折腾:
期间,修改了默认配置文件为:
<code>[root@xxx-general-01 nginx]# pwd /etc/nginx [root@xxx-general-01 nginx]# cat nginx.conf # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 default_server; server_name _; # root /usr/share/nginx/html; root /xxx/yyy/www; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } # Settings for a TLS enabled server. # # server { # listen 443 ssl http2 default_server; # listen [::]:443 ssl http2 default_server; # server_name _; # root /usr/share/nginx/html; # # ssl_certificate "/xxx/server.crt"; # ssl_certificate_key "/xxx/server.key"; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 10m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # location / { # } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } } </code>
其中只是改了root的路径而已。
403 Forbidden
nginx/1.12.2
参考:
<code>[root@xxx-general-01 nginx]# tail /var/log/nginx/ access.log error.log [root@xxx-general-01 nginx]# tail /var/log/nginx/error.log 2018/05/02 14:56:19 [error] 17896#0: *14 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109" 2018/05/02 14:56:21 [error] 17896#0: *14 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109" 2018/05/02 14:56:42 [error] 17896#0: *14 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109" 2018/05/02 14:58:19 [error] 17897#0: *21 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109" 2018/05/02 14:58:26 [emerg] 17864#0: "location" directive is not allowed here in /etc/nginx/conf.d/robotDemo_simple.conf:1 2018/05/02 14:58:37 [error] 17897#0: *21 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109" 2018/05/02 14:58:40 [error] 17897#0: *21 open() "/usr/share/nginx/html/robotDemo/index.html" failed (2: No such file or directory), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109" 2018/05/02 15:03:55 [error] 18413#0: *25 open() "/root/xxx/www/robotDemo/index.html" failed (13: Permission denied), client: 112.4.64.141, server: _, request: "GET /robotDemo/index.html HTTP/1.1", host: "47.96.131.109" 2018/05/02 15:03:58 [error] 18413#0: *25 "/root/xxx/www/index.html" is forbidden (13: Permission denied), client: 112.4.64.141, server: _, request: "GET / HTTP/1.1", host: "47.96.131.109" 2018/05/02 15:04:03 [error] 18413#0: *25 "/root/xxx/www/index.html" is forbidden (13: Permission denied), client: 112.4.64.141, server: _, request: "GET / HTTP/1.1", host: "47.96.131.109" [root@xxx-general-01 nginx]# ll /root/xxx/www/ total 4 drwxr-xr-x 6 root root 4096 May 2 14:18 robotDemo [root@xxx-general-01 nginx]# chown -R nginx:nginx /root/xxx/www [root@xxx-general-01 nginx]# ll /root/xxx/www/ total 4 drwxr-xr-x 6 nginx nginx 4096 May 2 14:18 robotDemo [root@xxx-general-01 nginx]# systemctl reload nginx </code>
结果:
错误依旧。
<code>[root@xxx-general-01 nginx]# ps -ef | grep nginx root 17864 1 0 11:09 ? 00:00:00 nginx: master process /usr/sbin/nginx nginx 18431 17864 0 15:07 ? 00:00:00 nginx: worker process nginx 18432 17864 0 15:07 ? 00:00:00 nginx: worker process nginx 18433 17864 0 15:07 ? 00:00:00 nginx: worker process nginx 18434 17864 0 15:07 ? 00:00:00 nginx: worker process root 18443 18138 0 15:08 pts/3 00:00:00 grep --color=auto nginx </code>
貌似此处是:
nginx的:
master进程是root用户
worker进程是nginx用户
本来是需要:
去搞清楚,当前运行的nginx的master和woker用户和组,分别是什么:
上面只是搞清楚了用户,但是组不清楚
对于ps输出的信息,还是不完全理解
但是想到了:
可以参考之前的默认的路径:
/usr/share/nginx/html
去看看其user和group分别是什么
<code>[root@xxx-general-01 nginx]# ll /usr/share/nginx/ total 8 drwxr-xr-x 2 root root 4096 May 2 10:12 html drwxr-xr-x 2 root root 4096 May 2 10:12 modules [root@xxx-general-01 nginx]# ll /usr/share/nginx/html/ total 20 -rw-r--r-- 1 root root 3650 Mar 6 17:26 404.html -rw-r--r-- 1 root root 3693 Mar 6 17:26 50x.html -rw-r--r-- 1 root root 3700 Mar 6 17:26 index.html -rw-r--r-- 1 root root 368 Mar 6 17:26 nginx-logo.png -rw-r--r-- 1 root root 2811 Mar 6 17:26 poweredby.png </code>
发现都是root啊
-》那为何我之前的路径下的文件的权限也都是root,竟然还是会出现无法访问的情况?
