From an earlier post:
In particular, nginx can do a scgi proxy with a unix socket and this may be easier to use with your firewall and filesystem permissions.
Oooooh, I tried it. First nginx didn't find the socket. Guess why? Because nginx runs in a virtualized filesystem. Relocated the socket, now nginx says access denied, sure nginx and your server can run under different accounts, permissions should be tweaked accordingly, tweaked them, still access denied, relocated the socket a bit more, still access denied. Guess why? I turned out to be some kind of audit, selinux or something like that, it just fails with generic access denied error. Ok, FHS recommends /var/run, but it's rwxr-xr-x root root. Wut? Run a network server as root? Tried tcp, it just works.
