Django / gunicorn / nginx：403禁止

Question

我已經在StackOverflow和其他教程上花費了幾個小時，但是我不知道為什么當我導航到localhost時， nginx為什么返回403 Forbidden 。

這是我的gunicorn啟動腳本（位於應用程序根目錄中）：

#!/bin/bash
# http://michal.karzynski.pl/blog/2013/06/09/django-nginx-gunicorn-virtualenv-supervisor/

NAME="mbta_django_gunicorn"
SOCKFILE=run/gunicorn.sock 
USER=alexpetralia                                        # the user to run as
GROUP=alexpetralia                                     # the group to run as
NUM_WORKERS=5
DJANGO_SETTINGS_MODULE=mbta_django.settings
DJANGO_WSGI_MODULE=mbta_django.wsgi

echo "Starting $NAME"

# Create the run directory if it doesn't exist
RUNDIR=$(dirname $SOCKFILE)
test -d $RUNDIR || mkdir -p $RUNDIR

# Start Django Unicorn
exec gunicorn ${DJANGO_WSGI_MODULE}:application \
  --name $NAME \
  --workers $NUM_WORKERS \
  --user=$USER --group=$GROUP \
  # --bind=localhost:8000 \
  --bind=unix:$SOCKFILE \
  --log-level=debug \
  --log-file=- \
  --reload

這是我的nginx.conf：

user alexpetralia alexpetralia; # www-data
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;
    gzip_disable "msie6";

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

這是我的特定於應用程序的nginxconf文件，該文件位於sites-available （並鏈接到sites-enabled ）：

upstream mbta_django_server {
    server unix:/home/alexpetralia/Projects/mbta_django/run/gunicorn.sock fail_timeout=0;
}

server {
    listen 80;
    client_max_body_size 4G;
    keepalive_timeout 5;
    root /home/alexpetralia/Projects/mbta_django/static/;

    location /static/ {
        autoindex on;
        alias /home/alexpetralia/Projects/mbta_django/static/;
    }    
}

我的主管用於運行gunicorn的設置（更改PATH以便使用virtualenv）：

[program:mbta_gunicorn]
command=/home/alexpetralia/Projects/mbta_django/gunicorn_ctl
stdout_logfile=/home/alexpetralia/Projects/mbta_django/logs/mbta_gunicorn.log
stderr_logfile=/home/alexpetralia/Projects/mbta_django/logs/mbta_gunicorn.log
redirect_stderr=true
autorestart=true
stopsignal=KILL
killasgroup=true
stopasgroup=true
environment=PATH="/home/alexpetralia/Projects/mbta_django/venv/bin"
directory=/home/alexpetralia/Projects/mbta_django

強烈感覺這是一個權限問題，但是我已經在chmod -R 775 mbta_django應用程序的根文件夾上使用了chmod -R 775 mbta_django 。 我不願意把它chown 。 我不明白為什么，如果gunicorn和nginx一樣都是由正確的用戶加載的，那么就不會出現權限問題。

也許這與金槍魚有關，而不是與nginx有關？ 我發現奇怪的是，即使gunicorn正在運行，我也可以訪問我的應用程序（沒有靜態文件），即使它綁定到Unix套接字而不是127.0.0.1:8000。

謝謝。

UPDATE

Nginx錯誤日志（示例，僅此而已）：

2016/01/18 16:42:40 [error] 20773#0: *5 directory index of "/home/alexpetralia/Projects/mbta_django/static/" is forbidden, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "localhost"
2016/01/18 16:42:40 [error] 20773#0: *5 directory index of "/home/alexpetralia/Projects/mbta_django/static/" is forbidden, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "localhost"

Gunicorn錯誤日志（樣本中，目錄名稱的部分是來自frmo教程的命令在這里 ）：

Starting mbta_django_gunicorn
/home/alexpetralia/Projects/mbta_django/gunicorn_ctl: line 20: dirname: command not found
[2016-01-18 18:03:08 +0000] [1996] [INFO] Starting gunicorn 19.4.5
[2016-01-18 18:03:08 +0000] [1996] [INFO] Listening at: http://127.0.0.1:8000 (1996)
[2016-01-18 18:03:08 +0000] [1996] [INFO] Using worker: sync
[2016-01-18 18:03:08 +0000] [2008] [INFO] Booting worker with pid: 2008
[2016-01-18 18:03:08 +0000] [2009] [INFO] Booting worker with pid: 2009
[2016-01-18 18:03:08 +0000] [2016] [INFO] Booting worker with pid: 2016
[2016-01-18 18:03:08 +0000] [2019] [INFO] Booting worker with pid: 2019
[2016-01-18 18:03:08 +0000] [2022] [INFO] Booting worker with pid: 2022

