CentOS 7出现403 Forbidden时如何正确设置Nginx?
How to set up Nginx correctly when 403 Forbidden on CentOS 7?
在 CentOS 7 上
/etc/hosts:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.1 app1
从软件包安装了 Nginx:
yum install nginx
在/etc/nginx/nginx.conf中:
# ...
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# ...
在 /etc/nginx/sites-available/ 下创建了一个名为 myapp:
的新文件
upstream app {
# Path to Unicorn SOCK file, as defined previously
server unix:///home/deploy/myapp/tmp/sockets/unicorn.sock;
}
server {
listen 192.168.0.1:80;
server_name app1;
# Application root, as defined previously
root /home/deploy/myapp/public;
try_files $uri/index.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Link 到 /etc/nginx/sites-enabled/:
cd /etc/nginx/sites-enabled/
ln -s ../sites-available/myapp
重启nginx:
service nginx restart
然后尝试访问url:
curl 192.168.0.1
出现错误:
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.10.2</center>
</body>
</html>
我删除了 /usr/share/nginx/html 路径下的默认 index.html 文件,所以它得到了 403 Forbidden。
Nginx 错误日志/var/log/nginx/error.log:
2017/07/25 03:35:59 [error] 8200#0: *1 directory index of "/usr/share/nginx/html/" is forbidden, client: 192.168.0.2, server: _, request: "GET / HTTP/1.1", host: "192.168.0.1"
为什么访问默认的/usr/share/nginx/html/路径,而不是在/etc/nginx/sites-enabled/目录下新增myapp?
你得到的错误是说 nginx 无法访问 /usr/share/nginx/html/ 的索引文件夹,这是在 app.conf.the 中的 tryfile @app 指令变热时发生的,原因是默认情况下 nginx 关闭了 autoindex;这意味着如果您请求一个 / 路径,它不会在 try_file 上被允许。
看:
autoindex
在您的情况下,您需要添加自动索引;服务器中 try_file 指令之前的指令。
真正的问题是,OS 分发版本和软件包版本使软件不同。
Attention: It's CentOS 7.3!
我之前安装nginx的方法是:
yum update
yum install epel-release
yum install nginx
然后,nginx 版本可能与 Ubuntu 上的软件包等其他版本略有不同。所以用法也不一样。
它的目录是:
/etc/nginx/nginx.conf
/etc/nginx/conf.d/
# Notice, there aren't these directories exist!
/etc/nginx/sites-available/
/etc/nginx/sites-enabled/
所以用法不一样,需要下面的!
首先,命令出/etc/nginx/nginx.conf中的默认设置:
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
其次,为 /etc/nginx/conf.d/ 下的应用程序创建新配置:
# File Name: rails.conf
upstream app {
# Path to Unicorn SOCK file, as defined previously
server unix:/home/deploy/myapp/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 192.168.0.1:80;
server_name app1;
# Application root, as defined previously
root /home/deploy/myapp/public;
try_files $uri/index.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-FORWARDED_PROTO https;
proxy_pass http://app;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
如果 /etc/nginx/conf.d/ 下存在 default.conf,请将其删除。
三、检查语法并重启nginx:
nginx -t
service nginx restart
当运行 curl 192.168.0.1时会访问指向/home/deploy/myapp/public的路径。
在 CentOS 7 上
/etc/hosts:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.1 app1
从软件包安装了 Nginx:
yum install nginx
在/etc/nginx/nginx.conf中:
# ...
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# ...
在 /etc/nginx/sites-available/ 下创建了一个名为 myapp:
upstream app {
# Path to Unicorn SOCK file, as defined previously
server unix:///home/deploy/myapp/tmp/sockets/unicorn.sock;
}
server {
listen 192.168.0.1:80;
server_name app1;
# Application root, as defined previously
root /home/deploy/myapp/public;
try_files $uri/index.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Link 到 /etc/nginx/sites-enabled/:
cd /etc/nginx/sites-enabled/
ln -s ../sites-available/myapp
重启nginx:
service nginx restart
然后尝试访问url:
curl 192.168.0.1
出现错误:
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.10.2</center>
</body>
</html>
我删除了 /usr/share/nginx/html 路径下的默认 index.html 文件,所以它得到了 403 Forbidden。
Nginx 错误日志/var/log/nginx/error.log:
2017/07/25 03:35:59 [error] 8200#0: *1 directory index of "/usr/share/nginx/html/" is forbidden, client: 192.168.0.2, server: _, request: "GET / HTTP/1.1", host: "192.168.0.1"
为什么访问默认的/usr/share/nginx/html/路径,而不是在/etc/nginx/sites-enabled/目录下新增myapp?
你得到的错误是说 nginx 无法访问 /usr/share/nginx/html/ 的索引文件夹,这是在 app.conf.the 中的 tryfile @app 指令变热时发生的,原因是默认情况下 nginx 关闭了 autoindex;这意味着如果您请求一个 / 路径,它不会在 try_file 上被允许。 看: autoindex
在您的情况下,您需要添加自动索引;服务器中 try_file 指令之前的指令。
真正的问题是,OS 分发版本和软件包版本使软件不同。
Attention: It's CentOS 7.3!
我之前安装nginx的方法是:
yum update
yum install epel-release
yum install nginx
然后,nginx 版本可能与 Ubuntu 上的软件包等其他版本略有不同。所以用法也不一样。
它的目录是:
/etc/nginx/nginx.conf
/etc/nginx/conf.d/
# Notice, there aren't these directories exist!
/etc/nginx/sites-available/
/etc/nginx/sites-enabled/
所以用法不一样,需要下面的!
首先,命令出/etc/nginx/nginx.conf中的默认设置:
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
其次,为 /etc/nginx/conf.d/ 下的应用程序创建新配置:
# File Name: rails.conf
upstream app {
# Path to Unicorn SOCK file, as defined previously
server unix:/home/deploy/myapp/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 192.168.0.1:80;
server_name app1;
# Application root, as defined previously
root /home/deploy/myapp/public;
try_files $uri/index.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-FORWARDED_PROTO https;
proxy_pass http://app;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
如果 /etc/nginx/conf.d/ 下存在 default.conf,请将其删除。
三、检查语法并重启nginx:
nginx -t
service nginx restart
当运行 curl 192.168.0.1时会访问指向/home/deploy/myapp/public的路径。