[英]nginx 403 Forbidden error with root user
Nginx 403 error,so how can i fix this problem? Nginx 403错误,如何解决此问题? When i access the main.css from chrome browser,it response me 403 error. 当我从Chrome浏览器访问main.css时,它会响应403错误。
➜ ~ tail -fn4 /var/log/nginx/error.log
2016/04/23 08:16:51 [error] 10488#0: *1 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:16:53 [error] 10488#0: *1 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:21:48 [error] 10488#0: *4 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:24:49 [error] 10488#0: *5 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
namei tool,all parent directory have 755,and the main.css have 644. namei工具,所有父目录都有755,而main.css有644。
➜ ~ namei -l /data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css
f: /data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css
drwxr-xr-x root root /
drwxr-xr-x root root data
drwxr-xr-x root root apache-tomcat-8.0.33
drwxr-xr-x root root webapps
drwxr-xr-x root root ROOT
drwxr-xr-x root root static
drwxr-xr-x root root css
-rw-r--r-- root root main.css
start nginx's user is root: 启动nginx的用户是root:
➜ ~ ps aux | grep "nginx: worker process" | awk '{print $1}'
root
nginx conf: nginx conf:
upstream tomcat {
server 127.0.0.1:8887;
}
server {
listen 80;
server_name www.xx.com xx.com;
charset utf-8;
access_log /var/log/nginx/tomcat.access.log main;
location / {
proxy_pass http://tomcat;
proxy_redirect off;
client_max_body_size 500M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$
{
root /data/apache-tomcat-8.0.33/webapps/ROOT;
expires 7d;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
}
It's quite possible that you are hosting on a machine that has selinux enforced. 您很有可能在托管了selinux的计算机上托管。
what does sestatus give you? sestatus给您什么?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.