靜態文件夾的所有權：

alexpetralia@linux-box:~$ namei -ov /home/alexpetralia/Projects/mbta_django/static
f: /home/alexpetralia/Projects/mbta_django/static
d root         root         /
d root         root         home
d alexpetralia alexpetralia alexpetralia
d alexpetralia alexpetralia Projects
d alexpetralia alexpetralia mbta_django
d alexpetralia alexpetralia static

靜態文件夾的權限：

drwxr-xr-x  6 alexpetralia alexpetralia 4096 Jan  8 12:43 static

獨角獸工藝：

alexpetralia@linux-box:~/Projects/mbta_django$ ps aux | grep gunicorn
root      1942  0.0  0.4  57416 15972 ?        S    18:52   0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+  1951  0.0  0.8 147648 32100 ?        S    18:52   0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+  1954  0.0  0.8 147660 32100 ?        S    18:52   0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+  1957  0.2  1.6 226280 63612 ?        S    18:52   0:01 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+  1964  0.1  0.8 147676 32100 ?        S    18:52   0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia
alexpet+  1975  0.0  0.8 147688 32108 ?        S    18:52   0:00 /home/alexpetralia/Projects/mbta_django/venv/bin/python /home/alexpetralia/Projects/mbta_django/venv/bin/gunicorn mbta_django.wsgi:application --name mbta_django_gunicorn --workers 5 --user=alexpetralia --group=alexpetralia

Nginx流程：

alexpetralia@linux-box:~/Projects/mbta_django$ ps aux | grep nginx
root      1362  0.0  0.0  85892  2712 ?        Ss   18:52   0:00 nginx: master process /usr/sbin/nginx
alexpet+  1363  0.0  0.0  86172  3404 ?        S    18:52   0:00 nginx: worker process
alexpet+  1364  0.0  0.0  86172  3404 ?        S    18:52   0:00 nginx: worker process
alexpet+  1365  0.0  0.0  86172  3404 ?        S    18:52   0:00 nginx: worker process
alexpet+  1366  0.0  0.0  86172  3404 ?        S    18:52   0:00 nginx: worker process

Answer 1

運行命令“ namei -l / home / alexpetralia / Projects / mbta_django / static”，然后查看所有其他父目錄的權限。

AFAIK，您的用戶必須對靜態目錄具有讀取權限，並且必須在/，/ home /，/ home / alexpetralia，/ home / alexpetralia / Projects / mbta_django，/ home / alexpetralia / Projects / mbta_django / static中具有執行權限。

您僅包含了/ home / alexpetralia / Projects / mbta_django / static的權限

參考： http : //nginxlibrary.com/403-forbidden-error/

Answer 2

我通過切換到uWSGI解決了這個問題。 這個過程要簡單得多。 nginx conf主目錄中的User：group是alexpetralia alexpetralia （即/etc/nginx/nginx.conf/ ，而下面的nginx conf位於/etc/nginx/sites-enabled/mbta_django ）。

特定於應用的nginx conf：

upstream mbta_django_uwsgi {
    server unix:///home/alexpetralia/Projects/mbta_django/run/uwsgi.sock;
}

server {

    listen      80;
    server_name 127.0.0.1;   # or FQDN
    charset     utf-8;

    location /static {
            alias /home/alexpetralia/Projects/mbta_django/static;
    }

    location / {
        uwsgi_pass  unix:/home/alexpetralia/Projects/mbta_django/run/uwsgi.sock;
        include     /etc/nginx/uwsgi_params;
    }
}

uWSGI命令：

uwsgi --chdir=/home/alexpetralia/Projects/mbta_django --wsgi-file=mbta_django/wsgi.py --processes=5 --socket run/uwsgi.sock --py-autoreload=3

最后，由於未加載特定於應用程序的css文件，因此從根目錄下的所有應用程序收集了靜態信息（在django settings.py ，我有STATIC_ROOT = os.path.join(BASE_DIR, "static") ）：

django根文件夾中的./manage.py collectstatic