再去改回来都是root:
<code>[root@xxx-general-01 nginx]# chown root:root /root/xxx/www [root@xxx-general-01 nginx]# ll /root/xxx/www total 4 drwxr-xr-x 6 nginx nginx 4096 May 2 14:18 robotDemo [root@xxx-general-01 nginx]# chown -R root:root /root/xxx/www [root@xxx-general-01 nginx]# ll /root/xxx/www total 4 drwxr-xr-x 6 root root 4096 May 2 14:18 robotDemo [root@xxx-general-01 nginx]# ll /root/xxx/robotDemo/ total 28 drwxr-xr-x 4 root root 4096 Apr 28 18:20 css drwxr-xr-x 2 root root 4096 Nov 12 2014 fonts drwxr-xr-x 2 root root 4096 Apr 27 09:41 img -rw-r--r-- 1 root root 5666 May 2 13:45 index.html drwxr-xr-x 5 root root 4096 Apr 28 17:23 js -rw-r--r-- 1 root root 382 May 2 11:34 robotDemo.conf </code>
结果:
问题依旧
nginx change root 403
nginx change root 403 Forbidden
nginx 403 forbidden 二种原因«海底苍鹰(tank)博客
403 Forbidden nginx ERROR SHOWING AFTER RESTART. PLEASE HELP | DigitalOcean
Nginx (403 Forbidden) | DigitalOcean
centos – Nginx 403 forbidden for all files – Stack Overflow
说是需要x=execute,可执行权限才可以
再次对比:
<code>[root@xxx-general-01 nginx]# ll /usr/share/nginx/ total 8 drwxr-xr-x 2 root root 4096 May 2 10:12 html drwxr-xr-x 2 root root 4096 May 2 10:12 modules [root@xxx-general-01 nginx]# ll /root/xxx/www total 4 drwxr-xr-x 6 root root 4096 May 2 14:18 robotDemo [root@xxx-general-01 nginx]# ll /usr/share/nginx/html total 20 -rw-r--r-- 1 root root 3650 Mar 6 17:26 404.html -rw-r--r-- 1 root root 3693 Mar 6 17:26 50x.html -rw-r--r-- 1 root root 3700 Mar 6 17:26 index.html -rw-r--r-- 1 root root 368 Mar 6 17:26 nginx-logo.png -rw-r--r-- 1 root root 2811 Mar 6 17:26 poweredby.png [root@xxx-general-01 nginx]# ll /root/xxx/robotDemo/ total 28 drwxr-xr-x 4 root root 4096 Apr 28 18:20 css drwxr-xr-x 2 root root 4096 Nov 12 2014 fonts drwxr-xr-x 2 root root 4096 Apr 27 09:41 img -rw-r--r-- 1 root root 5666 May 2 13:45 index.html drwxr-xr-x 5 root root 4096 Apr 28 17:23 js -rw-r--r-- 1 root root 382 May 2 11:34 robotDemo.conf </code>
没有发现任何权限上的不一样啊。
<code>[root@xxx-general-01 nginx]# getenforce Disabled </code>
nginx 更改根目录 403 Forbidden
更改Nginx网站根目录以及导致的403 forbidden问题解决 – CSDN博客
Nginx 更改网站根目录教程 – 顺便解决403 Forbidden | File not found – CSDN博客
算了,先去给此处目录,全部是777,确保不是权限问题
