nginx专题

  1. 云栖社区>
  2. 博客>
  3. 正文

nginx专题

developerguy 2016-07-12 20:11:00 浏览623
展开阅读全文

rewrite通过正则表达式的使用来改变URI,可以同时存在一个或者多个指令,按照顺序依次对URL进行匹配和处理(使用break可以依次处理,其它不可以)。

rewrite语法:rewrite regex replacement [falg];regex用于匹配URI的正则表达式。使用括号“()”标记想要截取的内容。
flag由以下几个选项:last,break,redirect,permanent

说明:
rewrite接收到的URI不包含host地址。因此regex不可能匹配到URI的host地址
例如URL:  http://myweb.com/source?arg1=value1&arg2=value2
rewrite指令接收到的URI为"/source“,不包含"?arg1=value1&arg2=value2"
replace,匹配成功后用于替换URI中被截取内容的字符串。默认情况下,如果该字符串是由”http://"或者"https://"开头的,则不会继续向下对URI进行其它处理,而直接将重写后的URI返回给客户端。

rewrite模块接收到的URI不包含URL中的请求信息(queryString),如果我们希望将这些指令传给重写后的URI,需要怎么做呢?
Nginx全局变量$request_uri可以帮忙,
rewrite  myweb.com  http://example.com$request_uri? permanent;

几个名词解析:

$request_uri
This variable is equal to the *original* request URI as received from the client including the args. 
It cannot be modified. Look at $uri for the post-rewrite/altered URI. Does not include host name. 
Example: "/foo/bar.php?arg=baz" 
这个变量等于从客户端发送来的原生请求URI,包括参数。它不可以进行修改。$uri变量反映的是重写后/改变的URI。不包括主机名。
例如:"/foo/bar.php?arg=baz"
 
$uri
This variable is the current request URI, without any arguments (see argsforthose).
This variable will reflect any modification sdonesofarbyinternalredirectsortheindexmodule.
Note this maybe different from args for those).
This variable will reflect any modificationsdones ofarbyinternalredirectsortheindexmodule.
Notethismaybedifferentfromrequest_uri, as $request_uri is what was originally sent by the browser before any such modifications. 
Does not include the protocol or host name. Example: /foo/bar.html 
这个变量指当前的请求URI,不包括任何参数(见args)。这个变量反映任何内部重定向或index模块所做的修改。
注意,这和args)。这个变量反映任何内部重定向或index模块所做的修改。注意,这和request_uri不同,因$request_uri是浏览器发起的不做任何修改的原生URI。
不包括协议及主机名。例如:"/foo/bar.html"
 
$document_uri
The same as $uri. 
同$uri.

 




处理query_string
(1)什么是query_string:
http://i.cnblogs.com/EditPosts.aspx?opt=1

上面链接中的?后面的opt=1就是query_string,即url中?后面的都是
(2)nginx中如何获取到上面的值。本例以query_string有一个key为例,多个就是多个正则引用$1,$2的区别而已
nginx中全局变量$args和$query_string中存放的数据就是请求的url中带的query_string
如何获取query_string中key对应的value呢,以上面的链接为例,就是key:opt 对应的value: 1

方法1:下面使用了permanent,因为使用last没有生效。那个大神给看看是什么原因
last没有生效的原因是:
last,终止继续在本location块中处理接收到的URI,并将此处重写的URI作为一个新的URI,使用各location块进行处理。
last标志将重写后的URI重新在server块中执行,为重写后的URI提供了转入到其它location块的机会
看到这时,是不是有的小伙伴已经发现一个bug,下面的是不是就死循环了:
location /myweb/{

  rewrite ^(/myweb/.*)/media/(.*)\..*$  myweb/$1/mp3/$2.mp3 last;

}
的确会出现死循环,
因为使用last,相当于一个新请求进来,再重新走一遍location。重写后的URI会被该location块重新匹配到
Nginx服务器遇到这种情况,会尝试10次循环之后返回错误状态代码500

rewrite中与last容易混淆的几个用来设置rewrite对URI处理行为的flag,也简单介绍一下:
break,将此处重写的URI作为一个新的URI,在本块中继续进行处理。该标志将重写后的地址在当前的location块中执行,不会将新的URI转向到其他location块
redirect,将重写后的URI返回给客户端,状态代码为302,指明是临时重定向URI,主要用在replacement变量不是以"http://"或"https://"开头的情况下
permanent,将重写后的URI返回给客户端,状态代码301,指明是永久重定向URI,


location /EditPosts.aspx {
            if ($args ~ opt=(\d+)){
	        set $opt $1;  #将截取到的opt对应的值$1赋值给变量$opt(变量必须以$开头,并且不能与nginx预设的全局变量同名)以备后用。
                rewrite  /(.*)\.aspx  /$1/$opt? permanent;   #最后的?很关键,表示正则结束,不然rewrite后的url会变成/EditPosts/1?opt=1
            }
 }

