Nginx服务静态文件并禁止403 [英] Nginx serve static file and got 403 forbidden

问题描述

只想帮助别人.是的，您只想使用nginx提供静态文件，然后在 nginx.conf 中一切正常:

location /static {
       autoindex on;
       #root /root/downloads/boxes/;
       alias /root/downloads/boxes/;
      }

但是，最后，您失败了.您从浏览器中收到"403禁止访问" ...

---------------------------------------- 以下答案: ----------------------------------------

解决方案非常简单:

---

方法1:以"/root/downloads/boxes/"所有者的身份运行nginx

在 nginx.conf 中:

＃user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;

是，在第一行"#用户noboy; "中，只需删除"#"，然后将" nobody "更改为您的在Linux/OS X中拥有自己的用户名，即更改为" root "进行测试.重新启动nginx.

注意，最好不要以 root 身份运行 nginx ！这里只是为了测试，对于黑客来说是危险的.

有关更多参考，请参见 nginx(引擎X)–烧伤了！ [13:权限被拒绝]

---

方法2:将"/root/downloads/boxes/"所有者更改为"www-data"或"nobody"

在终端中:

ps aux | grep nginx

获取运行nginx的用户名.它应该是'www-data'或'nobody'，具体取决于nginx的版本.然后点击Terminal(例如，使用'www-data'):

chown -R www-data:www-data /root/downloads/boxes/

------------------------------ 另一个重要的事情是: ---- --------------------------

这些父目录"/" ，"/root" ，"/root/downloads" 应该具有execute(x)权限到'www-data'或'nobody'.即

ls -al /root
chmod o+x /root
chmod o+x /root/downloads

有关更多参考，请参见解决"403禁止"错误和解决方案

您应授予nginx读取文件的权限.这意味着您应该授予运行nginx进程的用户读取文件的权限.

运行nginx进程的用户可以使用nginx配置中的user指令进行配置，该指令通常位于nginx.conf顶部的某个位置:

user www-data

http://wiki.nginx.org/CoreModule#user

您提供给user的第二个参数是组，但是，如果您不指定它，则使用与用户相同的参数，因此在我的示例中，用户和组都为www-data. /p>

现在，要与nginx一起提供的文件应具有正确的权限. Nginx应该具有读取文件的权限.您可以向组www-data授予对文件的读取权限，如下所示:

chown :www-data my-file.html

http://linux.die.net/man/1/chown

使用chown的

，您可以更改文件的用户和组所有者.在此命令中，我仅更改组，如果您也要更改用户，则可以在冒号之前指定用户名，例如chown www-data:www-data my-file.html.但是正确设置组权限应该足以使nginx能够读取文件.

Just want to help somebody out. yes ,you just want to serve static file using nginx, and you got everything right in nginx.conf:

location /static {
       autoindex on;
       #root /root/downloads/boxes/;
       alias /root/downloads/boxes/;
      }

But , in the end , you failed. You got "403 forbidden" from browser...

----------------------------------------The Answer Below:----------------------------------------

The Solution is very Simple:

---

Way 1 : Run nginx as the user as the '/root/downloads/boxes/' owner

In nginx.conf :

＃user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;

YES, in the first line "＃user noboy;" , just delete "#" , and change "nobody" to your own username in Linux/OS X, i.e change to "root" for test. The restart nginx.

Attention , You'd better not run nginx as root! Here just for testing, it's dangerous for the Hacker.

For more reference , see nginx (engine X) – What a Pain in the BUM! [13: Permission denied]

---

Way 2 : Change '/root/downloads/boxes/' owner to 'www-data' or 'nobody'

In Terminal:

ps aux | grep nginx

Get the username of running nginx . It should be 'www-data' or 'nobody' determined by the version of nginx. Then hit in Terminal(use 'www-data' for example):

chown -R www-data:www-data /root/downloads/boxes/

------------------------------One More Important Thing Is:------------------------------

These parent directories "/", "/root", "/root/downloads" should give the execute(x) permission to 'www-data' or 'nobody'. i.e.

ls -al /root
chmod o+x /root
chmod o+x /root/downloads

For more reference , see Resolving "403 Forbidden" error and Nginx 403 forbidden for all files

解决方案

You should give nginx permissions to read the file. That means you should give the user that runs the nginx process permissions to read the file.

This user that runs the nginx process is configurable with the user directive in the nginx config, usually located somewhere on the top of nginx.conf:

user www-data

http://wiki.nginx.org/CoreModule#user

The second argument you give to user is the group, but if you don't specify it, it uses the same one as the user, so in my example the user and the group both are www-data.

Now the files you want to serve with nginx should have the correct permissions. Nginx should have permissions to read the files. You can give the group www-data read permissions to a file like this:

chown :www-data my-file.html

http://linux.die.net/man/1/chown

with chown you can change the user and group owner of a file. In this command I only change the group, if you would change the user too you would specify the username BEFORE the colon, like chown www-data:www-data my-file.html. But setting the group permissions correct should be enough for nginx to be able to read the file.

这篇关于Nginx服务静态文件并禁止403的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！