Please or Register to create posts and topics.

creating domain - ngnix error permission denied

Hi there,

Just finished installing the UI on CentOS 7.9.2009. After following instructions and getting to step 6 (register domain), I try to register the domain I defined in /etc/resolv.conf and I get the following error in /var/log/nginx/error.log which prevents the domain from being created.

 

2021/07/09 19:13:56 [error] 30189#30189: *59 no live upstreams while connecting to upstream, client: 10.0.0.220, server: localhost, request: "POST /api/adlogintest/get_ips/ HTTP/1.1", upstream: "http://localhost/api/adlogintest/get_ips/", host: "10.0.0.39", referrer: "http://10.0.0.39/test-connection"
2021/07/09 19:13:59 [error] 30189#30189: *59 no live upstreams while connecting to upstream, client: 10.0.0.220, server: localhost, request: "POST /api/adlogintest/get_ips/ HTTP/1.1", upstream: "http://localhost/api/adlogintest/get_ips/", host: "10.0.0.39", referrer: "http://10.0.0.39/test-connection"
2021/07/09 19:16:09 [crit] 30189#30189: *65 connect() to 127.0.0.1:5000 failed (13: Permission denied) while connecting to upstream, client: 10.0.0.220, server: localhost, request: "POST /api/adlogintest/get_ips/ HTTP/1.1", upstream: "http://127.0.0.1:5000/api/adlogintest/get_ips/", host: "10.0.0.39", referrer: "http://10.0.0.39/test-connection"

 

Any ideas?

Thank you,

Bryant

Bryant,

From the logs we could make out your are getting Permission denied while connecting to upstream error, there could be number of reasons for this. Find below for possible solutions

  1. If there are no security implications, run the below command (if issue with SELinux)
    setsebool -P httpd_can_network_connect 1

2. Check the nginx username in the nginx.conf file, the username should be same as logged in user.
3. Check if 5000 port is enabled on the firewall, if not enable the port.

Thanks

Hi Girish,

thanks for the reply.

I set the setsebool as you mentioned above, the nginx user in nginix.conf was set to user nginx (I also tried root), and there is not firewall turned on. After the minor changes the errors are:

2021/07/12 15:40:57 [error] 726#726: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 10.0.0.220, server: localhost, request: "POST /api/adlogintest/get_ips/ HTTP/1.1", upstream: "http://[::1]:5000/api/adlogintest/get_ips/", host: "10.0.0.39", referrer: "http://10.0.0.39/test-connection"
2021/07/12 15:40:57 [warn] 726#726: *1 upstream server temporarily disabled while connecting to upstream, client: 10.0.0.220, server: localhost, request: "POST /api/adlogintest/get_ips/ HTTP/1.1", upstream: "http://[::1]:5000/api/adlogintest/get_ips/", host: "10.0.0.39", referrer: "http://10.0.0.39/test-connection"
2021/07/12 15:41:28 [error] 726#726: *1 upstream prematurely closed connection while reading response header from upstream, client: 10.0.0.220, server: localhost, request: "POST /api/adlogintest/get_ips/ HTTP/1.1", upstream: "http://127.0.0.1:5000/api/adlogintest/get_ips/", host: "10.0.0.39", referrer: "http://10.0.0.39/test-connection"
2021/07/12 15:41:28 [warn] 726#726: *1 upstream server temporarily disabled while reading response header from upstream, client: 10.0.0.220, server: localhost, request: "POST /api/adlogintest/get_ips/ HTTP/1.1", upstream: "http://127.0.0.1:5000/api/adlogintest/get_ips/", host: "10.0.0.39", referrer: "http://10.0.0.39/test-connection"

Also to note:

the log files from the App don't seem to be logging anything.

[[email protected] 2021-07-12]# ll
total 4
-rw-r--r--. 1 root root 121 Jul 12 15:38 Audit.log
-rw-r--r--. 1 root root 0 Jul 12 07:17 Error.log
-rw-r--r--. 1 root root 0 Jul 12 07:17 System.log
[[email protected] 2021-07-12]# tail Audit.log
{"timestamp": "2021-07-12 21:08:51,640", "name": "sambaAPI.services.logService", "level": "DEBUG", "message": 'Success'}
[[email protected] 2021-07-12]# pwd
/opt/Samba-UI/SambaAPI/logfiles/2021-07-12
[[email protected] 2021-07-12]#

Thank you

Hi Bryant,

From the error we could make out, that the samba web UI installed server doesn't have access to the samba ad server. For to register to a domain, both Samba AD server and the Samba Web UI installed server should be on the same network.

 

Thanks & Regards,

Durga Prasad

ok that make sense. Thank you.

The domain  was trying to add is one of our lab domains (full name hidden for privacy) - domain name:  labsso.domain.net

This is a fully working domain that mirrors our production domain.  When I try to add the domain the submit button goes from being able to click it to a red text error below the input box "please enter a valid domain name".

This is a valid domain name.

 

Hi,

Did you try & check if you are able to resolve the domain name from the server on which the UI is installed?

BR/

Raghav