【已解决】CentOS中修改nginx配置中的root根目录后访问出错403 Forbidden

折腾：

期间，修改了默认配置文件为：

<code>[root@xxx-general-01 nginx]# pwd
/etc/nginx
[root@xxx-general-01 nginx]# cat nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        # root         /usr/share/nginx/html;
        root         /xxx/yyy/www;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/xxx/server.crt";
#        ssl_certificate_key "/xxx/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}
</code>

其中只是改了root的路径而已。

403 Forbidden

nginx/1.12.2

参考：

修改Nginx的网站根目录 | 钟武的技术博客

<code>[root@xxx-general-01 nginx]# tail /var/log/nginx/
access.log  error.log   
[root@xxx-general-01 nginx]# tail /var/log/nginx/error.log
2018/05/02 14:56:19 [error] 17896#0: *14 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109"
2018/05/02 14:56:21 [error] 17896#0: *14 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109"
2018/05/02 14:56:42 [error] 17896#0: *14 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109"
2018/05/02 14:58:19 [error] 17897#0: *21 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109"
2018/05/02 14:58:26 [emerg] 17864#0: "location" directive is not allowed here in /etc/nginx/conf.d/robotDemo_simple.conf:1
2018/05/02 14:58:37 [error] 17897#0: *21 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109"
2018/05/02 14:58:40 [error] 17897#0: *21 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109"
2018/05/02 15:03:55 [error] 18413#0: *25 open() "/root/xxx/www/robotDemo/index.html" failed (13: Permission denied), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109"
2018/05/02 15:03:58 [error] 18413#0: *25 "/root/xxx/www/index.html" is forbidden (13: Permission denied), client: 112.4.64.141, server: _, request: "GET / HTTP/1.1", host: "47.96.131.109"
2018/05/02 15:04:03 [error] 18413#0: *25 "/root/xxx/www/index.html" is forbidden (13: Permission denied), client: 112.4.64.141, server: _, request: "GET / HTTP/1.1", host: "47.96.131.109"
[root@xxx-general-01 nginx]# ll /root/xxx/www/
total 4
drwxr-xr-x 6 root root 4096 May  2 14:18 robotDemo
[root@xxx-general-01 nginx]# chown -R nginx:nginx /root/xxx/www
[root@xxx-general-01 nginx]# ll /root/xxx/www/                 
total 4
drwxr-xr-x 6 nginx nginx 4096 May  2 14:18 robotDemo
[root@xxx-general-01 nginx]# systemctl reload nginx
</code>

结果：

错误依旧。

<code>[root@xxx-general-01 nginx]# ps -ef | grep nginx
root     17864     1  0 11:09 ?        00:00:00 nginx: master process /usr/sbin/nginx
nginx    18431 17864  0 15:07 ?        00:00:00 nginx: worker process
nginx    18432 17864  0 15:07 ?        00:00:00 nginx: worker process
nginx    18433 17864  0 15:07 ?        00:00:00 nginx: worker process
nginx    18434 17864  0 15:07 ?        00:00:00 nginx: worker process
root     18443 18138  0 15:08 pts/3    00:00:00 grep --color=auto nginx
</code>

貌似此处是：

nginx的：

master进程是root用户

worker进程是nginx用户

本来是需要：

去搞清楚，当前运行的nginx的master和woker用户和组，分别是什么：

上面只是搞清楚了用户，但是组不清楚

对于ps输出的信息，还是不完全理解

但是想到了：

可以参考之前的默认的路径：

/usr/share/nginx/html

去看看其user和group分别是什么

<code>[root@xxx-general-01 nginx]# ll  /usr/share/nginx/
total 8
drwxr-xr-x 2 root root 4096 May  2 10:12 html
drwxr-xr-x 2 root root 4096 May  2 10:12 modules
[root@xxx-general-01 nginx]# ll  /usr/share/nginx/html/
total 20
-rw-r--r-- 1 root root 3650 Mar  6 17:26 404.html
-rw-r--r-- 1 root root 3693 Mar  6 17:26 50x.html
-rw-r--r-- 1 root root 3700 Mar  6 17:26 index.html
-rw-r--r-- 1 root root  368 Mar  6 17:26 nginx-logo.png
-rw-r--r-- 1 root root 2811 Mar  6 17:26 poweredby.png
</code>

