即使在设置权限后 Nginx 403 也被禁止
Nginx 403 Forbidden Even After Setting The Permission
我想为我的域获取 Letsencrpyt SSL。该过程的一部分是,在获得证书之前需要对站点进行授权。
我创建了文件夹 ./well-known 和 运行 我被要求执行的命令并且我得到了;
Nginx 403 forbidden.
我在 nginx/1.10.0 (Ubuntu)
我 chown 目录和 g运行 编辑了它 755 但还是一样。检查下面我的目录中的权限。
namei -l /var/www/example.com/.well-known
f: /var/www/example.com/.well-known
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-xr-x cman sudo example.com
drwxr-xr-x cman sudo .well-known
我还在 /.well-known 文件夹中创建了一个 working.html 文件并加载 example.com/.well-known/working.html,我得到了相同的 403 Forbidden。
Nginx.conf
upstream kip_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Gunicorn master nukes a
# single worker for timing out).
server unix:/var/www/example.com/src/run/trav.sock fail_timeout=0;
}
server {
listen 80;
server_name example.com www.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
access_log /var/www/example.com/logs/access.log;
error_log /var/www/example.com/logs/nerror.log;
charset utf-8;
client_max_body_size 75M;
location /static/ {
alias /var/www/example.com/src/static/;
}
location /media/ {
alias var/www/example.com/src/media/;
}
location ~ /\.well-known {
allow all;
alias /var/www/example.com/.well-known/;
}
location / {
include proxy_params;
proxy_pass http://kip_app_server;
#proxy_set_header X-Forwarded-Host $server_name;
#proxy_set_header X-Real-IP $remote_addr;
}
}
如果您不使用别名,您的代码将有效。
试试这个:
location ^~ /.well-known {
allow all;
alias /var/www/example.com/.well-known/;
}
或者这个:
location ^~ /.well-known {
allow all;
auth_basic off;
alias /path/to/.well-known/;
}
别名时,^ 是必需的。
这是 Nginx 特定的行为,它们执行匹配的方式。匹配逻辑和注意事项这里写的很详细,比较混乱:https://github.com/letsencrypt/acme-spec/issues/221
我想为我的域获取 Letsencrpyt SSL。该过程的一部分是,在获得证书之前需要对站点进行授权。
我创建了文件夹 ./well-known 和 运行 我被要求执行的命令并且我得到了;
Nginx 403 forbidden.
我在 nginx/1.10.0 (Ubuntu)
我 chown 目录和 g运行 编辑了它 755 但还是一样。检查下面我的目录中的权限。
namei -l /var/www/example.com/.well-known
f: /var/www/example.com/.well-known
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-xr-x cman sudo example.com
drwxr-xr-x cman sudo .well-known
我还在 /.well-known 文件夹中创建了一个 working.html 文件并加载 example.com/.well-known/working.html,我得到了相同的 403 Forbidden。
Nginx.conf
upstream kip_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Gunicorn master nukes a
# single worker for timing out).
server unix:/var/www/example.com/src/run/trav.sock fail_timeout=0;
}
server {
listen 80;
server_name example.com www.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
access_log /var/www/example.com/logs/access.log;
error_log /var/www/example.com/logs/nerror.log;
charset utf-8;
client_max_body_size 75M;
location /static/ {
alias /var/www/example.com/src/static/;
}
location /media/ {
alias var/www/example.com/src/media/;
}
location ~ /\.well-known {
allow all;
alias /var/www/example.com/.well-known/;
}
location / {
include proxy_params;
proxy_pass http://kip_app_server;
#proxy_set_header X-Forwarded-Host $server_name;
#proxy_set_header X-Real-IP $remote_addr;
}
}
如果您不使用别名,您的代码将有效。
试试这个:
location ^~ /.well-known {
allow all;
alias /var/www/example.com/.well-known/;
}
或者这个:
location ^~ /.well-known {
allow all;
auth_basic off;
alias /path/to/.well-known/;
}
别名时,^ 是必需的。
这是 Nginx 特定的行为,它们执行匹配的方式。匹配逻辑和注意事项这里写的很详细,比较混乱:https://github.com/letsencrypt/acme-spec/issues/221