nginx 403 Forbidden 错误,没有错误日志。在现有的 ubuntu 20.04 系统上全新安装

nginx 403 Forbidden 错误,没有错误日志。在现有的 ubuntu 20.04 系统上全新安装

尝试了解为什么这个新安装的 nginx 根本不提供任何文件。我的网站配置最低。(上次我检查时 rtmp 还在运行,但已经有一段时间不需要了。刚刚添加了端口 80 配置。我之所以提到它,是因为您会在配置中看到它。)

当我尝试访问此主机(通过 IP 或主机名)时,网页上会显示“403(禁止访问)”错误,而 /var/log/nginx/error.log 文件中没有任何内容。(即使重新启动并重试后,该文件也为零字节。)

我在 serverfault 上找到的所有其他类似问题都在 error.log 文件中提供了帮助。由于 error.log 为空,我创建了这个新问题。

当我尝试使用默认索引功能以及尝试特定文件(例如以下示例)时,会发生这种情况:

    http://hpmicro1
    http://hpmicro1.innerdomain.com
    http://hpmicro1.innerdomain.com/index.html
    http://192.168.1.5
    http://192.168.1.5/index.html
    http://192.168.1.5/index.php

等等。如您所见,这些文件存在,并且归 www-data 所有:

    # ls -l /www/htdocs
    total 60
    -rw-rw-rw- 1 www-data www-data 35752 Jul 17 14:09 dbg-wizard.php
    drwxrwxr-x 2 www-data www-data  4096 Jul 16 08:15 functions
    drwxrwxr-x 2 www-data www-data  4096 Jul 17 12:38 GetChats
    -rw-r--r-- 1 www-data www-data 10918 Jul 18 16:16 index.html
    -rw-rw-rw- 1 www-data www-data    20 Jul 17 14:18 index.php

    # ls -ld /www/htdocs
    drwxrwxr-x 5 www-data dennis 4096 Jul 18 16:22 /www/htdocs

以下是 /etc/nginx/nginx.conf 文件内容:

    # grep -v '^\s*#' /etc/nginx/nginx.conf
    user www-data;
    worker_processes auto;
    pid /run/nginx.pid;
    include /etc/nginx/modules-enabled/*.conf;
    
    events {
            worker_connections 768;
    }
    
    http {
    
    
            sendfile on;
            tcp_nopush on;
            tcp_nodelay on;
            keepalive_timeout 65;
            types_hash_max_size 2048;
    
    
            include /etc/nginx/mime.types;
            default_type application/octet-stream;
    
    
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
            ssl_prefer_server_ciphers on;
    
    
            access_log /var/log/nginx/access.log;
            error_log /var/log/nginx/error.log;
    
    
            gzip on;
    
    
    
            include /etc/nginx/conf.d/*.conf;
            include /etc/nginx/sites-enabled/*;
    }
    
    
    
    
    
    rtmp {
        server {
            listen 1935;
            chunk_size 4096;
            notify_method get;
            
            application WendellLive {
                on_publish http://localhost/auth;
                live on;
                record off;
                record_path /svr/rtmp-recordings;
                record_unique on;
    
                push rtmp://localhost/Wendell_YT;
                }
    
            application Wendell_YT {
                live on;
                record off;
    
                allow publish 127.0.0.1;
                deny publish all;
                push rtmp://a.rtmp.youtube.com/live2/<wendell_yt_stream_key>;
                }
            }
        }
    

以及 /etc/nginx/sites-enabled/default 配置

    # grep -v '^\s*#' default
    
    server {
            listen 80 default_server;
            listen [::]:80 default_server;
    
    
            root /www/htdocs;    # Added - Lovelady - 18-Jul-2021
    
            index index.php index.html index.htm index.nginx-debian.html;
    
            server_name home.lovelady.com;
    
            location / {
                    try_files $uri $uri/ =404;
            }
            location /auth {
                if ($arg_pwd = 'my_secret_not_yours') {
                    return 200;
                    }
                return 401; # Not authorized
                }
    
    
    }

版本信息:

    nginx version: nginx/1.18.0 (Ubuntu)
    