发现都是root啊

-》那为何我之前的路径下的文件的权限也都是root，竟然还是会出现无法访问的情况？

再去改回来都是root：

<code>[root@xxx-general-01 nginx]# chown root:root /root/xxx/www
[root@xxx-general-01 nginx]# ll /root/xxx/www
total 4
drwxr-xr-x 6 nginx nginx 4096 May  2 14:18 robotDemo
[root@xxx-general-01 nginx]# chown -R root:root /root/xxx/www
[root@xxx-general-01 nginx]# ll /root/xxx/www                
total 4
drwxr-xr-x 6 root root 4096 May  2 14:18 robotDemo
[root@xxx-general-01 nginx]# ll /root/xxx/robotDemo/
total 28
drwxr-xr-x 4 root root 4096 Apr 28 18:20 css
drwxr-xr-x 2 root root 4096 Nov 12  2014 fonts
drwxr-xr-x 2 root root 4096 Apr 27 09:41 img
-rw-r--r-- 1 root root 5666 May  2 13:45 index.html
drwxr-xr-x 5 root root 4096 Apr 28 17:23 js
-rw-r--r-- 1 root root  382 May  2 11:34 robotDemo.conf
</code>

结果：

问题依旧

nginx change root 403

nginx change root 403 Forbidden

nginx 403 forbidden 二种原因«海底苍鹰(tank)博客

403 Forbidden nginx ERROR SHOWING AFTER RESTART. PLEASE HELP | DigitalOcean

Nginx (403 Forbidden) | DigitalOcean

centos – Nginx 403 forbidden for all files – Stack Overflow

说是需要x=execute，可执行权限才可以

再次对比：

<code>[root@xxx-general-01 nginx]# ll /usr/share/nginx/
total 8
drwxr-xr-x 2 root root 4096 May  2 10:12 html
drwxr-xr-x 2 root root 4096 May  2 10:12 modules
[root@xxx-general-01 nginx]# ll /root/xxx/www
total 4
drwxr-xr-x 6 root root 4096 May  2 14:18 robotDemo
[root@xxx-general-01 nginx]# ll /usr/share/nginx/html
total 20
-rw-r--r-- 1 root root 3650 Mar  6 17:26 404.html
-rw-r--r-- 1 root root 3693 Mar  6 17:26 50x.html
-rw-r--r-- 1 root root 3700 Mar  6 17:26 index.html
-rw-r--r-- 1 root root  368 Mar  6 17:26 nginx-logo.png
-rw-r--r-- 1 root root 2811 Mar  6 17:26 poweredby.png
[root@xxx-general-01 nginx]# ll /root/xxx/robotDemo/
total 28
drwxr-xr-x 4 root root 4096 Apr 28 18:20 css
drwxr-xr-x 2 root root 4096 Nov 12  2014 fonts
drwxr-xr-x 2 root root 4096 Apr 27 09:41 img
-rw-r--r-- 1 root root 5666 May  2 13:45 index.html
drwxr-xr-x 5 root root 4096 Apr 28 17:23 js
-rw-r--r-- 1 root root  382 May  2 11:34 robotDemo.conf
</code>

没有发现任何权限上的不一样啊。

<code>[root@xxx-general-01 nginx]# getenforce
Disabled
</code>

nginx 更改根目录 403 Forbidden

更改Nginx网站根目录以及导致的403 forbidden问题解决 – CSDN博客

Nginx 更改网站根目录教程 – 顺便解决403 Forbidden | File not found – CSDN博客

算了，先去给此处目录，全部是777，确保不是权限问题

<code>[root@xxx-general-01 nginx]# chmod -R 777 /rootxxx/web/www/
[root@xxx-general-01 nginx]# ll /root/xxx/www/
total 4
drwxrwxrwx 6 root root 4096 May  2 14:18 robotDemo
[root@xxx-general-01 nginx]# ll /root/xxx/robotDemo/
total 28
drwxrwxrwx 4 root root 4096 Apr 28 18:20 css
drwxrwxrwx 2 root root 4096 Nov 12  2014 fonts
drwxrwxrwx 2 root root 4096 Apr 27 09:41 img
-rwxrwxrwx 1 root root 5666 May  2 13:45 index.html
drwxrwxrwx 5 root root 4096 Apr 28 17:23 js
-rwxrwxrwx 1 root root  382 May  2 11:34 robotDemo.conf
</code>