在正则表达式中可以,可以使用小括号对变量值进行截取,在花括号中使用$1...$9引用截取的值(注意,$后面的数字从1开始的哦)

方法2:

      location /EditPosts.aspx {
            if ($args ~ opt=(\d+)){
                rewrite  /(\w*)\.aspx  /$1/$arg_opt? permanent; #即$arg_query_string中key代表的字符串  				
            }  	
        }		

 



log_format及nginx的部分预设全局变量的值:

    log_format  main '$remote_addr - $remote_user [$time_local]  "$uri" - "$request_uri" -"$request" -"$status"     "$http_referer" "$http_user_agent" '
	                 ' "$http_x_forwarded_for"  "$request_time" '
	                 '[$cookie_customerID_cookie_flag] [$args]'
	;	

127.0.0.1 - - [11/Jul/2016:17:11:56 +0800]  "/bbs/index.html" - "/bbs/" -"GET /bbs/ HTTP/1.1" -"200"     "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36"  "-"  "0.000" [-] [-]
127.0.0.1 - - [11/Jul/2016:17:11:57 +0800]  "/vender/AdminLTE/AdminLTE.min.css" - "/vender/AdminLTE/AdminLTE.min.css" -"GET /vender/AdminLTE/AdminLTE.min.css HTTP/1.1" -"200"     "http://localhost/bbs/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36"  "-"  "0.000" [-] [-]
127.0.0.1 - - [11/Jul/2016:17:11:57 +0800]  "/vender/bootstrap_v3.3.5/css/bootstrap.min.css" - "/vender/bootstrap_v3.3.5/css/bootstrap.min.css" -"GET /vender/bootstrap_v3.3.5/css/bootstrap.min.css HTTP/1.1" -"200"     "http://localhost/bbs/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36"  "-"  "0.000" [-] [-]

 



粘一个匹配过程:

        location / {
            root   D:/workspace/webapp;
            index  index.html index.htm;
        }

	location /api {
            proxy_pass   http://localhsot:9090/api;		   
        }
		
		location /topic/view {
            rewrite  /topic/view/(.*) /topic/#/$1 permanent;
        }		
		
		location ~ /topic/module/\d+ {
            if ($args ~ type=(\d+)){
			    #set $type $1;
                #rewrite  /topic/module/(\d+)  /hello/#/$1?cid=$type? permanent;   
                rewrite  /topic/module/(\d+)  /hello/#/$1?cid=$arg_type? permanent;   				
            }  	
            rewrite  /topic/module/(\d+)  /hello/#/$1 permanent;   			
        }

