您好,我正在使用 Amazon Ec2 和 Nginx。我最近设置了 nginx,当我访问 blog.com/index.php 时,它会正确显示在浏览器中,但当我访问其他文件扩展名(如 JPEG、PNG、JS 等)时,文件会变成 403。
这是错误日志。
[error] 5637#0: *132 open() "/var/www/html/js/jquery.js" failed (13: Permission denied), client: 10.000.00.00, server: blog.com, request: "GET /js/jquery.min.js HTTP/1.1", host: "blog.com"
js 文件的权限统计(403 Forbiddon)
-rw-r--r-- 1 ec2-user ec2-user 93636 /var/www/html/js/jquery.js
index.php 文件的权限统计
-rw-r--r-- 1 ec2-user ec2-user 1281 /var/www/html/index.php
我的 Nginx 配置文件:
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 8096;
multi_accept on;
use epoll;
}
http {
charset UTF-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 10;
client_header_timeout 10;
client_body_timeout 10;
reset_timedout_connection on;
send_timeout 10;
limit_conn_zone $binary_remote_addr zone=addr:5m;
limit_conn addr 100;
gzip on;
gzip_static on;
gzip_http_version 1.0;
gzip_disable "msie6";
gzip_proxied any;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
index index.html index.htm index.php;
server {
listen 80;
server_name localhost;
root /var/www/html;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~* \.php$ {
location ~* \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
server {
listen 80;
server_name blog.com;
location / {
root /var/www/html;
index index.html index.htm index.php;
}
location ~* \.php$ {
ssi on;
root /var/www/html;
fastcgi_param HTTP_USER_AGENT $http_user_agent;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
}
答案1
ls -alh
使用或命令检查文件/目录权限stat
。似乎可能是权限/所有权问题。
答案2
为了使文件可读,不仅文件需要读取权限,而且所有父目录需要读取权限。我的猜测是,虽然文件 jquery.js 具有正确的权限:
-rw-r--r-- 1 ec2-user ec2-user 93636 /var/www/html/js/jquery.js
,目录js还没有:
-rwxr-x--- 1 ec2-user ec2-user 93636 /var/www/html/js
在这种情况下,在另一个用户(例如www-data
或nginx
)下运行的 nginx 对包含目录没有读取权限,因此无法访问文件 jquery.js。解决方案是更改“js”目录的权限,或将所有权更改为 nginx 用户。