Answered Questions

Wordpress constant redirect with nginx upstream

1 Answered Questions

Sponsored Content