Fix Gunicorn Socket Permission Denied (Nginx + Django)
Learn how to resolve 'Permission Denied' errors when Nginx tries to access Gunicorn's socket file. This guide covers common causes and step-by-step fixes to ensure smooth communication between Nginx and Gunicorn in your Django deployment.
If you're seeing errors like:
connect() to unix:/.../gunicorn.sock failed (13: Permission denied)- Nginx returns 502 Bad Gateway
- Gunicorn appears to be running, but requests fail
π Then you have a socket permission issue
This guide shows you exactly how to diagnose and fix it step-by-step.
β‘ Quick Fix (Try This First)
Run:
sudo chown -R www-data:www-data /var/www/myproject
sudo chmod 755 /var/www/myproject
sudo systemctl restart gunicorn
sudo systemctl restart nginx
Then reload your site.
π If still broken, continue below.
π§ What This Error Means
In this setup:
- Gunicorn creates a socket file
- Nginx connects to it
Permission denied means:
Nginx does not have permission to access the socket file
π§ͺ Step-by-Step Diagnosis
1. Locate the socket file
ls -l /var/www/myproject/
Look for:
srwxrwx--- 1 www-data www-data gunicorn.sock
π If missing:
- Gunicorn is not creating the socket
2. Check ownership
ls -l /var/www/myproject/gunicorn.sock
Expected:
www-data www-data
π If different:
- Nginx cannot access it
3. Check Gunicorn service config
sudo nano /etc/systemd/system/gunicorn.service
Ensure:
[Service]
User=www-data
Group=www-data
π This ensures Gunicorn creates the socket with the correct permissions
4. Check directory permissions
ls -ld /var/www/myproject
Expected:
drwxr-xr-x www-data www-data
π If too restrictive:
Nginx cannot traverse directory to access socket
5. Restart Gunicorn
sudo systemctl restart gunicorn
Then check socket again.
6. Check Nginx config
sudo nano /etc/nginx/sites-available/myproject
or your favorite editor.
Ensure:
proxy_pass http://unix:/var/www/myproject/gunicorn.sock;
π Path must match exactly
π₯ Common Causes (and Fixes)
π΄ Wrong file ownership
Fix:
sudo chown -R www-data:www-data /var/www/myproject
sudo chown -R www-data:www-data /var/www/myproject
π΄ Gunicorn running as wrong user
Fix:
User=www-data
Group=www-data
Then:
sudo systemctl daemon-reexec
sudo systemctl restart gunicorn
π΄ Directory permissions too strict
Fix:
sudo chmod 755 /var/www/myproject
π΄ Socket permissions incorrect
Fix:
sudo chmod 660 /var/www/myproject/gunicorn.sock
π΄ Nginx running as different user
Check:
ps aux | grep nginx
Usually:
www-data
π Must match Gunicorn group
π§ Debugging Tips
Check Nginx logs
sudo tail -f /var/log/nginx/error.log
Look for:
permission denied- socket errors
Check Gunicorn logs
journalctl -u gunicorn
Check socket permissions directly
stat /var/www/myproject/gunicorn.sock
β Quick Fix Checklist
If requests still fail, walk through the focused connection refused guide and compare your service layout with the main deploy tutorial.
π Related Guides
β FAQ
Why does this error happen?
Because:
- Gunicorn creates the socket
- Nginx cannot access it
Should I use sockets or ports?
- Sockets β faster, more efficient
- Ports β easier debugging
Why does restarting fix it sometimes?
Because:
- Socket gets recreated with correct permissions
π― Final takeaway
βPermission deniedβ means:
Nginx cannot access Gunicornβs socket
Fix it by ensuring:
- Correct ownership
- Correct permissions
- Matching configuration
If you deploy oftenβ¦
A repeatable, tested setup will prevent this issue entirely.