Django/gunicorn/nginx：403 Forbidden

Question

我已經花了幾個小時在StackOverflow和其他教程，但我不明白爲什麼nginx返回403 Forbidden當我導航到localhost。

這裏是我的gunicorn啓動腳本（位於應用程序根目錄）：

#!/bin/bash 
# http://michal.karzynski.pl/blog/2013/06/09/django-nginx-gunicorn-virtualenv-supervisor/ 

NAME="mbta_django_gunicorn" 
SOCKFILE=run/gunicorn.sock 
USER=alexpetralia          # the user to run as 
GROUP=alexpetralia          # the group to run as 
NUM_WORKERS=5 
DJANGO_SETTINGS_MODULE=mbta_django.settings 
DJANGO_WSGI_MODULE=mbta_django.wsgi 

echo "Starting $NAME" 

# Create the run directory if it doesn't exist 
RUNDIR=$(dirname $SOCKFILE) 
test -d $RUNDIR || mkdir -p $RUNDIR 

# Start Django Unicorn 
exec gunicorn ${DJANGO_WSGI_MODULE}:application \ 
    --name $NAME \ 
    --workers $NUM_WORKERS \ 
    --user=$USER --group=$GROUP \ 
    # --bind=localhost:8000 \ 
    --bind=unix:$SOCKFILE \ 
    --log-level=debug \ 
    --log-file=- \ 
    --reload 

這裏是我的nginx.conf：

user alexpetralia alexpetralia; # www-data 
worker_processes 4; 
pid /run/nginx.pid; 

events { 
    worker_connections 768; 
    # multi_accept on; 
} 

http { 

    ## 
    # Basic Settings 
    ## 

    sendfile on; 
    tcp_nopush on; 
    tcp_nodelay on; 
    keepalive_timeout 65; 
    types_hash_max_size 2048; 

    include /etc/nginx/mime.types; 
    default_type application/octet-stream; 

    ## 
    # Logging Settings 
    ## 

    access_log /var/log/nginx/access.log; 
    error_log /var/log/nginx/error.log; 

    gzip on; 
    gzip_disable "msie6"; 

    ## 
    # Virtual Host Configs 
    ## 

    include /etc/nginx/conf.d/*.conf; 
    include /etc/nginx/sites-enabled/*; 
} 

這裏是位於sites-available在我的應用程序特定的nginxconf文件（並鏈接在sites-enabled）：

upstream mbta_django_server { 
    server unix:/home/alexpetralia/Projects/mbta_django/run/gunicorn.sock fail_timeout=0; 
} 

server { 
    listen 80; 
    client_max_body_size 4G; 
    keepalive_timeout 5; 
    root /home/alexpetralia/Projects/mbta_django/static/; 

    location /static/ { 
     autoindex on; 
     alias /home/alexpetralia/Projects/mbta_django/static/; 
    }  
} 

我的主管設置f或運行gunicorn（更改PATH才能使用的virtualenv）：

[program:mbta_gunicorn] 
command=/home/alexpetralia/Projects/mbta_django/gunicorn_ctl 
stdout_logfile=/home/alexpetralia/Projects/mbta_django/logs/mbta_gunicorn.log 
stderr_logfile=/home/alexpetralia/Projects/mbta_django/logs/mbta_gunicorn.log 
redirect_stderr=true 
autorestart=true 
stopsignal=KILL 
killasgroup=true 
stopasgroup=true 
environment=PATH="/home/alexpetralia/Projects/mbta_django/venv/bin" 
directory=/home/alexpetralia/Projects/mbta_django 

這強烈感覺就像一個權限問題，但我已經在我的web應用程序的根文件夾使用chmod -R 775 mbta_django。我很猶豫chown吧。我不明白爲什麼，如果gunicorn加載了正確的用戶，就像nginx一樣，那麼應該不會有權限問題。

也許這與gunicorn有關，而不是nginx？我發現如果gunicorn正在運行，我可以訪問我的應用程序（沒有靜態文件），即使它綁定到Unix套接字而不是127.0.0.1:8000，也很奇怪。

謝謝。

UPDATE

Nginx的錯誤日誌（樣本，這是非常簡單，只是這一點）：

2016/01/18 16:42:40 [error] 20773#0: *5 directory index of "/home/alexpetralia/Projects/mbta_django/static/" is forbidden, client: 127.0.0.1, server: , request: "GET/HTTP/1.1", host: "localhost" 
2016/01/18 16:42:40 [error] 20773#0: *5 directory index of "/home/alexpetralia/Projects/mbta_django/static/" is forbidden, client: 127.0.0.1, server: , request: "GET/HTTP/1.1", host: "localhost" 

