如何在CentOS 7上403 Forbidden時正確設置Nginx？

Question

在CentOS 7

/etc/hosts：

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 
::1   localhost localhost.localdomain localhost6 localhost6.localdomain6 

192.168.0.1 app1 

從軟件包安裝的Nginx：下/etc/nginx/sites-available/名

# ... 
include /etc/nginx/conf.d/*.conf; 

server { 
    listen  80 default_server; 
    listen  [::]:80 default_server; 
    server_name _; 
    root   /usr/share/nginx/html; 

    # Load configuration files for the default server block. 
    include /etc/nginx/default.d/*.conf; 

    location/{ 
    } 

    error_page 404 /404.html; 
     location = /40x.html { 
    } 

    error_page 500 502 503 504 /50x.html; 
     location = /50x.html { 
    } 
} 
# ... 

創建一個新的文件：

yum install nginx 

在/etc/nginx/nginx.conf d myapp：

upstream app { 
    # Path to Unicorn SOCK file, as defined previously 
    server unix:///home/deploy/myapp/tmp/sockets/unicorn.sock; 
} 

server { 
    listen 192.168.0.1:80; 
    server_name app1; 

    # Application root, as defined previously 
    root /home/deploy/myapp/public; 

    try_files $uri/index.html $uri @app; 

    location @app { 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header Host $http_host; 
     proxy_redirect off; 
     proxy_pass http://app; 
    } 

    error_page 500 502 503 504 /500.html; 
    client_max_body_size 4G; 
    keepalive_timeout 10; 
} 

它鏈接到/etc/nginx/sites-enabled/：

cd /etc/nginx/sites-enabled/ 
ln -s ../sites-available/myapp 

重啓nginx的：

service nginx restart 

然後嘗試訪問網址：

curl 192.168.0.1 

遇到錯誤：

<html> 
<head><title>403 Forbidden</title></head> 
<body bgcolor="white"> 
<center><h1>403 Forbidden</h1></center> 
<hr><center>nginx/1.10.2</center> 
</body> 
</html> 

我刪除默認index.html文件下/usr/share/nginx/html路徑，所以它得到了403禁止。

Nginx的錯誤日誌/var/log/nginx/error.log：

2017/07/25 03:35:59 [error] 8200#0: *1 directory index of "/usr/share/nginx/html/" is forbidden, client: 192.168.0.2, server: _, request: "GET/HTTP/1.1", host: "192.168.0.1" 

爲什麼訪問默認/usr/share/nginx/html/路徑，而不是新增myapp下/etc/nginx/sites-enabled/目錄？

Answer 1

真正的問題是，操作系統發行版和軟件包版本，使軟件不同。

Attention: It's CentOS 7.3!

我用nginx的安裝方法是：

yum update 
yum install epel-release 
yum install nginx 

然後，nginx的版本與其他人一樣包在Ubuntu上也許有點不同。所以用法也不一樣。

其目錄是：

/etc/nginx/nginx.conf 
/etc/nginx/conf.d/ 
# Notice, there aren't these directories exist! 
/etc/nginx/sites-available/ 
/etc/nginx/sites-enabled/ 

所以使用是不同的，下面是必要的！

首先，命令出/etc/nginx/nginx.conf默認設置：

# server { 
#  listen  80 default_server; 
#  listen  [::]:80 default_server; 
#  server_name _; 
#  root   /usr/share/nginx/html; 
# 
#  # Load configuration files for the default server block. 
#  include /etc/nginx/default.d/*.conf; 
# 
#  location/{ 
#  } 
# 
#  error_page 404 /404.html; 
#   location = /40x.html { 
#  } 
# 
#  error_page 500 502 503 504 /50x.html; 
#   location = /50x.html { 
#  } 
# } 

二，創建應用程序的新的配置/etc/nginx/conf.d/下：

# File Name: rails.conf 
upstream app { 
    # Path to Unicorn SOCK file, as defined previously 
    server unix:/home/deploy/myapp/tmp/sockets/unicorn.sock fail_timeout=0; 
} 

server { 
    listen 192.168.0.1:80; 
    server_name app1; 

    # Application root, as defined previously 
    root /home/deploy/myapp/public; 

    try_files $uri/index.html $uri @app; 

    location @app { 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header Host $http_host; 
     proxy_redirect off; 
     proxy_set_header X-FORWARDED_PROTO https; 
     proxy_pass http://app; 
    } 

    error_page 500 502 503 504 /500.html; 
    client_max_body_size 4G; 
    keepalive_timeout 10; 
    } 

如果存在default.conf/etc/nginx/conf.d/下，將其刪除。

三，檢查語法和重啓nginx的：

nginx -t 
service nginx restart 

這將訪問運行curl 192.168.0.1當路徑指向/home/deploy/myapp/public。

Answer 2

您得到的錯誤是說nginx無法訪問/ usr/share/nginx/html /索引文件夾，這是在app.conf中嘗試使用@file指令時發生的。那就是默認情況下，nginx會關閉autoindex;這意味着如果你請求一個/路徑它不會被允許在一個try_file。 請參閱： autoindex

在您的情況下，您需要添加autoindex;指令在try_file指令之前的服務器中。