Nginx
nginx突然將所有內容重定向到403頁面,可以調試或跟踪嗎?
我不確定我的
nginx安裝發生了什麼。突然,所有頁面請求都被重定向到該403頁面。昨天我試圖添加一個使用者代理來阻止,從那時起所有的東西都被發送到
nginx403403即使我刪除了$http_user_agentand$http_refererif 語句,所有內容仍會發送到 403。我什
nginx至從備份中恢復了整個文件夾,並且我的所有頁面請求都繼續被定向到 403 頁面….不確定如何解決此問題,conf 文件恢復正常。
nginx當請求進來時,我可以做跟踪嗎?[root@soupcan nginx]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful這是網站的conf:
server { listen 80; server_name localhost; #charset koi8-r; access_log /var/log/nginx/website1/access.log main; error_log /var/log/nginx/website1/error.log; root /srv/www/website1; ## Block http user agent - morpheus fucking scanner ## if ($http_user_agent ~* "morfeus fucking scanner|ZmEu|Morfeus strikes again.|OpenWebSpider v0.1.4 (http://www.openwebspider.org/)") { return 403; } if ($http_referer ~* (semalt.com|WeSEE)) { return 403; } ## Only allow GET and HEAD request methods. By default Nginx blocks ## all requests type other then GET and HEAD for static content. if ($request_method !~ ^(GET|HEAD)$ ) { return 405; } location / { index index.html index.htm index.php; ssi on; } location ~ \.php { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; #fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /srv/www/website1/$fastcgi_script_name; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # Redirect server error pages to the static page error_page 403 404 /error403.html; location = /error403.html { root /usr/share/nginx/html; } }nginx.conf
user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip on; gzip_disable "msie6"; gzip_min_length 1100; gzip_vary on; gzip_proxied any; gzip_buffers 16 8k; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf font/opentype application/vnd.ms-fontobject; server_tokens off; include /etc/nginx/conf.d/*.conf; # Load virtual host configuration files. include /etc/nginx/sites-enabled/*; # BLOCK SPAMMERS IP ADDRESSES include /etc/nginx/conf.d/blockips.conf; }webroot 目錄的權限:
[root@soupcan nginx]# namei -om /srv/www/website1/ f: /srv/www/website1/ dr-xr-xr-x root root / drwxr-xr-x root root srv drwxrwxr-x brian nobody www drwxr-x--x brian nobody website1編輯
發現 CentOS 6.6 和 SELinux 破壞了 nginx。我仍在尋找解決方案,但這就是原因。
編輯 2
解決方案貼在下面。
該問題是由將 CentOS 從 6.5 升級到 6.6 以及 SElinux 如何允許內容類型通過引起的。通過這次升級,SElinux 預設只允許
httpd_t內容通過(類似於他們對待 apache 的方式),並且因為我將所有 web 內容儲存在/srv/www/這些使用者創建的文件夾中,系統沒有自動設置內容標籤。要檢查這一點,請針對您的 webroot 和
/etc/nginx目錄執行以下命令並比較內容類型:ls -Z /srv/www/我已經執行了這些命令並重新啟動
nginx,現在一切正常。grep nginx /var/log/audit/audit.log | audit2allow -m nginx > nginx.te grep nginx /var/log/audit/audit.log | audit2allow -M nginx semodule -i nginx.pp我不確定這個 SElinux 模組是做什麼的,但我發現它正在閱讀這篇關於同一問題的文章。我今天可能會嘗試退出,因為我認為我為解決此問題所做的第二件事確實有效。
[09:15 AM] robotoverlord ~>chcon -Rv --type=httpd_sys_content_t /srv/www/ [09:15 AM] robotoverlord ~> ls -Z /srv/www/ drwxr-xr-x. www-data nobody unconfined_u:object_r:httpd_sys_content_t:s0 website1 [09:15 AM] robotoverlord ~>service nginx restart問題解決了!