堆栈内存溢出
  简体   繁体   English

Nginx 403即使设置了权限也被禁止

[英]Nginx 403 Forbidden Even After Setting The Permission

 原文  2017-01-02 11:58:03       django/ ubuntu/ nginx/ lets-encrypt

问题描述

I want to get Letsencrpyt SSL for my domain. 我想为我的域获取Letsencrpyt SSL。 Part of the process is, the site needs to be authorized before getting the certificate. 该过程的一部分是,在获得证书之前需要对站点进行授权。

I created the folder ./well-known and ran the command I was asked to and I got; 我创建了文件夹./well-known并运行了要求我得到的命令; 

Nginx 403 forbidden.

I'm on nginx/1.10.0 (Ubuntu) 我正在使用nginx / 1.10.0(Ubuntu)

I chown the directory and granted it 755 yet still the same. chown了目录并授予它755但还是一样。 Check out the permissions in my directory below. 在下面的目录中查看权限。 

namei -l /var/www/example.com/.well-known                      

 f: /var/www/example.com/.well-known
 drwxr-xr-x root   root /
 drwxr-xr-x root   root var
 drwxr-xr-x root   root www
 drwxr-xr-x cman sudo example.com
 drwxr-xr-x cman sudo .well-known

I also created a working.html file in the /.well-known folder and I load example.com/.well-known/working.html , I got the same 403 Forbidden. 我还在/.well-known文件夹中创建了一个working.html文件,并加载了example.com/.well-known/working.html ,我得到了相同的403 Forbidden。

Nginx.conf Nginx.conf 

 upstream kip_app_server {
   # fail_timeout=0 means we always retry an upstream even if it failed
   # to return a good HTTP response (in case the Gunicorn master nukes a
   # single worker for timing out).

    server unix:/var/www/example.com/src/run/trav.sock fail_timeout=0;
}

server {
      listen 80;
      server_name example.com www.example.com;

 location = /favicon.ico { access_log off; log_not_found off; }
 access_log /var/www/example.com/logs/access.log;
 error_log /var/www/example.com/logs/nerror.log;

 charset utf-8;

 client_max_body_size 75M;

  location /static/ {
       alias /var/www/example.com/src/static/;
   }

   location /media/ {
       alias var/www/example.com/src/media/;
  }

   location ~ /\.well-known {
       allow all;
       alias /var/www/example.com/.well-known/;
    }


    location / {
      include proxy_params;
       proxy_pass http://kip_app_server;
       #proxy_set_header X-Forwarded-Host $server_name;
      #proxy_set_header X-Real-IP $remote_addr;
   }
 }

1 个解决方案

解决方案1
 2 已采纳  2017-01-02 12:47:39

Your code would work if you were not using an alias. 如果您不使用别名,您的代码将起作用。

Try this: 尝试这个: 

location ^~ /.well-known {
   allow all;
   alias /var/www/example.com/.well-known/;
}

or this: 或这个: 

location ^~ /.well-known {
    allow all;
    auth_basic off;
    alias /path/to/.well-known/;
}

When aliasing, the ^ is required. 别名时,需要^。

This is Nginx specific behaviour, to the way they perform matching. 这是Nginx特定于其执行匹配行为的行为。 There is a detailed write-up here on matching logic and caveats, it is confusing: https://github.com/letsencrypt/acme-spec/issues/221 这里有关于匹配逻辑和警告的详细文章,令人困惑: https : //github.com/letsencrypt/acme-spec/issues/221

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 即使提供csrf令牌后也出现403禁止错误 - Getting 403 Forbidden error even after providing csrf token Django / gunicorn / nginx:403禁止 - Django/gunicorn/nginx: 403 Forbidden Nginx 目录禁止 403 django - Nginx directory forbidden 403 django Nginx:403禁止的Nginx / 1.12.1(Ubuntu) - Nginx: 403 Forbidden nginx/1.12.1 (Ubuntu) Nginx,Gunicorn,Virtualenv和Django-禁止使用403 - Nginx, Gunicorn, Virtualenv and Django - 403 Forbidden Nginx 在 Static 文件上抛出 403 禁止访问 - Nginx is throwing an 403 Forbidden on Static Files Centos nginx + django + gunicorn 403 禁止 - Centos nginx + django + gunicorn 403 forbidden Nginx 403 禁止提供大图像 - Nginx 403 Forbidden on serving large images 为什么在发出跨域请求时会出现 403 被禁止 - 即使我的代码正在设置 CRSF cookie - Why do I get 403 forbidden when making a cross-origin request — even though my code is setting a CRSF cookie 无法找到403禁止错误的原因:Nginx Daphne Django - Unable to find cause of 403 Forbidden error: Nginx Daphne Django
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM