Nginx:403 禁止某些文件扩展名

Nginx:403 禁止某些文件扩展名

您好,我正在使用 Amazon Ec2 和 Nginx。我最近设置了 nginx,当我访问 blog.com/index.php 时,它会正确显示在浏览器中,但当我访问其他文件扩展名(如 JPEG、PNG、JS 等)时,文件会变成 403。

这是错误日志。

[error] 5637#0: *132 open() "/var/www/html/js/jquery.js" failed (13: Permission denied), client: 10.000.00.00, server: blog.com, request: "GET /js/jquery.min.js HTTP/1.1", host: "blog.com"

js 文件的权限统计(403 Forbiddon)

-rw-r--r-- 1 ec2-user ec2-user 93636 /var/www/html/js/jquery.js

index.php 文件的权限统计

-rw-r--r-- 1 ec2-user ec2-user 1281  /var/www/html/index.php

我的 Nginx 配置文件:

user  nginx;
worker_processes  4;

error_log  /var/log/nginx/error.log;

pid        /var/run/nginx.pid;

events {
    worker_connections  8096;
    multi_accept on;
    use epoll;
}


http {
    charset UTF-8;
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  off;

    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay        on;
    server_tokens     off;

    keepalive_timeout  10;
    client_header_timeout 10;
    client_body_timeout 10;
    reset_timedout_connection on;
    send_timeout 10;
    limit_conn_zone $binary_remote_addr zone=addr:5m;
    limit_conn addr 100;

    gzip  on;
    gzip_static on;
    gzip_http_version 1.0;
    gzip_disable "msie6";
    gzip_proxied any;
    gzip_min_length 1024;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    index   index.html index.htm index.php;

    server {
        listen       80;
        server_name  localhost;
        root         /var/www/html;
        location / {
        }
        error_page  404              /404.html;
        location = /40x.html {
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        }
        location ~* \.php$ {
        location ~* \.php$ {
          fastcgi_index   index.php;
          fastcgi_pass  unix:/var/run/php-fpm.sock;
          include         fastcgi_params;
          fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
          fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
        }

    }


    server {
    listen 80;
    server_name blog.com;

      location / {
          root    /var/www/html;
          index   index.html index.htm index.php;
      }

      location ~* \.php$ {
      ssi on;
      root /var/www/html;
      fastcgi_param HTTP_USER_AGENT  $http_user_agent;
      fastcgi_index   index.php;
      fastcgi_pass   unix:/var/run/php-fpm.sock;
      include         fastcgi_params;
      fastcgi_param   SCRIPT_FILENAME    /var/www/html$fastcgi_script_name;
      fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;

      }

    }

}

答案1

ls -alh使用或命令检查文件/目录权限stat。似乎可能是权限/所有权问题。

答案2

为了使文件可读,不仅文件需要读取权限,而且所有父目录需要读取权限。我的猜测是,虽然文件 jquery.js 具有正确的权限:

-rw-r--r-- 1 ec2-user ec2-user 93636 /var/www/html/js/jquery.js

,目录js还没有:

-rwxr-x--- 1 ec2-user ec2-user 93636 /var/www/html/js

在这种情况下,在另一个用户(例如www-datanginx)下运行的 nginx 对包含目录没有读取权限,因此无法访问文件 jquery.js。解决方案是更改“js”目录的权限,或将所有权更改为 nginx 用户。

相关内容