Nginx 提供静态文件并被 403 禁止 [英] Nginx serve static file and got 403 forbidden

问题描述

只是想帮助某人.是的，您只想使用 nginx 提供静态文件，并且您在 nginx.conf 中一切正常:

Just want to help somebody out. yes ,you just want to serve static file using nginx, and you got everything right in nginx.conf:

location /static {
       autoindex on;
       #root /root/downloads/boxes/;
       alias /root/downloads/boxes/;
      }

但是，最终，你失败了.您从浏览器收到403 禁止"...

But , in the end , you failed. You got "403 forbidden" from browser...

----------------------------------------答案如下:----------------------------------------

----------------------------------------The Answer Below:----------------------------------------

解决方案非常简单:

方式一:以'/root/downloads/boxes/'所有者的用户身份运行nginx

在 nginx.conf 中:

＃user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;

是的，在第一行 "#user noboy;" ，只需删除 "#" ，并将 "nobody" 更改为您的在 Linux/OS X 中使用自己的用户名，即更改为root"以进行测试.重启nginx.

YES, in the first line "＃user noboy;" , just delete "#" , and change "nobody" to your own username in Linux/OS X, i.e change to "root" for test. The restart nginx.

注意，你最好不要以root的身份运行nginx！这里只是为了测试，对黑客来说很危险.

Attention , You'd better not run nginx as root! Here just for testing, it's dangerous for the Hacker.

更多参考见nginx(X 引擎)– BUM 中的痛苦！[13:权限被拒绝]

方式 2:将/root/downloads/boxes/"所有者更改为www-data"或nobody"

在终端:

ps aux | grep nginx

获取运行 nginx 的用户名.应该是'www-data'或'nobody'，由nginx的版本决定.然后点击终端(例如使用 'www-data'):

Get the username of running nginx . It should be 'www-data' or 'nobody' determined by the version of nginx. Then hit in Terminal(use 'www-data' for example):

chown -R www-data:www-data /root/downloads/boxes/

------------------------------还有一点很重要:------------------------------

------------------------------One More Important Thing Is:------------------------------

这些父目录"/"、"/root"、"/root/downloads"应该赋予execute(x)权限'www-data' 或 'nobody'.即

These parent directories "/", "/root", "/root/downloads" should give the execute(x) permission to 'www-data' or 'nobody'. i.e.

ls -al /root
chmod o+x /root
chmod o+x /root/downloads

有关更多参考，请参阅解决403 Forbidden"错误和Nginx 403 禁止所有文件

For more reference , see Resolving "403 Forbidden" error and Nginx 403 forbidden for all files

推荐答案

您应该授予 nginx 读取文件的权限.这意味着您应该授予运行 nginx 进程的用户读取文件的权限.

You should give nginx permissions to read the file. That means you should give the user that runs the nginx process permissions to read the file.

这个运行 nginx 进程的用户可以使用 nginx 配置中的 user 指令进行配置，通常位于 nginx.conf 顶部的某处:

This user that runs the nginx process is configurable with the user directive in the nginx config, usually located somewhere on the top of nginx.conf:

user www-data

http://wiki.nginx.org/CoreModule#user

你给 user 的第二个参数是组，但如果你不指定它，它使用与用户相同的一个，所以在我的例子中用户和组都是www-data.

The second argument you give to user is the group, but if you don't specify it, it uses the same one as the user, so in my example the user and the group both are www-data.

现在你想用 nginx 服务的文件应该有正确的权限.Nginx 应该有读取文件的权限.您可以授予组 www-data 对文件的读取权限，如下所示:

Now the files you want to serve with nginx should have the correct permissions. Nginx should have permissions to read the files. You can give the group www-data read permissions to a file like this:

chown :www-data my-file.html

http://linux.die.net/man/1/chown

使用chown，您可以更改文件的用户和组所有者.在此命令中，我只更改组，如果您也更改用户，则应在冒号前指定用户名，例如 chown www-data:www-data my-file.html.但是设置正确的组权限应该足以让nginx能够读取文件.

with chown you can change the user and group owner of a file. In this command I only change the group, if you would change the user too you would specify the username BEFORE the colon, like chown www-data:www-data my-file.html. But setting the group permissions correct should be enough for nginx to be able to read the file.

这篇关于Nginx 提供静态文件并被 403 禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！