last modified by zhoutianju , 2023-06-02 00:54:42
静态文件 403 错误
问题记录
配置:
server {
listen 9233;
charset utf-8;
access_log "/usr/local/nginx/logs/access.log";
error_log "/usr/local/nginx/logs/error.log";
set $dist_dir "/root/xxx/dist/"; # root 权限的目录
location / {
alias "$dist_dir";
expires -1;
}
}
浏览器访问报 Nginx 403,error.log 记录如下错误:
2020/04/20 21:09:56 [error] 8374#0: *79668 "/root/xxx/dist/index.html" is forbidden (13: Permission denied), client: 10.252.148.50, server: , request: "GET / HTTP/1.1", host: "10.9.15.51:9233"
2020/04/20 21:09:56 [error] 8374#0: *79668 open() "/root/xxx/dist/favicon.ico" failed (13: Permission denied), client: 10.252.148.50, server: , request: "GET /favicon.ico HTTP/1.1", host: "10.9.15.51:9233", referrer: "http://10.9.15.51:9233/"
排查解决
ps -ef | grep nginx 查看 Nginx 启动用户,可以看到 nginx worker 进程是用 nobody 启动的:
root 5137 1 0 2019 ? 00:00:00 nginx: master process /usr/local/nginx/nginx
nobody 8374 5137 0 21:09 ? 00:00:00 nginx: worker process
root 18271 7332 0 21:15 pts/5 00:00:00 grep --color nginx
因此需要将 Nginx 启动用户改为 root(和静态文件目录权限一致),修改 $NGINX_HOME/nginx.conf:
# 启动用户,如果不指定则为 nobody
user root;
# 其他配置...
修改后 nginx -s reload,再查 ps -ef | grep nginx,可以看到新的 nginx worker 已经是用 root 启动的了:
root 5137 1 0 2019 ? 00:00:00 nginx: master process /usr/local/nginx/nginx
nobody 8374 5137 0 21:09 ? 00:00:00 nginx: worker process is shutting down
root 17824 5137 0 21:14 ? 00:00:00 nginx: worker process
root 18271 7332 0 21:15 pts/5 00:00:00 grep --color nginx
再次浏览器访问,可以正常访问到静态文件了。
Copyright © 2023 zhoutianju.
All rights reserved.
All rights reserved.