    >>> cat /etc/os-release
    NAME="Ubuntu"
    VERSION="20.04.2 LTS (Focal Fossa)"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu 20.04.2 LTS"
    VERSION_ID="20.04"
    HOME_URL="https://www.ubuntu.com/"
    SUPPORT_URL="https://help.ubuntu.com/"
    BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
    PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
    VERSION_CODENAME=focal
    UBUNTU_CODENAME=focal

/var/log/nginx的内容为:

    # ls -ltr /var/log/nginx/
    total 72
    -rw-r----- 1 www-data adm 480 Apr  5 23:19 error.log.3.gz
    -rw-r----- 1 www-data adm 464 May 20 23:46 access.log.14.gz
    -rw-r----- 1 www-data adm 469 May 21 23:46 access.log.13.gz
    -rw-r----- 1 www-data adm 468 May 22 23:46 access.log.12.gz
    -rw-r----- 1 www-data adm 464 May 23 23:47 access.log.11.gz
    -rw-r----- 1 www-data adm 472 May 24 23:47 access.log.10.gz
    -rw-r----- 1 www-data adm 472 May 25 23:47 access.log.9.gz
    -rw-r----- 1 www-data adm 464 May 26 23:47 access.log.8.gz
    -rw-r----- 1 www-data adm 196 May 27 01:17 access.log.7.gz
    -rw-r----- 1 www-data adm  97 May 28 06:10 error.log.2.gz
    -rw-r----- 1 www-data adm 248 Jun 21 22:31 access.log.6.gz
    -rw-r----- 1 www-data adm 110 Jun 24 12:37 access.log.5.gz
    -rw-r----- 1 www-data adm 153 Jun 25 11:22 access.log.4.gz
    -rw-r----- 1 www-data adm 102 Jun 26 08:22 access.log.3.gz
    -rw-r----- 1 www-data adm 140 Jun 28 21:09 error.log.1
    -rw-r----- 1 www-data adm   0 Jun 29 00:00 error.log
    -rw-r----- 1 www-data adm 275 Jul 16 08:41 access.log.2.gz
    -rw-r----- 1 www-data adm 216 Jul 17 12:50 access.log.1
    -rw-r----- 1 www-data adm 193 Jul 18 16:07 access.log

access.log 有以下一行:

    # cat /var/log/nginx/access.log
    192.168.1.203 - - [18/Jul/2021:16:07:37 -0400] "GET / HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"

请求时 nginx -T 的输出:

    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    # configuration file /etc/nginx/nginx.conf:
    #
    # HUGE help from this site:
    #      https://www.scaleway.com/en/docs/setup-rtmp-streaming-server/
    #
    user www-data;
    worker_processes auto;
    pid /run/nginx.pid;
    include /etc/nginx/modules-enabled/*.conf;
    
    events {
            worker_connections 768;
            # multi_accept on;
    }
    
    http {
    
            ##
            # Basic Settings
            ##
    
            sendfile on;
            tcp_nopush on;
            tcp_nodelay on;
            keepalive_timeout 65;
            types_hash_max_size 2048;
            # server_tokens off;
    
            # server_names_hash_bucket_size 64;
            # server_name_in_redirect off;
    
            include /etc/nginx/mime.types;
            default_type application/octet-stream;
    
            ##
            # SSL Settings
            ##
    
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
            ssl_prefer_server_ciphers on;
    
            ##
            # Logging Settings
            ##
    
            access_log /var/log/nginx/access.log;
            error_log /var/log/nginx/error.log;
    
            ##
            # Gzip Settings
            ##
    
            gzip on;
    
            # gzip_vary on;
            # gzip_proxied any;
            # gzip_comp_level 6;
            # gzip_buffers 16 8k;
            # gzip_http_version 1.1;
            # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    
            ##
            # Virtual Host Configs
            ##
    
            include /etc/nginx/conf.d/*.conf;
            include /etc/nginx/sites-enabled/*;
    }
    
    
    #mail {
    #       # See sample authentication script at:
    #       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
    #
    #       # auth_http localhost/auth.php;
    #       # pop3_capabilities "TOP" "USER";
    #       # imap_capabilities "IMAP4rev1" "UIDPLUS";
    #
    #       server {
    #               listen     localhost:110;
    #               protocol   pop3;
    #               proxy      on;
    #       }
    #
    #       server {
    #               listen     localhost:143;
    #               protocol   imap;
    #               proxy      on;
    #       }
    #}
    
