CenotOS 7 最小安装的 Nginx 静态文件配置

tag-icon tag-icon nginx http localhost
CenotOS 7 最小安装的 Nginx 静态文件配置

我有一个装有 CenotOS 7 最小安装的全新 VM。

我想要的是配置 Nginx 来从 上的目录提供静态文件localhost:80

我的目录是/home/kenny/projects/kcrypt/dist/

以下是我的内容/etc/nginx/nginx.conf

# this is set to root in order to rule out
# any permission related issues.
user root;    

worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        root         /home/kenny/projects/kcrypt/dist/;
        index index.html;

        location / {
        }
    }
}

当我运行时,curl http://localhost我收到以下响应:

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

我已尝试向我能想到的任何目录授予各种权限。

最后我将 Nginx 配置为以 root 身份运行。

我已经多次重新安装了操作系统,但仍然无法运行。

附言

这是我在/var/log/nginx/error.log

2018/02/27 21:33:19 [error] 15689#0: *1 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 21:33:35 [error] 15690#0: *2 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "127.0.0.1"
2018/02/27 21:33:38 [error] 15690#0: *3 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"

我不知道它想要什么...我已经给了它我能给的所有权限。

这是我在根目录中的内容:

[root@vm3 dist]# ll
total 368K
drwxrwxrwx. 2 root root   98 Feb 26 23:16 .
drwxrwxrwx. 6 root root  234 Feb 27 21:26 ..
-rwxrwxrwx. 1 root root 1.2K Feb 26 23:16 favicon.ico
-rwxrwxrwx. 1 root root 1.7K Feb 26 23:16 index.html
-rwxrwxrwx. 1 root root 175K Feb 26 22:53 index.js
-rwxrwxrwx. 1 root root  297 Feb 26 23:16 manifest.json
-rwxrwxrwx. 1 root root 179K Feb 26 22:53 styles.css

PS2 游戏

我曾尝试将我的静态文件放入/var/www/kcrypt/dist/,但没有结果。

我仍然收到相同的错误消息:

2018/02/27 23:18:11 [error] 16157#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 23:20:58 [error] 16535#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 23:21:30 [error] 16564#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"

答案1

您的系统已启用 SELinux。默认情况下,SELinux 不允许 Web 服务器读取用户主目录中的文件。为 Web 服务启用的目录是/var/www(系统包放置文件的位置)和/srv/www(用户在生产环境中应放置文件的位置)。

如果您需要从主目录提供文件,则可以设置 SELinux 布尔值httpd_read_user_content,这将允许读取这些文件。

setsebool -P httpd_read_user_content 1

请记住,SELinux 永远不会允许 Web 服务器在用户主目录中。如果需要,您需要将 Web 内容放置在其他地方,并且使相应的目录可写

还要记住的是,SELinux 是有效的此外常规 UNIX 权限,因此相关文件和目录也必须具有适当的所有权和权限,无论它们适合您的特定用例。

相关内容