<code>[root@xxx-general-01 nginx]# chmod -R 777 /rootxxx/web/www/ [root@xxx-general-01 nginx]# ll /root/xxx/www/ total 4 drwxrwxrwx 6 root root 4096 May 2 14:18 robotDemo [root@xxx-general-01 nginx]# ll /root/xxx/robotDemo/ total 28 drwxrwxrwx 4 root root 4096 Apr 28 18:20 css drwxrwxrwx 2 root root 4096 Nov 12 2014 fonts drwxrwxrwx 2 root root 4096 Apr 27 09:41 img -rwxrwxrwx 1 root root 5666 May 2 13:45 index.html drwxrwxrwx 5 root root 4096 Apr 28 17:23 js -rwxrwxrwx 1 root root 382 May 2 11:34 robotDemo.conf </code>
结果:问题依旧
nginx修改了根目录导致403 forbidden的问题 – 快乐编程
难道是需要父级各个目录,都要有读取权限才可回忆
看了半天,貌似没问题
<code>[root@xxx-general-01 nginx]# ll /root total 4 -rw-r--r-- 1 root root 0 Apr 10 10:06 mongod.te drwxr-xr-x 7 root root 4096 Jan 20 22:08 xxx_20180101 [root@xxx-general-01 nginx]# ll /root/xxx total 20 drwxr-xr-x 2 root root 4096 Jan 20 22:08 conf drwxr-xr-x 3 root root 4096 Mar 23 10:48 crawler drwxr-xr-x 2 root root 4096 Jan 14 15:42 data drwxr-xr-x 2 root root 4096 Jan 20 22:07 nlp drwxr-xr-x 4 root root 4096 Apr 23 11:28 web [root@xx-general-01 nginx]# ll /root/xxx total 8 drwxr-xr-x 4 root root 4096 Apr 26 10:12 server drwxrwxrwx 3 root root 4096 Apr 23 11:28 www [root@xx-general-01 nginx]# ll /root/xxx/www/ total 4 drwxrwxrwx 6 root root 4096 May 2 14:18 robotDemo [root@xxx-general-01 nginx]# ll /root/xxx/robotDemo/ total 28 drwxrwxrwx 4 root root 4096 Apr 28 18:20 css drwxrwxrwx 2 root root 4096 Nov 12 2014 fonts drwxrwxrwx 2 root root 4096 Apr 27 09:41 img -rwxrwxrwx 1 root root 5666 May 2 13:45 index.html drwxrwxrwx 5 root root 4096 Apr 28 17:23 js -rwxrwxrwx 1 root root 382 May 2 11:34 robotDemo.conf </code>
突然发现貌似目录最 根部的/root好像other部分是不允许read的:
<code>[root@xxx-general-01 nginx]# ll / total 72 dr-xr-xr-x 121 root root 0 Apr 24 17:28 proc dr-xr-x---. 10 root root 4096 Apr 24 14:35 root drwxr-xr-x 24 root root 680 May 2 15:17 run </code>
所以参考:
chmod命令_Linux chmod 命令用法详解:用来变更文件或目录的权限
Nginx 更改网站根目录教程 – 顺便解决403 Forbidden | File not found – CSDN博客
去加上:
<code>[root@xxx-general-01 nginx]# chmod a+r /root [root@xx-general-01 nginx]# ll /root total 4 -rw-r--r-- 1 root root 0 Apr 10 10:06 mongod.te drwxr-xr-x 7 root root 4096 Jan 20 22:08 xxx_20180101 </code>
此处,a+r只是:
对于a=all=所有的部分=u+g+o=user+group+other
都加上r=read=读
的权限
结果访问:
http://x.x.x.109/robotDemo/index.html
http://x.x.x.109/robotDemo
http://x.x.x.109/
都不行,错误依旧。
再去加上x权限:
<code>[root@xx-general-01 nginx]# chmod a+x /root/ [root@xx-general-01 nginx]# ll / dr-xr-xr-x. 10 root root 4096 Apr 24 14:35 root </code>
结果:
终于可以了:
【总结】
此处,nginx的默认配置:
<code>/etc/nginx/nginx.conf </code>
中,修改了root的路径:
<code> # root /usr/share/nginx/html; root /root/xxx/www; </code>
结果就
403 Forbidden
