使用 nginx 作为代理来提供 Web 应用的静态文件

tag-icon tag-icon nginx python django gunicorn
使用 nginx 作为代理来提供 Web 应用的静态文件

我正在尝试使用 nginx 作为 Web 应用程序的代理(在 gunicorn 上运行的 django)

server  {

    listen                      80;
    server_name                 registry.blabla;

    error_log                   /var/log/nginx/registry.blabla.error.log;
    access_log                  /var/log/nginx/registry.blabla.access.log;

    location /favicon.ico   { access_log off; log_not_found off; }
    location /static        { 
    root            /home/xxx/registry;
    }
#    location /         {
#   try_files       $uri $uri/ @backend;
#    }
    location /          {
        proxy_pass              http://blabla:8989/registryadmin/;

        proxy_redirect          off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size    10m;
        client_body_buffer_size 128k;
        proxy_connect_timeout   90;
        proxy_send_timeout      90;
        proxy_read_timeout      90;
        proxy_buffers           32 4k;

    }

}

代理只是起作用了。我的意思是代理 Web 应用程序起作用了。但是,Web 应用程序的静态文件没有被提供。

查看日志:

==> /var/log/nginx/registry.blabla.error.log <==
2017/05/27 20:31:18 [error] 4262#0: *3 open() "/home/xxx/registry/static/admin/css/base.css" failed (13: Permission denied), client: 172.31.135.23, server: registry.blabla, request: "GET /static/admin/css/base.css HTTP/1.1", host: "registry.blabla", referrer: "http://registry.blabla/"

==> /var/log/nginx/registry.blabla.access.log <==
172.31.135.23 - - [27/May/2017:20:31:18 +0200] "GET /static/admin/css/base.css HTTP/1.1" 403 169 "http://registry.blabla/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/603.2.5 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.5"

==> /var/log/nginx/registry.blabla.error.log <==
2017/05/27 20:31:18 [error] 4262#0: *4 open() "/home/xxx/registry/static/admin/css/dashboard.css" failed (13: Permission denied), client: 172.31.135.23, server: registry.blabla, request: "GET /static/admin/css/dashboard.css HTTP/1.1", host: "registry.blabla", referrer: "http://registry.blabla/"

==> /var/log/nginx/registry.blabla.access.log <==
172.31.135.23 - - [27/May/2017:20:31:18 +0200] "GET /static/admin/css/dashboard.css HTTP/1.1" 403 169 "http://registry.blabla/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/603.2.5 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.5"

您能否就如何解决这个问题提供建议?

编辑:

在评论中添加 selinux 上下文输出请求:

# ls -ldZ /home
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
# ls -ldZ /home/app
drwx------. app app unconfined_u:object_r:user_home_dir_t:s0 /home/app
# ls -ldZ /home/app/registry
drwxrwxr-x. app app unconfined_u:object_r:user_home_t:s0 /home/app/registry

答案1

您的“/home/app”目录具有“700”权限,这限制只有用户“app”才能访问。您需要将其更改为允许“nginx”进程使用的用户 ID 访问。

答案2

您是否尝试过在 /static 后面添加一个斜杠?您也没有告诉 nginx 默认情况下允许从 static 提供哪些服务,因此它假定没有访问权限。

location /static/ {
    root    /home/xxx/registry;
    try_files    $uri $uri/ =404;
}

相关内容