[英]Django/gunicorn/nginx: 403 Forbidden
我已經在StackOverflow和其他教程上花費了幾個小時,但是我不知道為什么當我導航到localhost
時, nginx
為什么返回403 Forbidden
。
這是我的gunicorn啟動腳本(位於應用程序根目錄中):
#!/bin/bash
# http://michal.karzynski.pl/blog/2013/06/09/django-nginx-gunicorn-virtualenv-supervisor/
NAME="mbta_django_gunicorn"
SOCKFILE=run/gunicorn.sock
USER=alexpetralia # the user to run as
GROUP=alexpetralia # the group to run as
NUM_WORKERS=5
DJANGO_SETTINGS_MODULE=mbta_django.settings
DJANGO_WSGI_MODULE=mbta_django.wsgi
echo "Starting $NAME"
# Create the run directory if it doesn't exist
RUNDIR=$(dirname $SOCKFILE)
test -d $RUNDIR || mkdir -p $RUNDIR
# Start Django Unicorn
exec gunicorn ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--user=$USER --group=$GROUP \
# --bind=localhost:8000 \
--bind=unix:$SOCKFILE \
--log-level=debug \
--log-file=- \
--reload
這是我的nginx.conf:
user alexpetralia alexpetralia; # www-data
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
這是我的特定於應用程序的nginxconf文件,該文件位於sites-available
(並鏈接到sites-enabled
):
upstream mbta_django_server {
server unix:/home/alexpetralia/Projects/mbta_django/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
client_max_body_size 4G;
keepalive_timeout 5;
root /home/alexpetralia/Projects/mbta_django/static/;
location /static/ {
autoindex on;
alias /home/alexpetralia/Projects/mbta_django/static/;
}
}
我的主管用於運行gunicorn的設置(更改PATH
以便使用virtualenv):
[program:mbta_gunicorn]
command=/home/alexpetralia/Projects/mbta_django/gunicorn_ctl
stdout_logfile=/home/alexpetralia/Projects/mbta_django/logs/mbta_gunicorn.log
stderr_logfile=/home/alexpetralia/Projects/mbta_django/logs/mbta_gunicorn.log
redirect_stderr=true
autorestart=true
stopsignal=KILL
killasgroup=true
stopasgroup=true
environment=PATH="/home/alexpetralia/Projects/mbta_django/venv/bin"
directory=/home/alexpetralia/Projects/mbta_django
強烈感覺這是一個權限問題,但是我已經在chmod -R 775 mbta_django
應用程序的根文件夾上使用了chmod -R 775 mbta_django
。 我不願意把它chown
。 我不明白為什么,如果gunicorn和nginx一樣都是由正確的用戶加載的,那么就不會出現權限問題。
也許這與金槍魚有關,而不是與nginx有關? 我發現奇怪的是,即使gunicorn正在運行,我也可以訪問我的應用程序(沒有靜態文件),即使它綁定到Unix套接字而不是127.0.0.1:8000。
謝謝。
UPDATE
Nginx錯誤日志(示例,僅此而已):
2016/01/18 16:42:40 [error] 20773#0: *5 directory index of "/home/alexpetralia/Projects/mbta_django/static/" is forbidden, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "localhost"
2016/01/18 16:42:40 [error] 20773#0: *5 directory index of "/home/alexpetralia/Projects/mbta_django/static/" is forbidden, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "localhost"
Gunicorn錯誤日志(樣本中,目錄名稱的部分是來自frmo教程的命令在這里 ):
Starting mbta_django_gunicorn
/home/alexpetralia/Projects/mbta_django/gunicorn_ctl: line 20: dirname: command not found
[2016-01-18 18:03:08 +0000] [1996] [INFO] Starting gunicorn 19.4.5
[2016-01-18 18:03:08 +0000] [1996] [INFO] Listening at: http://127.0.0.1:8000 (1996)
[2016-01-18 18:03:08 +0000] [1996] [INFO] Using worker: sync
[2016-01-18 18:03:08 +0000] [2008] [INFO] Booting worker with pid: 2008