Gunicorn錯誤日誌（樣本，該目錄名稱的部分是來自frmo教程here命令） ：

Starting mbta_django_gunicorn 
/home/alexpetralia/Projects/mbta_django/gunicorn_ctl: line 20: dirname: command not found 
[2016-01-18 18:03:08 +0000] [1996] [INFO] Starting gunicorn 19.4.5 
[2016-01-18 18:03:08 +0000] [1996] [INFO] Listening at: http://127.0.0.1:8000 (1996) 
[2016-01-18 18:03:08 +0000] [1996] [INFO] Using worker: sync 
[2016-01-18 18:03:08 +0000] [2008] [INFO] Booting worker with pid: 2008 
[2016-01-18 18:03:08 +0000] [2009] [INFO] Booting worker with pid: 2009 
[2016-01-18 18:03:08 +0000] [2016] [INFO] Booting worker with pid: 2016 
[2016-01-18 18:03:08 +0000] [2019] [INFO] Booting worker with pid: 2019 
[2016-01-18 18:03:08 +0000] [2022] [INFO] Booting worker with pid: 2022 

所有權靜態文件夾：

alexpetralia@linux-box:~$ namei -ov /home/alexpetralia/Projects/mbta_django/static 
f: /home/alexpetralia/Projects/mbta_django/static 
d root   root  /
d root   root   home 
d alexpetralia alexpetralia alexpetralia 
d alexpetralia alexpetralia Projects 
d alexpetralia alexpetralia mbta_django 
d alexpetralia alexpetralia static 

權限靜態文件夾：

drwxr-xr-x 6 alexpetralia alexpetralia 4096 Jan 8 12:43 static 

Gunicorn過程：

alexpetralia@linux-box:~/Projects/mbta_django$ ps aux | grep gunicorn 
root  1942 0.0 0.4 57416 15972 ?  S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia 
alexpet+ 1951 0.0 0.0 ?  S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia 
alexpet+ 1954 0.0 0.0 ?  S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia 
alexpet+ 1957 0.2 1.6 226280 63612 ?  S 18:52 0:01 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia 
alexpet+ 1964 0.1 0.0 ?  S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia 
alexpet+ 1975 0.0 0.8 ?  S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia 

Nginx的過程：

alexpetralia@linux-box:~/Projects/mbta_django$ ps aux | grep nginx 
root  1362 0.0 0.0 85892 2712 ?  Ss 18:52 0:00 nginx: master process /usr/sbin/nginx 
alexpet+ 1363 0.0 0.0 86172 3404 ?  S 18:52 0:00 nginx: worker process 
alexpet+ 1364 0.0 0.0 86172 3404 ?  S 18:52 0:00 nginx: worker process 
alexpet+ 1365 0.0 0.0 86172 3404 ?  S 18:52 0:00 nginx: worker process 
alexpet+ 1366 0.0 0.0 86172 3404 ?  S 18:52 0:00 nginx: worker process 

Answer 1

運行命令「對蝦-l /家庭/ alexpetralia /項目/ mbta_django /靜態「，看看你的權利是什麼樣的所有其他父目錄。 AFAIK，您的用戶必須具有讀取靜態目錄的權限，並且必須具有/，/ home /，/ home/alexpetralia，/ home/alexpetralia/Projects/mbta_django，/ home/alexpetralia/Projects/mbta_django中的執行權限/靜態的。

你只包括權限的/ home/alexpetralia /項目/ mbta_django /靜態

裁判：http://nginxlibrary.com/403-forbidden-error/

Answer 2

我解決了這個切換到uWSGI。這個過程非常簡單。用戶：主要nginx conf中的組爲alexpetralia alexpetralia（即/etc/nginx/nginx.conf/，而下面的nginx conf在/etc/nginx/sites-enabled/mbta_django中）。

應用特定的nginx的conf：

upstream mbta_django_uwsgi { 
    server unix:///home/alexpetralia/Projects/mbta_django/run/uwsgi.sock; 
} 

server { 

    listen  80; 
    server_name 127.0.0.1; # or FQDN 
    charset  utf-8; 

    location /static { 
      alias /home/alexpetralia/Projects/mbta_django/static; 
    } 

    location/{ 
     uwsgi_pass unix:/home/alexpetralia/Projects/mbta_django/run/uwsgi.sock; 
     include  /etc/nginx/uwsgi_params; 
    } 
} 

uWSGI命令：

uwsgi --chdir=/home/alexpetralia/Projects/mbta_django --wsgi-file=mbta_django/wsgi.py --processes=5 --socket run/uwsgi.sock --py-autoreload=3

最後收集來自我在根下的所有應用程序，因爲應用程序特定的CSS文件沒有加載靜態（ django settings.py，我有STATIC_ROOT = os.path.join(BASE_DIR, "static")）：

./manage.py collectstatic在django roo t文件夾