    
    
    rtmp {
        server {
            listen 1935;
            chunk_size 4096;
            notify_method get;
    
            application love-uav {
                on_publish http://localhost/auth;
                live on;
                #Set this to "record off" if you don't want to save a copy of your broadcast:
                #record all;
                record off;
                # The directory in which the recordings will be stored
                record_path /svr/rtmp-recordings;
                record_unique on;
    
                # Restreaming stuff follows
                push rtmp://localhost/love-uav_YT;
                #push rtmp://localhost/love-uav_Twitch;
                #push rtmp://localhost/love-uav_Facebook;
                }
    
            # YouTube application
            application love-uav_YT {
                live on;
                record off;
    
                #only allow localhost to publish
                allow publish 127.0.0.1;
                deny publish all;
                # push URL with the youtube stream key
                push rtmp://a.rtmp.youtube.com/live2/jsqu-54jv-uw68-39tf-xxxx;
                }
    
            # Twitch application
            application love-uav_Twitch {
                live on;
                record off;
    
                #only allow localhost to publish
                allow publish 127.0.0.1;
                deny publish all;
                # push URL with the Twitch stream key
                push rtmp://live-cdg.twitch.tv/app/<love-uav__twitch_stream_key>;
                }
    
            application love-uav_Facebook {
                live on;
                record off;
    
                #only allow localhost to publish
                allow publish 127.0.0.1;
                deny publish all;
                # push URL with the Facebook stream key
                # push rtmps://live-api-s.facebook.com:443/rtmp/<love-uav__facebook_stream_key>;
                }
    
            application WendellLive {
                on_publish http://localhost/auth;
                live on;
                #Set this to "record off" if you don't want to save a copy of your broadcast:
                #record all;
                record off;
                # The directory in which the recordings will be stored
                record_path /svr/rtmp-recordings;
                record_unique on;
    
                # Restreaming stuff follows
                push rtmp://localhost/Wendell_YT;
                #push rtmp://localhost/Wendell_twitch;
                #push rtmp://localhost/Wendell_facebook;
                }
    
            # YouTube application
            application Wendell_YT {
                live on;
                record off;
    
                #only allow localhost to publish
                allow publish 127.0.0.1;
                deny publish all;
                # push URL with the youtube stream key
                push rtmp://a.rtmp.youtube.com/live2/<wendell_yt_stream_key>;
                }
            }
        }
    
    # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
    load_module modules/ngx_http_image_filter_module.so;
    
    # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
    load_module modules/ngx_http_xslt_filter_module.so;
    
    # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
    load_module modules/ngx_mail_module.so;
    
    # configuration file /etc/nginx/modules-enabled/50-mod-rtmp.conf:
    load_module modules/ngx_rtmp_module.so;
    
    # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
    load_module modules/ngx_stream_module.so;
    
    # configuration file /etc/nginx/mime.types:
    
    types {
        text/html                             html htm shtml;
        text/css                              css;
        text/xml                              xml;
        image/gif                             gif;
        image/jpeg                            jpeg jpg;
        application/javascript                js;
        application/atom+xml                  atom;
        application/rss+xml                   rss;
    
        text/mathml                           mml;
        text/plain                            txt;
        text/vnd.sun.j2me.app-descriptor      jad;
        text/vnd.wap.wml                      wml;
        text/x-component                      htc;
    
        image/png                             png;
        image/tiff                            tif tiff;
        image/vnd.wap.wbmp                    wbmp;
        image/x-icon                          ico;
        image/x-jng                           jng;
        image/x-ms-bmp                        bmp;
        image/svg+xml                         svg svgz;
        image/webp                            webp;
    