[2016-01-18 18:03:08 +0000] [2009] [INFO] Booting worker with pid: 2009
[2016-01-18 18:03:08 +0000] [2016] [INFO] Booting worker with pid: 2016
[2016-01-18 18:03:08 +0000] [2019] [INFO] Booting worker with pid: 2019
[2016-01-18 18:03:08 +0000] [2022] [INFO] Booting worker with pid: 2022
靜態文件夾的所有權:
alexpetralia@linux-box:~$ namei -ov /home/alexpetralia/Projects/mbta_django/static
f: /home/alexpetralia/Projects/mbta_django/static
d root root /
d root root home
d alexpetralia alexpetralia alexpetralia
d alexpetralia alexpetralia Projects
d alexpetralia alexpetralia mbta_django
d alexpetralia alexpetralia static
靜態文件夾的權限:
drwxr-xr-x 6 alexpetralia alexpetralia 4096 Jan 8 12:43 static
獨角獸工藝:
alexpetralia@linux-box:~/Projects/mbta_django$ ps aux | grep gunicorn
root 1942 0.0 0.4 57416 15972 ? S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+ 1951 0.0 0.8 147648 32100 ? S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+ 1954 0.0 0.8 147660 32100 ? S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+ 1957 0.2 1.6 226280 63612 ? S 18:52 0:01 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+ 1964 0.1 0.8 147676 32100 ? S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+ 1975 0.0 0.8 147688 32108 ? S 18:52 0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
Nginx流程:
alexpetralia@linux-box:~/Projects/mbta_django$ ps aux | grep nginx
root 1362 0.0 0.0 85892 2712 ? Ss 18:52 0:00 nginx: master process /usr/sbin/nginx
alexpet+ 1363 0.0 0.0 86172 3404 ? S 18:52 0:00 nginx: worker process
alexpet+ 1364 0.0 0.0 86172 3404 ? S 18:52 0:00 nginx: worker process
alexpet+ 1365 0.0 0.0 86172 3404 ? S 18:52 0:00 nginx: worker process
alexpet+ 1366 0.0 0.0 86172 3404 ? S 18:52 0:00 nginx: worker process
運行命令“ namei -l / home / alexpetralia / Projects / mbta_django / static”,然后查看所有其他父目錄的權限。
AFAIK,您的用戶必須對靜態目錄具有讀取權限,並且必須在/,/ home /,/ home / alexpetralia,/ home / alexpetralia / Projects / mbta_django,/ home / alexpetralia / Projects / mbta_django / static中具有執行權限。
您僅包含了/ home / alexpetralia / Projects / mbta_django / static的權限
我通過切換到uWSGI解決了這個問題。 這個過程要簡單得多。 nginx conf主目錄中的User:group是alexpetralia alexpetralia
(即/etc/nginx/nginx.conf/
,而下面的nginx conf位於/etc/nginx/sites-enabled/mbta_django
)。
特定於應用的nginx conf:
upstream mbta_django_uwsgi {
server unix:///home/alexpetralia/Projects/mbta_django/run/uwsgi.sock;
}
server {
listen 80;
server_name 127.0.0.1; # or FQDN
charset utf-8;
location /static {
alias /home/alexpetralia/Projects/mbta_django/static;
}
location / {
uwsgi_pass unix:/home/alexpetralia/Projects/mbta_django/run/uwsgi.sock;
include /etc/nginx/uwsgi_params;
}
}
uWSGI命令:
uwsgi --chdir=/home/alexpetralia/Projects/mbta_django --wsgi-file=mbta_django/wsgi.py --processes=5 --socket run/uwsgi.sock --py-autoreload=3
最后,由於未加載特定於應用程序的css文件,因此從根目錄下的所有應用程序收集了靜態信息(在django settings.py
,我有STATIC_ROOT = os.path.join(BASE_DIR, "static")
):
django根文件夾中的./manage.py collectstatic
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.