2016/07/12 18:44:23 [debug] 3580#292: post event 0054E058

2016/07/12 18:44:23 [debug] 3580#292: delete posted event 0054E058
2016/07/12 18:44:23 [debug] 3580#292: accept on 0.0.0.0:80, ready: 0
2016/07/12 18:44:23 [debug] 3580#292: malloc: 00512E08:256
2016/07/12 18:44:23 [debug] 3580#292: *89 accept: 127.0.0.1:49491 fd:400
2016/07/12 18:44:23 [debug] 3580#292: *89 event timer add: 400: 60000:3736476011
2016/07/12 18:44:23 [debug] 3580#292: *89 reusable connection: 1
2016/07/12 18:44:23 [debug] 3580#292: *89 select add event fd:400 ev:0
2016/07/12 18:44:23 [debug] 3580#292: *89 post event 0054E0A8
2016/07/12 18:44:23 [debug] 3580#292: *89 delete posted event 0054E0A8
2016/07/12 18:44:23 [debug] 3580#292: *89 http wait request handler
2016/07/12 18:44:23 [debug] 3580#292: *89 malloc: 005211A0:1024
2016/07/12 18:44:23 [debug] 3580#292: *89 WSARecv: fd:400 rc:0 444 of 1024
2016/07/12 18:44:23 [debug] 3580#292: *89 reusable connection: 0
2016/07/12 18:44:23 [debug] 3580#292: *89 malloc: 00518010:4096
2016/07/12 18:44:23 [debug] 3580#292: *89 http process request line
2016/07/12 18:44:23 [debug] 3580#292: *89 http request line: "GET /topic/module/7?channel=3 HTTP/1.1"
2016/07/12 18:44:23 [debug] 3580#292: *89 http uri: "/topic/module/7"
2016/07/12 18:44:23 [debug] 3580#292: *89 http args: "channel=3"
2016/07/12 18:44:23 [debug] 3580#292: *89 http exten: ""
2016/07/12 18:44:23 [debug] 3580#292: *89 http process request header line
2016/07/12 18:44:23 [debug] 3580#292: *89 http header: "Host: localhost"
2016/07/12 18:44:23 [debug] 3580#292: *89 http header: "Connection: keep-alive"
2016/07/12 18:44:23 [debug] 3580#292: *89 http header: "Upgrade-Insecure-Requests: 1"
2016/07/12 18:44:23 [debug] 3580#292: *89 http header: "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
2016/07/12 18:44:23 [debug] 3580#292: *89 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
2016/07/12 18:44:23 [debug] 3580#292: *89 http header: "Accept-Encoding: gzip, deflate, sdch"
2016/07/12 18:44:23 [debug] 3580#292: *89 http header: "Accept-Language: zh-CN,zh;q=0.8"
2016/07/12 18:44:23 [debug] 3580#292: *89 http header: "Cookie: JSESSIONID=608D2B53198A02DE2B977D976A6DE026"
2016/07/12 18:44:23 [debug] 3580#292: *89 http header done
2016/07/12 18:44:23 [debug] 3580#292: *89 event timer del: 400: 3736476011
2016/07/12 18:44:23 [debug] 3580#292: *89 generic phase: 0
2016/07/12 18:44:23 [debug] 3580#292: *89 rewrite phase: 1
2016/07/12 18:44:23 [debug] 3580#292: *89 test location: "/"
2016/07/12 18:44:23 [debug] 3580#292: *89 test location: "api"
2016/07/12 18:44:23 [debug] 3580#292: *89 test location: "topic/view"
2016/07/12 18:44:23 [debug] 3580#292: *89 test location: ~ "/topic/module/\d+"
2016/07/12 18:44:23 [debug] 3580#292: *89 using configuration "/topic/module/\d+"
2016/07/12 18:44:23 [debug] 3580#292: *89 http cl:-1 max:1048576
2016/07/12 18:44:23 [debug] 3580#292: *89 rewrite phase: 3
2016/07/12 18:44:23 [debug] 3580#292: *89 http script var
2016/07/12 18:44:23 [debug] 3580#292: *89 http script var: "channel=3"
2016/07/12 18:44:23 [debug] 3580#292: *89 http script regex: "channel=(\d+)"
2016/07/12 18:44:23 [notice] 3580#292: *89 "channel=(\d+)" matches "channel=3", client: 127.0.0.1, server: localhost, request: "GET /topic/module/7?channel=3 HTTP/1.1", host: "localhost"
2016/07/12 18:44:23 [debug] 3580#292: *89 http script if
2016/07/12 18:44:23 [debug] 3580#292: *89 http script regex: "/topic/module/(\d+)"
2016/07/12 18:44:23 [notice] 3580#292: *89 "/topic/module/(\d+)" matches "/topic/module/7", client: 127.0.0.1, server: localhost, request: "GET /topic/module/7?channel=3 HTTP/1.1", host: "localhost"
2016/07/12 18:44:23 [debug] 3580#292: *89 http script copy: "/bbs/#/"
2016/07/12 18:44:23 [debug] 3580#292: *89 http script capture: "7"
2016/07/12 18:44:23 [debug] 3580#292: *89 http script copy: "?cid="
2016/07/12 18:44:23 [debug] 3580#292: *89 http script var: "3"
2016/07/12 18:44:23 [debug] 3580#292: *89 http script regex end
2016/07/12 18:44:23 [notice] 3580#292: *89 rewritten redirect: "/bbs/#/7?cid=3", client: 127.0.0.1, server: localhost, request: "GET /topic/module/7?channel=3 HTTP/1.1", host: "localhost"
2016/07/12 18:44:23 [debug] 3580#292: *89 http finalize request: 301, "/topic/module/7?channel=3" a:1, c:1
2016/07/12 18:44:23 [debug] 3580#292: *89 http special response: 301, "/topic/module/7?channel=3"
2016/07/12 18:44:23 [debug] 3580#292: *89 http set discard body
2016/07/12 18:44:23 [debug] 3580#292: *89 HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.1
Date: Tue, 12 Jul 2016 10:44:23 GMT
Content-Type: text/html
Content-Length: 185
Location: http://localhost/bbs/#/7?cid=3
Connection: keep-alive

