为什么即使所有权限都设置正确，Nginx 还是返回 403? [英] Why does Nginx return a 403 even though all permissions are set properly?

问题描述

我已经设置了 Nginx 并正确显示了测试页面.如果我尝试更改根路径，则会收到 403 Forbidden 错误，即使所有权限都相同.此外，nginx 用户存在.

I have Nginx setup and displaying the test page properly. If I try to change the root path, I get a 403 Forbidden error, even though all permissions are identical. Additionally, the nginx user exists.

nginx.conf:

nginx.conf:

user nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;

pid        /run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    index   index.html index.htm;

    server {
        listen       80;
        server_name  localhost;
        root         /var/www/html; #changed from the default /usr/share/nginx/html
    }
}

namei -om/usr/share/nginx/html/index.html

namei -om /usr/share/nginx/html/index.html

f: /usr/share/nginx/html/index.html
dr-xr-xr-x root root /
drwxr-xr-x root root usr
drwxr-xr-x root root share
drwxr-xr-x root root nginx
drwxr-xr-x root root html
-rw-r--r-- root root index.html

namei -om/var/www/html/index.html

namei -om /var/www/html/index.html

f: /var/www/html/index.html
dr-xr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-xr-x root root html
-rw-r--r-- root root index.html

错误日志

2014/03/23 12:45:08 [错误] 5490#0: *13 open()/var/www/html/index.html"失败(13:权限被拒绝)，客户端:XXX.XX.XXX.XXX，服务器:本地主机，请求:GET/index.html HTTP/1.1"，主机:ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"

2014/03/23 12:45:08 [error] 5490#0: *13 open() "/var/www/html/index.html" failed (13: Permission denied), client: XXX.XX.XXX.XXX, server: localhost, request: "GET /index.html HTTP/1.1", host: "ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"

推荐答案

我遇到了同样的问题，这是由于 SELinux.

I experienced the same problem and it was due to SELinux.

要检查 SELinux 是否正在运行:

To check if SELinux is running:

# getenforce

在下次重启前禁用 SELinux:

To disable SELinux until next reboot:

# setenforce Permissive

重启Nginx，看问题是否依旧.如果您想永久更改设置，您可以编辑 /etc/sysconfig/selinux

Restart Nginx and see if the problem persists. If you would like to permanently alter the settings you can edit /etc/sysconfig/selinux

如果 SELinux 是您的问题，您可以运行以下命令以允许 nginx 为您的 www 目录提供服务(确保在测试之前重新打开 SELinux.即 # setenforce Enforcing)

If SELinux is your problem you can run the following to allow nginx to serve your www directory (make sure you turn SELinux back on before testing this. i.e, # setenforce Enforcing)

# chcon -Rt httpd_sys_content_t /path/to/www

如果您仍有问题，请查看 getsebool -a 中的布尔标志，特别是您可能需要打开 httpd_can_network_connect 以进行网络访问

If you're still having issues take a look at the boolean flags in getsebool -a, in particular you may need to turn on httpd_can_network_connect for network access

# setsebool -P httpd_can_network_connect on

对我来说，允许 http 为我的 www 目录提供服务就足够了.

For me it was enough to allow http to serve my www directory.

这篇关于为什么即使所有权限都设置正确，Nginx 还是返回 403?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！