结果：问题依旧

nginx修改了根目录导致403 forbidden的问题 – 快乐编程

难道是需要父级各个目录，都要有读取权限才可回忆

看了半天，貌似没问题

<code>[root@xxx-general-01 nginx]# ll /root
total 4
-rw-r--r-- 1 root root    0 Apr 10 10:06 mongod.te
drwxr-xr-x 7 root root 4096 Jan 20 22:08 xxx_20180101
[root@xxx-general-01 nginx]# ll /root/xxx
total 20
drwxr-xr-x 2 root root 4096 Jan 20 22:08 conf
drwxr-xr-x 3 root root 4096 Mar 23 10:48 crawler
drwxr-xr-x 2 root root 4096 Jan 14 15:42 data
drwxr-xr-x 2 root root 4096 Jan 20 22:07 nlp
drwxr-xr-x 4 root root 4096 Apr 23 11:28 web
[root@xx-general-01 nginx]# ll /root/xxx
total 8
drwxr-xr-x 4 root root 4096 Apr 26 10:12 server
drwxrwxrwx 3 root root 4096 Apr 23 11:28 www
[root@xx-general-01 nginx]# ll /root/xxx/www/
total 4
drwxrwxrwx 6 root root 4096 May  2 14:18 robotDemo
[root@xxx-general-01 nginx]# ll /root/xxx/robotDemo/
total 28
drwxrwxrwx 4 root root 4096 Apr 28 18:20 css
drwxrwxrwx 2 root root 4096 Nov 12  2014 fonts
drwxrwxrwx 2 root root 4096 Apr 27 09:41 img
-rwxrwxrwx 1 root root 5666 May  2 13:45 index.html
drwxrwxrwx 5 root root 4096 Apr 28 17:23 js
-rwxrwxrwx 1 root root  382 May  2 11:34 robotDemo.conf
</code>

突然发现貌似目录最根部的/root好像other部分是不允许read的：

<code>[root@xxx-general-01 nginx]# ll /
total 72
dr-xr-xr-x  121 root root     0 Apr 24 17:28 proc
dr-xr-x---.  10 root root  4096 Apr 24 14:35 root
drwxr-xr-x   24 root root   680 May  2 15:17 run
</code>

所以参考：

chmod命令_Linux chmod 命令用法详解：用来变更文件或目录的权限

Nginx 更改网站根目录教程 – 顺便解决403 Forbidden | File not found – CSDN博客

去加上：

<code>[root@xxx-general-01 nginx]# chmod a+r /root
[root@xx-general-01 nginx]# ll /root
total 4
-rw-r--r-- 1 root root    0 Apr 10 10:06 mongod.te
drwxr-xr-x 7 root root 4096 Jan 20 22:08 xxx_20180101
</code>

此处，a+r只是：

对于a=all=所有的部分=u+g+o=user+group+other

都加上r=read=读

的权限

结果访问：

http://x.x.x.109/robotDemo/index.html

http://x.x.x.109/robotDemo

http://x.x.x.109/

都不行，错误依旧。

再去加上x权限：

<code>[root@xx-general-01 nginx]# chmod a+x /root/
[root@xx-general-01 nginx]# ll /
dr-xr-xr-x.  10 root root  4096 Apr 24 14:35 root
</code>

结果：

终于可以了：

【总结】

此处，nginx的默认配置：

<code>/etc/nginx/nginx.conf
</code>

中，修改了root的路径：

<code>        # root         /usr/share/nginx/html;
        root         /root/xxx/www;
</code>

