[英]Why I got 403 forbidden with nginx in docker container
I try to set up ssl with Let's Encrypt using this article https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71我尝试使用这篇文章使用 Let's Encrypt 设置 ssl https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71
my nginx config我的 nginx 配置
server {
listen 80;
server_name kcr.ttfr.ru;
server_name www.kcr.ttfr.ru;
root /var/www/k4fntr/public;
index /frontend/index.html;
client_max_body_size 128M;
gzip on; # enable gzip
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log debug;
location / {
try_files /frontend/$uri $uri $uri/ /index.php?$args; # permalinks
client_max_body_size 128M;
}
location ~ /\. {
deny all; # deny hidden files
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all; # deny scripts
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max; # cache static files
try_files /frontend/$uri $uri $uri/ /index.php?$args; # permalinks
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
fastcgi_pass k4fntr_php-fpm:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_read_timeout 300;
}
location /socket.io {
proxy_pass http://k4fntr_echo:6001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location ~ /\.ht {
deny all;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/kcr.ttfr.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kcr.ttfr.ru/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location /.well-known/acme-challenge/ { root /var/www/certbot; }
}
but my challenges were failed because of url /.well-known/acme-challenge/ returns 403:Forbidden但我的挑战失败了,因为 url /.well-known/acme-challenge/ 返回 403:Forbidden
what's wrong with my nginx configuration?我的 nginx 配置有什么问题?
change your location to something like this:将您的位置更改为如下所示:
location /.well-known/acme-challenge {
root /var/www/certbot;
default_type text/plain;
}
another question.另一个问题。 Do you want to redirect all non-http traffic to https?是否要将所有非 http 流量重定向到 https? In that case I would create a server block listen port 80 and another one listen on 443.在这种情况下,我将创建一个服务器块侦听端口 80,另一个侦听端口 443。
server {
listen 80;
server_name domain.io;
location / {
return 301 https://$server_name$request_uri;
}
location /.well-known/acme-challenge {
root root /var/www/certbot;
default_type text/plain;
}
}
server {
listen 443 ssl;
server_name domain.io;
add_header Strict-Transport-Security "max-age=31536000" always;
...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.