Ubuntu

ubuntu + nginx + 乘客伺服器上的 403 禁止響應

  • November 2, 2014

我正在嘗試在我的 Digital Ocean VPS 上部署我的 Rails 應用程序,但是當我訪問 IP 地址時我得到了 403。

這是我的錯誤日誌的輸出:

[ 2014-11-02 04:18:12.0511 23504/7f64e6a36780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '23503', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-11-02 04:18:12.0628 23507/7f544fe55780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.23503/generation-0/request
[ 2014-11-02 04:18:12.1029 23512/7fd0a6b6b7c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.23503/generation-0/logging
[ 2014-11-02 04:18:12.1035 23504/7f64e6a36780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[ 2014-11-02 04:18:12.1191 23512/7fd0a6b6b7c0 agents/LoggingAgent/Main.cpp:289 ]: Caught signal, exiting...
[ 2014-11-02 04:18:13.1537 23534/7f9940e05780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '23533', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-11-02 04:18:13.1632 23537/7fa7dc711780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.23533/generation-0/request
[ 2014-11-02 04:18:13.1788 23542/7fd3b4c307c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.23533/generation-0/logging
[ 2014-11-02 04:18:13.1792 23534/7f9940e05780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[ 2014-11-02 04:40:54.6081 25129/7fd334fd9780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '25128', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-11-02 04:40:54.6228 25132/7fe9a63c6780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.25128/generation-0/request
[ 2014-11-02 04:40:54.6460 25137/7f157336b7c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.25128/generation-0/logging
[ 2014-11-02 04:40:54.6464 25129/7fd334fd9780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
2014/11/02 04:40:55 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:40:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:41:57 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:41:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:41:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:10 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:11 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"

所以看起來權限/home/deploy/movieseat/current/public/不正確。

我已經習慣sudo chown -R root:deploy public/了更改權限。這是我現在檢查權限時的結果:

deploy@movieseat:~/movieseat/current$ stat public
 File: 'public'
 Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: fd01h/64769d    Inode: 1200531     Links: 3
Access: (0775/drwxrwxr-x)  Uid: (    0/    root)   Gid: ( 1000/  deploy)
Access: 2014-11-02 05:01:43.317270999 -0500
Modify: 2014-11-02 04:31:30.497270999 -0500
Change: 2014-11-02 05:01:43.317270999 -0500
Birth: -

我已經重新啟動了我的 NGINX,但我仍然得到了 403。有人能指出問題可能出在哪裡嗎?

更新

sudo vim /etc/nginx/sites-enabled/default

   server {
           listen 80 default_server;
           listen [::]:80 default_server ipv6only=on;

           root /home/deploy/movieseat/current/public;
           index index.html index.htm;

           # Make site accessible from http://localhost/
           server_name localhost;

           location / {
                   # First attempt to serve request as file, then
                   # as directory, then fall back to displaying a 404.
                   try_files $uri $uri/ =404;
                   # Uncomment to enable naxsi on this location
                   # include /etc/nginx/naxsi.rules
           }

更新 2

stat current
 File: 'current' -> '/home/deploy/movieseat/releases/20141102093117'
 Size: 46          Blocks: 0          IO Block: 4096   symbolic link
Device: fd01h/64769d    Inode: 1200822     Links: 1
Access: (0777/lrwxrwxrwx)  Uid: ( 1000/  deploy)   Gid: ( 1000/  deploy)
Access: 2014-11-02 04:39:56.921270999 -0500
Modify: 2014-11-02 04:31:39.601270999 -0500
Change: 2014-11-02 04:31:39.601270999 -0500

更新 3

stat 20141102093117

deploy@movieseat:~/movieseat/releases$ stat 20141102093117
 File: '20141102093117'
 Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: fd01h/64769d    Inode: 1200364     Links: 11
Access: (0775/drwxrwxr-x)  Uid: ( 1000/  deploy)   Gid: ( 1000/  deploy)
Access: 2014-11-02 04:42:58.721270999 -0500
Modify: 2014-11-02 04:31:39.537270999 -0500
Change: 2014-11-02 04:31:39.537270999 -0500
Birth: -

更新 4

我的乘客配置

   ##
   # Phusion Passenger config
   ##
   # Uncomment it if you installed passenger or passenger-enterprise
   ##

   passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
   # passenger_ruby /usr/bin/ruby;
   passenger_ruby /home/deploy/.rbenv/shims/ruby;
   ##
   # Virtual Host Configs
   ##

   include /etc/nginx/conf.d/*.conf;
   include /etc/nginx/sites-enabled/*;

這意味著您在/home/deploy/movieseat/current/public.

因此,通過確保 nginxuser有權讀取其內容來添加它……預設情況下,nginx 使用者是nginx. 而且您正在賦予 userroot和 group權限deploy。因此,請確保將 nginx 使用者添加到deploy組中。

刪除此allow all;指令,它與您的問題無關。

保留第一次更新時的配置 ( try_files)。

添加全部允許;到地點:

例子:

   location /files {
          allow all;
   }

如果文件夾位於:/home/deploy/movieseat/current/public/files

在您的情況下使用:

   location / {
      allow all;
   }

哪個使用者正在執行 nginx?

引用自:https://serverfault.com/questions/641413