2016/07/12 18:44:23 [debug] 3580#292: *89 write new buf t:1 f:0 0051896C, pos 0051896C, size: 205 file: 0, size: 0
2016/07/12 18:44:23 [debug] 3580#292: *89 http write filter: l:0 f:0 s:205
2016/07/12 18:44:23 [debug] 3580#292: *89 http output filter "/topic/module/7?channel=3"
2016/07/12 18:44:23 [debug] 3580#292: *89 http copy filter: "/topic/module/7?channel=3"
2016/07/12 18:44:23 [debug] 3580#292: *89 http postpone filter "/topic/module/7?channel=3" 00518B04
2016/07/12 18:44:23 [debug] 3580#292: *89 write old buf t:1 f:0 0051896C, pos 0051896C, size: 205 file: 0, size: 0
2016/07/12 18:44:23 [debug] 3580#292: *89 write new buf t:0 f:0 00000000, pos 00EC39D8, size: 132 file: 0, size: 0
2016/07/12 18:44:23 [debug] 3580#292: *89 write new buf t:0 f:0 00000000, pos 00EC3780, size: 53 file: 0, size: 0
2016/07/12 18:44:23 [debug] 3580#292: *89 http write filter: l:1 f:0 s:390
2016/07/12 18:44:23 [debug] 3580#292: *89 http write filter limit 0
2016/07/12 18:44:23 [debug] 3580#292: *89 WSASend: fd:400, s:390
2016/07/12 18:44:23 [debug] 3580#292: *89 http write filter 00000000
2016/07/12 18:44:23 [debug] 3580#292: *89 http copy filter: 0 "/topic/module/7?channel=3"
2016/07/12 18:44:23 [debug] 3580#292: *89 http finalize request: 0, "/topic/module/7?channel=3" a:1, c:1
2016/07/12 18:44:23 [debug] 3580#292: *89 set http keepalive handler
2016/07/12 18:44:23 [debug] 3580#292: *89 http close request
2016/07/12 18:44:23 [debug] 3580#292: *89 http log handler
2016/07/12 18:44:23 [debug] 3580#292: *89 free: 00518010, unused: 1022
2016/07/12 18:44:23 [debug] 3580#292: *89 free: 005211A0
2016/07/12 18:44:23 [debug] 3580#292: *89 hc free: 00000000 0
2016/07/12 18:44:23 [debug] 3580#292: *89 hc busy: 00000000 0
2016/07/12 18:44:23 [debug] 3580#292: *89 tcp_nodelay




上面提到的问题解决了,原因是如下:

