403禁止使用没有SSL的AWS Beanstalk Flask静态文件
[英]403 forbidden for AWS Beanstalk Flask static files without SSL
问题描述
My local machine is a virtual CeontOS-7 with a Python 2.7 virtualenv containing a Flask application directory, the structure is the following: 
我的本地机器是一个虚拟的CeontOS-7,带有一个包含Flask应用程序目录的Python 2.7 virtualenv,结构如下:
/var
/www
/myAppenv
/myApp
/.ebextensions
myApp-env.config
/.elasticbeanstalk
application.py
requirements.txt
/flaskApp
/core
views.py
models.py
forms.py
/templates
/static
and I deploy it from /myApp using EB CLI deploy to a Beanstalk application named myApp with an environment named myApp-env. 我使用EB CLI部署它从/ myApp部署到名为myApp的Beanstalk应用程序,并使用名为myApp-env的环境。
I think the static files path is set right in /.ebextensions/myApp-env.config: 我认为静态文件路径在/.ebextensions/myApp-env.config中设置正确:
option_settings:
"aws:elasticbeanstalk:container:python:staticfiles":
"/static/": "flaskApp/static/"
and I can see in AWS web console-> environment-> Configurations-> Software Configuration that 我可以在AWS web console-> environment-> Configurations-> Software Configuration中看到
StaticFiles: /static/=flaskApp/static/
so the path setting doesn't seem to be the cause of the problem. 所以路径设置似乎不是问题的原因。
So when I open the web page for my application I see the page missing css and js, since everything from static directory gets a 403 forbidden response: 因此,当我打开我的应用程序的网页时,我看到页面缺少css和js,因为静态目录中的所有内容都获得403禁止响应:
GET http://myApp-dev.elasticbeanstalk.com/ [HTTP/1.1 200 OK 174ms]
GET http://myApp-dev.elasticbeanstalk.com/static/bootstrap-3.3.5-dist/js/bootstrap.min.js [HTTP/1.1 403 Forbidden 55ms]
...
Guessing it's something about permissions, since in my local dir files are owned by my linux account (for samba reasons), then I tried to chown root and chgrp root (static dirs and files permissions are 755), but it didn't change anything. 猜测它是关于权限的东西,因为在我的本地dir文件由我的linux帐户拥有(出于samba的原因),然后我尝试chown root和chgrp root(静态目录和文件权限是755),但它没有改变任何东西。 I actually don't think is anything related to firewall/selinux, by the fact that the home page is actually loading. 我实际上并不认为与防火墙/ selinux有关,因为主页实际上正在加载。
Does anybody know how to solve this problem? 有人知道如何解决这个问题吗?
2 个解决方案
解决方案1
1 2015-12-27 09:48:55
I think I found the problem. 我想我发现了这个问题。 I was inspecting by EB SSH just to understand what was going on and I noticed that the "ec2-user" I got logged in the AWS machine could access (running cd command) till the directory 我正在通过EB SSH检查只是为了了解发生了什么,我注意到我登录AWS机器的“ec2-user”可以访问(运行cd命令)直到目录
/opt/python/current/app
but ec2-user wasn't allow to access dir 但是ec2-user不允许访问dir
/opt/python/current/app/flaskApp
because of permissions. 因为权限。
While the static dirs and files contained in flaskApp yet had permissions set on 755, I noticed that flaskApp dir (which contains static dir) was 744 (that I thought would be fine). 虽然flaskApp中包含的静态目录和文件在755上设置了权限,但我注意到flaskApp目录(包含静态目录)是744(我认为没问题)。 So I changed flaskApp dir permissions to 755 and it worked: now static files get loaded! 所以我将flaskApp dir权限更改为755并且它工作正常:现在静态文件被加载了!
By the way I doubt this permissions set is good for production. 顺便说一句,我怀疑这个权限设置对生产有好处。 The alternative could be to structure dirs so that static isn't a subdirectory of flaskApp dir, allowing this way to keep static dir set on 755 while having flaskApp dir set on more conservative permissions. 替代方法可以是构造dirs,以便static不是flaskApp目录的子目录,允许这种方式将static app dir设置为755,同时将flaskApp dir设置为更保守的权限。
解决方案2
0 2015-12-27 04:03:46
The owner/group being root may be irrelevant if the files aren't viewable by all users. 如果所有用户都无法查看文件,则作为root的所有者/组可能无关紧要。 Make sure they're accessible to all by running a chmod 664 on all the static files. 通过在所有静态文件上运行chmod 664 ,确保所有人都可以访问它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.