[英]https nginx 403 forbidden
我在 DigitalOcean 上創建了 droplet,在上面設置了我的 nodeJS 應用程序,連接了我的域並且一切正常,但是我想設置 https 並且我安裝了所有證書等。我在 CentOS 7.5 上運行它,我的 nodeJS 應用程序在這個目錄中:
/home/mdurakovic/mensurdurakovic.com
HTTP 工作正常,但是當我嘗試使用 HTTPS 打開我的網站時,我在瀏覽器中收到錯誤消息
403 Forbidden nginx/1.12.2
所以我查看了 nginx 日志,看到了這個錯誤:
2019/01/02 23:03:39 [error] 11014#0: *1 directory index of "/home/mdurakovic/mensurdurakovic.com/public/" is forbidden, client: 213.149.62.113, server: mensurdurakovic.com, request: "GET / HTTP/2.0", host: "mensurdurakovic.com"
我更改了組權限,因此當我執行此命令時:
f: /home/mdurakovic/mensurdurakovic.com/public/
dr-xr-xr-x root root /
drwxr-xr-x root root home
drwx--x--- mdurakovic nginx mdurakovic
drwxrwxrwx nginx nginx mensurdurakovic.com
drwxrwxrwx nginx nginx public
可以清楚地看到,nginx 有權執行用戶的主目錄,但它仍然不起作用。 任何幫助將不勝感激。
編輯:這是我的/etc/nginx/conf.d/mensurdurakovic.com.conf
文件:
server {
listen 80;
server_name mensurdurakovic.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://68.183.69.186:8080;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mensurdurakovic.com;
root /home/mdurakovic/mensurdurakovic.com/public;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/letsencrypt/live/mensurdurakovic.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mensurdurakovic.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-$
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
resolver 8.8.8.8;
}
您讓 http 連接代理請求,而不是 https。 如果您在 ssl 配置中添加一個塊(並刪除根和解析器),它應該按預期工作:
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://68.183.69.186:8080;
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.