结果就

403 Forbidden

了。

然后找到最后，根本原因是：

要确保你所给的路径，的所有的层级，都有r=read和x=execut权限才可以

具体到此处，就是：

<code>[root@xx-general-01 nginx]# ll /
total 72
-rw-r--r--    1 root root   416 Dec 20 16:18 ~
lrwxrwxrwx.   1 root root     7 Oct 15  2017 bin -&gt; usr/bin
dr-xr-xr-x.   5 root root  4096 Apr  2 10:44 boot
drwxr-xr-x   20 root root  3040 Apr 24 17:28 dev
drwxr-xr-x.  85 root root  4096 May  2 10:12 etc
drwxr-xr-x    3 root root  4096 Jan 21 17:58 git
drwxr-xr-x    3 root root  4096 Dec 31 22:08 gitrep
drwxr-xr-x.   4 root root  4096 Dec 31 22:05 home
lrwxrwxrwx.   1 root root     7 Oct 15  2017 lib -&gt; usr/lib
lrwxrwxrwx.   1 root root     9 Oct 15  2017 lib64 -&gt; usr/lib64
drwx------.   2 root root 16384 Oct 15  2017 lost+found
drwxr-xr-x.   2 root root  4096 Nov  5  2016 media
drwxr-xr-x.   2 root root  4096 Nov  5  2016 mnt
drwxr-xr-x.   3 root root  4096 Dec  7 23:12 opt
dr-xr-xr-x  121 root root     0 Apr 24 17:28 proc
dr-xr-xr-x.  10 root root  4096 Apr 24 14:35 root
drwxr-xr-x   24 root root   680 May  2 15:42 run
lrwxrwxrwx.   1 root root     8 Oct 15  2017 sbin -&gt; usr/sbin
drwxr-xr-x.   2 root root  4096 Nov  5  2016 srv
dr-xr-xr-x   13 root root     0 Apr 25 01:28 sys
drwxrwxrwt.  10 root root  4096 May  2 15:42 tmp
drwxr-xr-x.  13 root root  4096 Oct 15  2017 usr
drwxr-xr-x.  19 root root  4096 Oct 15  2017 var
[root@xxx-general-01 nginx]# ll /root
total 4
-rw-r--r-- 1 root root    0 Apr 10 10:06 mongod.te
drwxr-xr-x 7 root root 4096 Jan 20 22:08 xxx_20180101
[root@xxx-general-01 nginx]# ll /root/xxx/
total 20
drwxr-xr-x 2 root root 4096 Jan 20 22:08 conf
drwxr-xr-x 3 root root 4096 Mar 23 10:48 crawler
drwxr-xr-x 2 root root 4096 Jan 14 15:42 data
drwxr-xr-x 2 root root 4096 Jan 20 22:07 nlp
drwxr-xr-x 4 root root 4096 Apr 23 11:28 web
[root@xxx-general-01 nginx]# ll /root/xxx/
total 8
drwxr-xr-x 4 root root 4096 Apr 26 10:12 server
drwxrwxrwx 3 root root 4096 Apr 23 11:28 www
[root@xxx-general-01 nginx]# ll /root/xxx/
total 4
drwxrwxrwx 6 root root 4096 May  2 14:18 robotDemo
[root@xxx-general-01 nginx]# ll /root/xxx/
total 28
drwxrwxrwx 4 root root 4096 Apr 28 18:20 css
drwxrwxrwx 2 root root 4096 Nov 12  2014 fonts
drwxrwxrwx 2 root root 4096 Apr 27 09:41 img
-rwxrwxrwx 1 root root 5666 May  2 13:45 index.html
drwxrwxrwx 5 root root 4096 Apr 28 17:23 js
-rwxrwxrwx 1 root root  382 May  2 11:34 robotDemo.conf
[root@xxx-general-01 nginx]#
</code>

其中尤其是此处的/目录下的root，最开始是没注意到：

没有r和x权限，所以去加了后：

<code>chmod a+r /root
chmod a+x /root
</code>

最后才得以正常运行，消除403错误的。

转载请注明：在路上 » 【已解决】CentOS中修改nginx配置中的root根目录后访问出错403 Forbidden

Post Views: 1,878

【已解决】CentOS中修改nginx配置中的root根目录后访问出错403 Forbidden

与本文相关的文章

Hi，您需要填写昵称和邮箱！