我正在尝试使用 nginx 作为 Web 应用程序的代理(在 gunicorn 上运行的 django)
server {
listen 80;
server_name registry.blabla;
error_log /var/log/nginx/registry.blabla.error.log;
access_log /var/log/nginx/registry.blabla.access.log;
location /favicon.ico { access_log off; log_not_found off; }
location /static {
root /home/xxx/registry;
}
# location / {
# try_files $uri $uri/ @backend;
# }
location / {
proxy_pass http://blabla:8989/registryadmin/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
}
}
代理只是起作用了。我的意思是代理 Web 应用程序起作用了。但是,Web 应用程序的静态文件没有被提供。
查看日志:
==> /var/log/nginx/registry.blabla.error.log <==
2017/05/27 20:31:18 [error] 4262#0: *3 open() "/home/xxx/registry/static/admin/css/base.css" failed (13: Permission denied), client: 172.31.135.23, server: registry.blabla, request: "GET /static/admin/css/base.css HTTP/1.1", host: "registry.blabla", referrer: "http://registry.blabla/"
==> /var/log/nginx/registry.blabla.access.log <==
172.31.135.23 - - [27/May/2017:20:31:18 +0200] "GET /static/admin/css/base.css HTTP/1.1" 403 169 "http://registry.blabla/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/603.2.5 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.5"
==> /var/log/nginx/registry.blabla.error.log <==
2017/05/27 20:31:18 [error] 4262#0: *4 open() "/home/xxx/registry/static/admin/css/dashboard.css" failed (13: Permission denied), client: 172.31.135.23, server: registry.blabla, request: "GET /static/admin/css/dashboard.css HTTP/1.1", host: "registry.blabla", referrer: "http://registry.blabla/"
==> /var/log/nginx/registry.blabla.access.log <==
172.31.135.23 - - [27/May/2017:20:31:18 +0200] "GET /static/admin/css/dashboard.css HTTP/1.1" 403 169 "http://registry.blabla/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/603.2.5 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.5"
您能否就如何解决这个问题提供建议?
编辑:
在评论中添加 selinux 上下文输出请求:
# ls -ldZ /home
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
# ls -ldZ /home/app
drwx------. app app unconfined_u:object_r:user_home_dir_t:s0 /home/app
# ls -ldZ /home/app/registry
drwxrwxr-x. app app unconfined_u:object_r:user_home_t:s0 /home/app/registry
答案1
您的“/home/app”目录具有“700”权限,这限制只有用户“app”才能访问。您需要将其更改为允许“nginx”进程使用的用户 ID 访问。
答案2
您是否尝试过在 /static 后面添加一个斜杠?您也没有告诉 nginx 默认情况下允许从 static 提供哪些服务,因此它假定没有访问权限。
location /static/ {
root /home/xxx/registry;
try_files $uri $uri/ =404;
}