我有一个网站,我正在使用nginx作为网站服务器。 该网站的wordpress博客安装在另一台服务器上。我要实现的是,每当用户输入 [www.thewebhoncho.com/blog /] [1] 时,请求都应发送到博客服务器。因此,为了实现我已将代理从网站服务器传递到博客服务器。但是,当我尝试访问博客服务器时,出现403禁止错误。
请找到配置以更好地理解问题:-
网站服务器nginx配置-
server {
listen 80 ;
#listen [::]:80 default_Server;
server_name thewebhoncho.com www.thewebhoncho.com;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
# SSL configuration
listen 443 ssl default_server;
server_name www.thewebhoncho.com thewebhoncho.com;
ssl_certificate sites-available/thewebhoncho_ssl_cert.pem;
ssl_certificate_key sites-available/thewebhoncho_ssl_key.key;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
location / {
root /var/www/html;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
#root /var/www/html/thewebhoncho/web/;
index index.php index.html;
try_files $uri $uri/ /thewebhoncho/web/index.html;
#try_files $uri/ /index.php?$args;
}
location /phpmyadmin/ {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
#fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
location /blog/ {
proxy_pass http://205.147.101.173;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|eot|otf|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
add_header Cache-Control "public, max-age=31536000, immutable";
access_log off; log_not_found off;
}
location = /robots.txt { access_log off; log_not_found off; }
location ~ /\. { deny all; access_log off; log_not_found off; }
}
博客服务器配置:-
server {
listen 80 ;
#listen [::]:80 default_Server;
server_name 205.147.101.173;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl default_server;
server_name 205.147.101.173;
ssl_certificate sites-available/thewebhoncho_ssl_cert.pem;
ssl_certificate_key sites-available/thewebhoncho_ssl_key.key;
root /var/www/html;
index index.html index.htm index.php;
client_max_body_size 100M;
location /blog/ {
try_files $uri $uri/ index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
博客服务器的错误日志:-
2018/07/19 10:19:20 [error] 3904#3904: *1 directory index of "/var/www/html/blog/" is forbidden, client: 18.188.190.81, server: _, request: "GET /blog/ HTTP/1.0", host: "thewebhoncho.com"
2018/07/19 10:27:37 [error] 3904#3904: *3 directory index of "/var/www/html/blog/" is forbidden, client: 18.188.190.81, server: _, request: "GET /blog/ HTTP/1.0", host: "thewebhoncho.com"
权限:-
root@e2e-14-173:~# ll /var/www/html/blog/
total 292
drwxr-xr-x 8 www-data www-data 4096 Jul 18 23:59 ./
drwxr-xr-x 3 root root 4096 Jul 15 23:03 ../
-rw-r--r-- 1 www-data www-data 38957 Jun 24 08:31 accesstodb.php
-rw-r--r-- 1 www-data www-data 418 Sep 25 2013 index.php
-rw-r--r-- 1 www-data www-data 19935 Jan 6 2018 license.txt
drw-r--r-- 10 www-data www-data 4096 Jun 24 07:20 phpmyadmin/
drwxr-xr-x 2 www-data www-data 4096 Jul 14 17:48 .quarantine/
-rw-r--r-- 1 www-data www-data 7415 Jul 5 17:09 readme.html
-rw-r--r-- 1 www-data www-data 0 Jul 15 22:50 .test
drwxr-xr-x 2 www-data www-data 36864 Jul 14 17:33 .tmb/
-rwxr-xr-x 1 www-data www-data 109 Jul 15 22:52 .user.ini*
-rw-r--r-- 1 www-data www-data 397 Jun 26 12:18 wordfence-waf.php
-rw-r--r-- 1 www-data www-data 5458 May 1 22:10 wp-activate.php
drw-r--r-- 9 www-data www-data 4096 May 17 19:00 wp-admin/
-rw-r--r-- 1 www-data www-data 364 Dec 19 2015 wp-blog-header.php
-rw-r--r-- 1 www-data www-data 1889 May 2 22:11 wp-comments-post.php
-rw-r--r-- 1 www-data www-data 2839 Jul 15 22:53 wp-config.php
drw-r--r-- 8 www-data www-data 4096 Jul 14 17:32 wp-content/
-rw-r--r-- 1 www-data www-data 3669 Aug 20 2017 wp-cron.php
drw-r--r-- 18 www-data www-data 12288 May 17 19:00 wp-includes/
-rw-r--r-- 1 www-data www-data 2422 Nov 21 2016 wp-links-opml.php
-rw-r--r-- 1 www-data www-data 3306 Aug 22 2017 wp-load.php
-rw-r--r-- 1 www-data www-data 37760 May 10 21:05 wp-login.php
-rw-r--r-- 1 www-data www-data 8048 Jan 11 2017 wp-mail.php
-rw-r--r-- 1 www-data www-data 16246 Oct 4 2017 wp-settings.php
-rw-r--r-- 1 www-data www-data 30091 Apr 29 23:10 wp-signup.php
-rw-r--r-- 1 www-data www-data 4620 Oct 23 2017 wp-trackback.php
-rw-r--r-- 1 www-data www-data 3065 Aug 31 2016 xmlrpc.php
答案 0 :(得分:0)
如果您从浏览器直接访问http://205.147.101.173,则会收到403错误。您的主服务器也正在代理该地址,因此显然您也会在此处看到403。
您的博客服务器配置中没有location /,因此如果访问http://205.147.101.173,则会得到403。 http://205.147.101.173/blog应该可以。
proxy_pass设置为http://205.147.101.173/blog。 location /blog/更改为location /,将root /var/www/html更改为root /var/www/html/blog。因此,如果您在浏览器上访问http://205.147.101.173,则应该看到自己的博客。