CentOS 7 + nginx 1.13.1
SELinux - >当前模式:允许
在root帐户下执行所有操作。
/ root / raid与/ usr / share / nginx / html / raid的文件夹相同,因为它是从/ dev / md0安装的:
mount /dev/md0 /usr/share/nginx/html/raid
mount /dev/md0 /root/raid
如果我尝试将nginx.conf中的根文件夹更改为/ usr / share / nginx /之外的smth,如/ root / raid,则会收到403错误:(
这是我的nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
server_name _ server1 server1.domain.com;
root /usr/share/nginx/html/raid;
#root /root/raid;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
我这样做了:
# chown -R nginx:nginx /usr/share/nginx/html/raid
# chmod -R 775 /usr/share/nginx/html/raid
或者这个(不是真的需要,因为他们是同一个文件夹,对吗?):
# chown -R nginx:nginx /root/raid
# chmod -R 775 /root/raid
# ls -la /usr/share/nginx/html/raid
total 28
drwxrwxr-x. 3 nginx nginx 4096 Jun 20 02:56 .
drwxr-xr-x. 3 root root 18 Jun 20 02:56 ..
-rwxrwxr-x. 1 nginx nginx 3650 Oct 31 2016 404.html
-rwxrwxr-x. 1 nginx nginx 537 May 30 18:10 50x.html
-rwxrwxr-x. 1 nginx nginx 924 Jun 16 21:49 index.html
-rwxrwxr-x. 1 nginx nginx 19 Jun 8 18:48 info.php
-rwxrwxr-x. 1 nginx nginx 1 Jun 20 02:56 test
# ls -la /root/raid
total 28
drwxrwxr-x. 3 nginx nginx 4096 Jun 20 02:56 .
dr-xr-x---. 6 root root 192 Jun 20 02:23 ..
-rwxrwxr-x. 1 nginx nginx 3650 Oct 31 2016 404.html
-rwxrwxr-x. 1 nginx nginx 537 May 30 18:10 50x.html
-rwxrwxr-x. 1 nginx nginx 924 Jun 16 21:49 index.html
-rwxrwxr-x. 1 nginx nginx 19 Jun 8 18:48 info.php
-rwxrwxr-x. 1 nginx nginx 1 Jun 20 02:56 test
一旦我将nginx.conf中的根路径改回/ usr / share / nginx / html / raid&该网站正确打开。
我也试过了:
# setsebool -P httpd_can_network_connect on
# chcon -Rt httpd_sys_content_t /root/raid
# chcon -R --reference=/usr/share/nginx /root/raid
在宽容模式下不应该真的需要,对吗?
nginx日志显示以下内容:
/var/log/access.log:
192.168.0.103 - - [20/Jun/2017:12:45:33 +0300] "GET / HTTP/1.1" 403 571 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "-"
/var/log/error.log:
2017/06/20 12:45:33 [error] 18114#18114: *4 "/root/raid/index.html" is forbidden (13: Permission denied), client: 192.168.0.103, server: _, request: "GET / HTTP/1.1", host: "server1.domain.com"
我忘记了什么? :)
答案 0 :(得分:0)
(1)不要将同一设备安装到不同的安装点,这不是根本原因,但不要永远这样做。
(2)挂载点" / root / raid",这是根路径中的DIR" / root"," nginx:nginx"无法读取" / root"中的子目录,对吗?不要在/#34; / root"中挂载/ dev / md0,将挂载点更改为其他逻辑目录,例如" / srv / app / raid"。
(3)如果要更改webroot,更好的方法是使用软链接,例如:
this.addEditUserForm = this.builder.group({
firstName: ['', Validators.required],
lastName: ['', Validators.required],
title: ['', Validators.required],
email: ['', Validators.required],
password: ['', Validators.required],
confirmPass: ['', Validators.required]
},{validator: this.checkIfMatchingPasswords('password', 'confirmPass')});
checkIfMatchingPasswords(passwordKey: string, passwordConfirmationKey: string) {
return (group: FormGroup) => {
let passwordInput = group.controls[passwordKey],
passwordConfirmationInput = group.controls[passwordConfirmationKey];
if (passwordInput.value !== passwordConfirmationInput.value) {
return passwordConfirmationInput.setErrors({notEquivalent: true})
}
else {
return passwordConfirmationInput.setErrors(null);
}
}
}
所以" / other_path / raid"是你的新webroot。