2016/07/12 20:13:28 [debug] 4044#3764: *15 http process request line
2016/07/12 20:13:28 [debug] 4044#3764: *15 http request line: "GET /topic/module/7?channel=3 HTTP/1.1"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http uri: "/topic/module/7"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http args: "channel=3"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http exten: ""
2016/07/12 20:13:28 [debug] 4044#3764: *15 http process request header line
2016/07/12 20:13:28 [debug] 4044#3764: *15 http header: "Host: localhost"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http header: "Connection: keep-alive"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http header: "Upgrade-Insecure-Requests: 1"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http header: "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http header: "Accept-Encoding: gzip, deflate, sdch"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http header: "Accept-Language: zh-CN,zh;q=0.8"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http header done
2016/07/12 20:13:28 [debug] 4044#3764: *15 event timer del: 400: 3741821009
2016/07/12 20:13:28 [debug] 4044#3764: *15 generic phase: 0
2016/07/12 20:13:28 [debug] 4044#3764: *15 rewrite phase: 1
2016/07/12 20:13:28 [debug] 4044#3764: *15 test location: "/"
2016/07/12 20:13:28 [debug] 4044#3764: *15 test location: "api"
2016/07/12 20:13:28 [debug] 4044#3764: *15 test location: "topic/view"
2016/07/12 20:13:28 [debug] 4044#3764: *15 test location: ~ "/topic/module/\d+"
2016/07/12 20:13:28 [debug] 4044#3764: *15 using configuration "/topic/module/\d+"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http cl:-1 max:1048576
2016/07/12 20:13:28 [debug] 4044#3764: *15 rewrite phase: 3
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script var
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script var: "channel=3"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script regex: "channel=(\d+)"
2016/07/12 20:13:28 [notice] 4044#3764: *15 "channel=(\d+)" matches "channel=3", client: 127.0.0.1, server: localhost, request: "GET /topic/module/7?channel=3 HTTP/1.1", host: "localhost"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script if
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script regex: "/topic/module/(\d+)"
2016/07/12 20:13:28 [notice] 4044#3764: *15 "/topic/module/(\d+)" matches "/topic/module/7", client: 127.0.0.1, server: localhost, request: "GET /topic/module/7?channel=3 HTTP/1.1", host: "localhost"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script copy: "/bbs/#/"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script capture: "7"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script args
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script copy: "cid="
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script var: "3"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http script regex end
2016/07/12 20:13:28 [notice] 4044#3764: *15 rewritten data: "/bbs/#/7", args: "cid=3", client: 127.0.0.1, server: localhost, request: "GET /topic/module/7?channel=3 HTTP/1.1", host: "localhost"
2016/07/12 20:13:28 [debug] 4044#3764: *15 post rewrite phase: 4
2016/07/12 20:13:28 [debug] 4044#3764: *15 uri changes: 11
2016/07/12 20:13:28 [debug] 4044#3764: *15 test location: "/"
2016/07/12 20:13:28 [debug] 4044#3764: *15 test location: "api"
2016/07/12 20:13:28 [debug] 4044#3764: *15 test location: "topic/view"
2016/07/12 20:13:28 [debug] 4044#3764: *15 test location: ~ "/topic/module/\d+"
2016/07/12 20:13:28 [debug] 4044#3764: *15 using configuration "/"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http cl:-1 max:1048576
2016/07/12 20:13:28 [debug] 4044#3764: *15 rewrite phase: 3
2016/07/12 20:13:28 [debug] 4044#3764: *15 post rewrite phase: 4
2016/07/12 20:13:28 [debug] 4044#3764: *15 generic phase: 5
2016/07/12 20:13:28 [debug] 4044#3764: *15 generic phase: 6
2016/07/12 20:13:28 [debug] 4044#3764: *15 generic phase: 7
2016/07/12 20:13:28 [debug] 4044#3764: *15 access phase: 8
2016/07/12 20:13:28 [debug] 4044#3764: *15 access phase: 9
2016/07/12 20:13:28 [debug] 4044#3764: *15 access phase: 10
2016/07/12 20:13:28 [debug] 4044#3764: *15 post access phase: 11
2016/07/12 20:13:28 [debug] 4044#3764: *15 content phase: 12
2016/07/12 20:13:28 [debug] 4044#3764: *15 content phase: 13
2016/07/12 20:13:28 [debug] 4044#3764: *15 content phase: 14
2016/07/12 20:13:28 [debug] 4044#3764: *15 content phase: 15
2016/07/12 20:13:28 [debug] 4044#3764: *15 content phase: 16
2016/07/12 20:13:28 [debug] 4044#3764: *15 content phase: 17
2016/07/12 20:13:28 [debug] 4044#3764: *15 http filename: "D:/workspace/webapp/bbs/#/7"
2016/07/12 20:13:28 [debug] 4044#3764: *15 add cleanup: 00DF8948
2016/07/12 20:13:28 [error] 4044#3764: *15 CreateFile() "D:/workspace/webapp/bbs/#/7" failed (3: The system cannot find the path specified), client: 127.0.0.1, server: localhost, request: "GET /topic/module/7?channel=3 HTTP/1.1", host: "localhost"
2016/07/12 20:13:28 [debug] 4044#3764: *15 http finalize request: 404, "/bbs/#/7?cid=3" a:1, c:1
2016/07/12 20:13:28 [debug] 4044#3764: *15 http special response: 404, "/bbs/#/7?cid=3"
2016/07/12 20:13:28 [debug] 4044#3764: *15 internal redirect: "/404.html?"