        application/font-woff                 woff;
        application/java-archive              jar war ear;
        application/json                      json;
        application/mac-binhex40              hqx;
        application/msword                    doc;
        application/pdf                       pdf;
        application/postscript                ps eps ai;
        application/rtf                       rtf;
        application/vnd.apple.mpegurl         m3u8;
        application/vnd.ms-excel              xls;
        application/vnd.ms-fontobject         eot;
        application/vnd.ms-powerpoint         ppt;
        application/vnd.wap.wmlc              wmlc;
        application/vnd.google-earth.kml+xml  kml;
        application/vnd.google-earth.kmz      kmz;
        application/x-7z-compressed           7z;
        application/x-cocoa                   cco;
        application/x-java-archive-diff       jardiff;
        application/x-java-jnlp-file          jnlp;
        application/x-makeself                run;
        application/x-perl                    pl pm;
        application/x-pilot                   prc pdb;
        application/x-rar-compressed          rar;
        application/x-redhat-package-manager  rpm;
        application/x-sea                     sea;
        application/x-shockwave-flash         swf;
        application/x-stuffit                 sit;
        application/x-tcl                     tcl tk;
        application/x-x509-ca-cert            der pem crt;
        application/x-xpinstall               xpi;
        application/xhtml+xml                 xhtml;
        application/xspf+xml                  xspf;
        application/zip                       zip;
    
        application/octet-stream              bin exe dll;
        application/octet-stream              deb;
        application/octet-stream              dmg;
        application/octet-stream              iso img;
        application/octet-stream              msi msp msm;
    
        application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
        application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
        application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;
    
        audio/midi                            mid midi kar;
        audio/mpeg                            mp3;
        audio/ogg                             ogg;
        audio/x-m4a                           m4a;
        audio/x-realaudio                     ra;
    
        video/3gpp                            3gpp 3gp;
        video/mp2t                            ts;
        video/mp4                             mp4;
        video/mpeg                            mpeg mpg;
        video/quicktime                       mov;
        video/webm                            webm;
        video/x-flv                           flv;
        video/x-m4v                           m4v;
        video/x-mng                           mng;
        video/x-ms-asf                        asx asf;
        video/x-ms-wmv                        wmv;
        video/x-msvideo                       avi;
    }
    
    # configuration file /etc/nginx/sites-enabled/default:
    ##
    # You should look at the following URL's in order to grasp a solid understanding
    # of Nginx configuration files in order to fully unleash the power of Nginx.
    # https://www.nginx.com/resources/wiki/start/
    # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
    # https://wiki.debian.org/Nginx/DirectoryStructure
    #
    # In most cases, administrators will remove this file from sites-enabled/ and
    # leave it as reference inside of sites-available where it will continue to be
    # updated by the nginx packaging team.
    #
    # This file will automatically load configuration files provided by other
    # applications, such as Drupal or Wordpress. These applications will be made
    # available underneath a path with that package name, such as /drupal8.
    #
    # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
    ##
    
    # Default server configuration
    #
    server {
            listen 80 default_server;
            listen [::]:80 default_server;
    
            # SSL configuration
            #
            # listen 443 ssl default_server;
            # listen [::]:443 ssl default_server;
            #
            # Note: You should disable gzip for SSL traffic.
            # See: https://bugs.debian.org/773332
            #
            # Read up on ssl_ciphers to ensure a secure configuration.
            # See: https://bugs.debian.org/765782
            #
            # Self signed certs generated by the ssl-cert package
            # Don't use them in a production server!
            #
            # include snippets/snakeoil.conf;
    
            #root /var/www/html; # Commented - Lovelady - 18-Jul-2021
            root /www/htdocs;    # Added - Lovelady - 18-Jul-2021
    
            # Add index.php to the list if you are using PHP
            index index.php index.html index.htm index.nginx-debian.html;
    
            server_name home.lovelady.com;
    
            location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    try_files $uri $uri/ =404;
            }
            location /auth {
                if ($arg_pwd = 'my_secret_not_yours') {
                    return 200;
                    }
                return 401; # Not authorized
                }
    
            # pass PHP scripts to FastCGI server
            #
            #location ~ \.php$ {
            #       include snippets/fastcgi-php.conf;
            #
            #       # With php-fpm (or other unix sockets):
            #       fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
            #       # With php-cgi (or other tcp sockets):
            #       fastcgi_pass 127.0.0.1:9000;
            #}
    
            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /\.ht {
            #       deny all;
            #}
    }
    
    
    # Virtual Host configuration for example.com
    #
    # You can move that to a different file under sites-available/ and symlink that
    # to sites-enabled/ to enable it.
    #
    #server {
    #       listen 80;
    #       listen [::]:80;
    #
    #       server_name example.com;
    #
    #       root /var/www/example.com;
    #       index index.html;
    #
    #       location / {
    #               try_files $uri $uri/ =404;
    #       }
    #}

失败:在此处输入图片描述

相关内容