我已经为我的网站在 CentOS 7 VPS 上的 Nginx 上运行。
当我尝试导航到我的网站时,我得到了403 禁止错误。这显然是一个常见问题,但我无法与我遇到的答案联系起来:
以下是默认的 nginx 配置:
server {
listen 80;
server_name <my server ip>;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
这是.conf我的网站:
server {
listen 80;
server_name nativeleaf.co.uk www.nativeleaf.co.uk;
access_log /var/www/html/nativeleaf.co.uk/access.log combined;
root /var/www/html/nativeleaf.co.uk;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
配置如下php-fpm:
; Start a new pool named 'www'.
[www]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php-fpm.sock
; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
listen.owner = nginx
listen.group = nginx
listen.mode = 0750
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
日志检查
tail error.log当我对 Nginx 日志进行操作时,我看到了以下内容:
2018/04/26 14:54:01 [error] 12616#12616: *46 directory index of "/usr/share/nginx/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "nativeleaf.co.uk"
2018/04/26 14:54:02 [error] 12616#12616: *46 directory index of "/usr/share/nginx/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "nativeleaf.co.uk"
2018/04/26 14:54:03 [error] 12616#12616: *46 directory index of "/usr/share/nginx/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "nativeleaf.co.uk"
2018/04/26 15:12:00 [error] 13495#13495: *5 "/usr/share/nginx/html/nativeleaf.co.uk/what-is-yerba-mate/index.html" is not found (2: No such file or directory), client: 194.28.51.189, server: nativeleaf.co.uk, request: "GET /what-is-yerba-mate/ HTTP/1.0", host: "www.nativeleaf.co.uk", referrer: "https://www.nativeleaf.co.uk/what-is-yerba-mate/"
2018/04/26 15:15:43 [error] 14163#14163: *7 directory index of "/var/www/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "www.nativeleaf.co.uk"
2018/04/26 15:15:44 [error] 14163#14163: *7 directory index of "/var/www/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "www.nativeleaf.co.uk"
2018/04/26 15:15:44 [error] 14163#14163: *7 directory index of "/var/www/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "www.nativeleaf.co.uk"
该文件夹的权限如下:
drwxr-xr-x. 7 nginx nginx 4096 Mar 26 07:07 nativeleaf.co.uk
至于里面的文件,权限是:
-rw-r--r--. 1 nginx nginx 418 Mar 23 11:39 index.php
答案1
您server对 nativeleaf.co.uk 的部分未定义如何处理PHP文件,因此它会查找文件index.html,但由于不存在文件而失败并显示directory index forbidden错误。server您称为默认的部分仅处理具有直接 IP 访问的请求,其设置对其他部分没有影响server。
答案2
你失踪了
location / {
try_files $uri $uri/ /index.php;
}
从您的配置中。如果没有这个,nginx 会尝试仅查找系统上的物理文件,而不会尝试将请求传递给 WordPress(根 URI / 除外,由于index index.php;设置,它会传递给 WordPress)。
答案3
你的站点 .conf 文件应该如下所示
server {
listen 80;
#listen [::]:80 default_server; #Enale it if your server have IPv6
server_name nativeleaf.co.uk www.nativeleaf.co.uk;
access_log /var/www/html/nativeleaf.co.uk/access.log combined;
root /var/www/html/nativeleaf.co.uk;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
这是因为 Nginx 默认的 .conf 文件没有包含index.php参数作为默认索引文件,所以当找不到index.html文件时会给出 403 错误。