使用nginx的权限错误zc.buildout

Question

我创建了一个zc.buildout配置，可以使用配置和启动脚本自动安装nginx。

一切正常，但为了成功运行nginx，我必须将其作为sudo运行。我在ubunut下运行这个，只是想知道为什么我必须这样做。 请注意，这是在我的buildout中本地安装的nginx，不是系统范围。

这是我的develop.cfg buildout配置。

[buildout]
extends = buildout.cfg
parts +=
    gunicorn
    pcre-source
    nginx
    webserver
    launcher

[opts]
control-script = ${django:control-script}
user = andre
server_name = localhost
listen_port = 443
media_dir = ${buildout:directory}/cdn/
workers = 2
pidfile = ${buildout:directory}/bin/${opts:control-script}.pid
socketfile = ${buildout:directory}/bin/${opts:control-script}.sock

[gunicorn]
recipe = zc.recipe.egg:scripts
dependent-scripts = true
eggs =
    ${buildout:eggs}
    eventlet
    gunicorn

[pcre-source]
recipe = hexagonit.recipe.download
url = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz
strip-top-level-dir = true

[nginx]
recipe = hexagonit.recipe.cmmi
url = http://nginx.org/download/nginx-1.4.1.tar.gz
environment-section = environment
configure-options =
    --with-pcre=${pcre-source:location}
    --with-http_ssl_module

[webserver]
recipe = gocept.nginx
configuration =

    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       ${buildout:directory}/parts/nginx/conf/mime.types;
        default_type  application/octet-stream;

        sendfile        on;
        keepalive_timeout  70;

        server {
            server_name localhost;
            listen 443;
            access_log  ${logs:access_log};

            ssl on;
            ssl_certificate ${buildout:directory}/dev/server.crt;
            ssl_certificate_key ${buildout:directory}/dev/server.key;

            location ^~ /media/ {
                root ${opts:media_dir};
                expires 31d;
            }

            location ^~ /static/ {
                root ${opts:media_dir};
                expires 31d;
            }

            location / {
                proxy_pass http://unix:${opts:socketfile}:;
                proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_connect_timeout 10;
                proxy_read_timeout 10;

                proxy_set_header X-Scheme $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For  $remote_addr;
                # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
        }
    }

[launcher]
recipe = collective.recipe.template
input = templates/launcher.sh
output = ${buildout:directory}/bin/${opts:control-script}.sh
mode = 755

因此，使用此配置，在运行buildout后，正常运行它：

$ ./bin/webserver start
Starting nginx 
nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)

但是，使用sudo运行它会成功启动：

$ sudo ./bin/webserver start
Starting nginx 
$

Answer 1

端口443低于1024，这意味着它是受保护的端口，只能由root打开。所以你的构建是正确的，你只是遇到了30个旧的unix限制： - ）

在端口8443左右启动nginx可能会正常工作。

一个选项：在buildout上的非特权端口上运行它，但是从一些全局安装的服务器重定向流量。