[英]Nginx 403 Forbidden Even After Setting The Permission
I want to get Letsencrpyt SSL for my domain. 我想为我的域获取Letsencrpyt SSL。 Part of the process is, the site needs to be authorized before getting the certificate. 该过程的一部分是,在获得证书之前需要对站点进行授权。
I created the folder ./well-known
and ran the command I was asked to and I got; 我创建了文件夹./well-known
并运行了要求我得到的命令;
Nginx 403 forbidden.
I'm on nginx/1.10.0 (Ubuntu) 我正在使用nginx / 1.10.0(Ubuntu)
I chown
the directory and granted it 755
yet still the same. 我chown
了目录并授予它755
但还是一样。 Check out the permissions in my directory below. 在下面的目录中查看权限。
namei -l /var/www/example.com/.well-known
f: /var/www/example.com/.well-known
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-xr-x cman sudo example.com
drwxr-xr-x cman sudo .well-known
I also created a working.html
file in the /.well-known
folder and I load example.com/.well-known/working.html
, I got the same 403 Forbidden. 我还在/.well-known
文件夹中创建了一个working.html
文件,并加载了example.com/.well-known/working.html
,我得到了相同的403 Forbidden。
Nginx.conf Nginx.conf
upstream kip_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Gunicorn master nukes a
# single worker for timing out).
server unix:/var/www/example.com/src/run/trav.sock fail_timeout=0;
}
server {
listen 80;
server_name example.com www.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
access_log /var/www/example.com/logs/access.log;
error_log /var/www/example.com/logs/nerror.log;
charset utf-8;
client_max_body_size 75M;
location /static/ {
alias /var/www/example.com/src/static/;
}
location /media/ {
alias var/www/example.com/src/media/;
}
location ~ /\.well-known {
allow all;
alias /var/www/example.com/.well-known/;
}
location / {
include proxy_params;
proxy_pass http://kip_app_server;
#proxy_set_header X-Forwarded-Host $server_name;
#proxy_set_header X-Real-IP $remote_addr;
}
}
Your code would work if you were not using an alias. 如果您不使用别名,您的代码将起作用。
Try this: 尝试这个:
location ^~ /.well-known {
allow all;
alias /var/www/example.com/.well-known/;
}
or this: 或这个:
location ^~ /.well-known {
allow all;
auth_basic off;
alias /path/to/.well-known/;
}
When aliasing, the ^ is required. 别名时,需要^。
This is Nginx specific behaviour, to the way they perform matching. 这是Nginx特定于其执行匹配行为的行为。 There is a detailed write-up here on matching logic and caveats, it is confusing: https://github.com/letsencrypt/acme-spec/issues/221 这里有关于匹配逻辑和警告的详细文章,令人困惑: https : //github.com/letsencrypt/acme-spec/issues/221
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.