报错:

2017/02/16 11:36:39 [emerg] 4008#0: bind() to 0.0.0.0:80 failed (13: Permission denied)
2017/02/16 11:36:57 [error] 4013#0: *2 "/home/ec2-user/nginx/html/index.html" is forbidden (13: Permission denied), client: 196.1.1.200, server: localhost, request: "GET / HTTP/1.1", host: "196.1.1.100"
2017/02/16 11:36:58 [error] 4013#0: *2 "/home/ec2-user/nginx/html/index.html" is forbidden (13: Permission denied), client: 196.1.1.200, server: localhost, request: "GET / HTTP/1.1", host: "196.1.1.100"
2017/02/16 11:37:02 [error] 4013#0: *2 "/home/ec2-user/nginx/html/index.html" is forbidden (13: Permission denied), client: 196.1.1.200, server: localhost, request: "GET / HTTP/1.1", host: "196.1.1.100"
2017/02/16 11:40:16 [emerg] 4031#0: bind() to 0.0.0.0:80 failed (13: Permission denied)
2017/02/16 11:40:43 [error] 4037#0: *1 "/home/ec2-user/nginx/html/index.html" is forbidden (13: Permission denied), client: 196.1.1.200, server: localhost, request: "GET / HTTP/1.1", host: "196.1.1.100"
2017/02/16 11:40:44 [error] 4037#0: *1 "/home/ec2-user/nginx/html/index.html" is forbidden (13: Permission denied), client: 196.1.1.200, server: localhost, request: "GET / HTTP/1.1", host: "196.1.1.100"
2017/02/16 11:40:45 [error] 4037#0: *1 "/home/ec2-user/nginx/html/index.html" is forbidden (13: Permission denied), client: 196.1.1.200, server: localhost, request: "GET / HTTP/1.1", host: "196.1.1.100"
2017/02/16 11:43:11 [error] 4037#0: *2 "/home/ec2-user/nginx/html/index.html" is forbidden (13: Permission denied), client: 196.1.1.200, server: localhost, request: "GET / HTTP/1.1", host: "196.1.1.100"

解决办法:

One permission requirement that is often overlooked is a user needs x permissions in every parent directory of a file to access that file. Check the permissions on /, /home, /home/demo, etc. for www-data x access. My guess is that /home is probably 770 and www-data can't chdir through it to get to any subdir. If it is, try chmod o+x /home (or whatever dir is denying the request).

EDIT: To easily display all the permissions on a path, you can use namei -om /path/to/check

Same here. On my install of CentOS 6, /home/user dirs are set to 700 by default.

 

http://stackoverflow.com/questions/6795350/nginx-403-forbidden-for-all-files

 

问题:
2017/10/27 17:16:17 [alert] 1347#0: *19916 socket() failed (24: Too many open files) while connecting to upstream, client: 120.132.18.132, server: _, request: "GET /admin/v1/evaluation/careers HTTP/1.1", upstream: "http://10.25.174.68:5000/admin/v1/evaluation/careers", host: "120.132.18.132", referrer: "http://1gepingguo.cn/swagger-ui.html"
2017/10/27 17:16:17 [crit] 1347#0: *19916 open() "/usr/share/nginx/html/50x.html" failed (24: Too many open files), client: 120.132.18.132, server: _, request: "GET /admin/v1/evaluation/careers HTTP/1.1", upstream: "http://10.25.174.68:5000/admin/v1/evaluation/careers", host: "120.132.18.132", referrer: "http://1gepingguo.cn/swagger-ui.html"
2017/10/27 17:21:30 [notice] 1373#0: signal process started
解决办法:

#nginx worker进程运行用户以及用户组 
user  nobody nobody;

#nginx worker数量
worker_processes  4;

#全局错误日志文件,日志输出级别有debug、info、notice、warn、error、crit(类似于Python中的logging)
error_log  logs/error.log  notice;

#指定主进程id的存储文件位置
pid        logs/nginx.pid;

#指定一个nginx进程可以打开的最多文件描述符数目
worker_rlimit_nofile 65535; //增加此配置

#设定nginx的工作模式及连接数上限
events{
      use epoll; #linux 服务器的优点所在
      worker_connections      65536;#设定worker的最大连接数
}

http://inbank2012.blog.51cto.com/6302802/1097939
http://www.cnblogs.com/coder2012/p/4072387.html


 




 

网友评论

登录后评论
0/500
评论
developerguy
+ 关注