了。
然后找到最后,根本原因是:
要确保你所给的路径,的所有的层级,都有r=read和x=execut权限才可以
具体到此处,就是:
<code>[root@xx-general-01 nginx]# ll / total 72 -rw-r--r-- 1 root root 416 Dec 20 16:18 ~ lrwxrwxrwx. 1 root root 7 Oct 15 2017 bin -> usr/bin dr-xr-xr-x. 5 root root 4096 Apr 2 10:44 boot drwxr-xr-x 20 root root 3040 Apr 24 17:28 dev drwxr-xr-x. 85 root root 4096 May 2 10:12 etc drwxr-xr-x 3 root root 4096 Jan 21 17:58 git drwxr-xr-x 3 root root 4096 Dec 31 22:08 gitrep drwxr-xr-x. 4 root root 4096 Dec 31 22:05 home lrwxrwxrwx. 1 root root 7 Oct 15 2017 lib -> usr/lib lrwxrwxrwx. 1 root root 9 Oct 15 2017 lib64 -> usr/lib64 drwx------. 2 root root 16384 Oct 15 2017 lost+found drwxr-xr-x. 2 root root 4096 Nov 5 2016 media drwxr-xr-x. 2 root root 4096 Nov 5 2016 mnt drwxr-xr-x. 3 root root 4096 Dec 7 23:12 opt dr-xr-xr-x 121 root root 0 Apr 24 17:28 proc dr-xr-xr-x. 10 root root 4096 Apr 24 14:35 root drwxr-xr-x 24 root root 680 May 2 15:42 run lrwxrwxrwx. 1 root root 8 Oct 15 2017 sbin -> usr/sbin drwxr-xr-x. 2 root root 4096 Nov 5 2016 srv dr-xr-xr-x 13 root root 0 Apr 25 01:28 sys drwxrwxrwt. 10 root root 4096 May 2 15:42 tmp drwxr-xr-x. 13 root root 4096 Oct 15 2017 usr drwxr-xr-x. 19 root root 4096 Oct 15 2017 var [root@xxx-general-01 nginx]# ll /root total 4 -rw-r--r-- 1 root root 0 Apr 10 10:06 mongod.te drwxr-xr-x 7 root root 4096 Jan 20 22:08 xxx_20180101 [root@xxx-general-01 nginx]# ll /root/xxx/ total 20 drwxr-xr-x 2 root root 4096 Jan 20 22:08 conf drwxr-xr-x 3 root root 4096 Mar 23 10:48 crawler drwxr-xr-x 2 root root 4096 Jan 14 15:42 data drwxr-xr-x 2 root root 4096 Jan 20 22:07 nlp drwxr-xr-x 4 root root 4096 Apr 23 11:28 web [root@xxx-general-01 nginx]# ll /root/xxx/ total 8 drwxr-xr-x 4 root root 4096 Apr 26 10:12 server drwxrwxrwx 3 root root 4096 Apr 23 11:28 www [root@xxx-general-01 nginx]# ll /root/xxx/ total 4 drwxrwxrwx 6 root root 4096 May 2 14:18 robotDemo [root@xxx-general-01 nginx]# ll /root/xxx/ total 28 drwxrwxrwx 4 root root 4096 Apr 28 18:20 css drwxrwxrwx 2 root root 4096 Nov 12 2014 fonts drwxrwxrwx 2 root root 4096 Apr 27 09:41 img -rwxrwxrwx 1 root root 5666 May 2 13:45 index.html drwxrwxrwx 5 root root 4096 Apr 28 17:23 js -rwxrwxrwx 1 root root 382 May 2 11:34 robotDemo.conf [root@xxx-general-01 nginx]# </code>
其中尤其是此处的/目录下的root,最开始是没注意到:
没有r和x权限,所以去加了后:
<code>chmod a+r /root chmod a+x /root </code>
最后才得以正常运行,消除403错误的。
转载请注明:在路上 » 【已解决】CentOS中修改nginx配置中的root根目录后访问出错403 Forbidden