它只在子域中发生在我身上,其余的效果很好:
如果索引其扩展名是 htm 或 html 给出错误:
“403 禁止”
如果索引其扩展名是 php 尝试下载。
/ srv / www 中的权限对于所有子域都是相同的,并且它们有效。
我把配置conf:
server {
## Escucha en el puerto 80 (HTTP)
listen 80;
server_name musica.domain.com;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
## Escucha en el puerto 443 (HTTPS)
listen 443 ssl http2;
server_name musica.domain.com;
## Certificados
ssl_certificate /etc/letsencrypt/live/musica.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/musica.domain.com/privkey.pem;
include snippets/ssl-params.conf;
access_log /var/log/nginx/musica_access.log;
error_log /var/log/nginx/musica_error.log;
root /srv/www/sonerezh;
index index.html index.htm index.php;
location ~ /.well-known {
allow all;
}
location / {
# try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/musica.sock;
#fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}
该nginx -T
命令显示您实际上正在读取子域配置文件。
子域访问日志:
195.16.143.6 - - [01/Jun/2017:09:16:29 +0200] "GET /favicon.ico HTTP/1.1" 404 143 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"
195.16.143.6 - - [01/Jun/2017:09:17:26 +0200] "GET / HTTP/1.1" 200 90 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"
195.16.143.6 - - [01/Jun/2017:10:09:59 +0200] "GET / HTTP/1.1" 200 90 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"
195.16.143.6 - - [01/Jun/2017:10:10:37 +0200] "GET / HTTP/1.1" 403 143 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"
子域错误日志:
2017/06/01 09:16:29 [error] 3464#3464: *2295 open() "/srv/www/sonerezh/favicon.ico" failed (2: No such file or directory), client: 195.16.143.6, server: musica.domain.com, request: "GET /favicon.ico HTTP/1.1", host: "musica.domain.com"
2017/06/01 09:16:29 [error] 3464#3464: *2295 open() "/srv/www/sonerezh/favicon.ico" failed (2: No such file or directory), client: 195.16.143.6, server: musica.domain.com, request: "GET /favicon.ico HTTP/1.1", host: "musica.domain.com"
2017/06/01 10:10:37 [error] 3466#3466: *2350 directory index of "/srv/www/sonerezh/" is forbidden, client: 195.16.143.6, server: musica.domain.com, request: "GET / HTTP/1.1", host: "musica.domain.com"
nginx.conf
:
user bichomen bichomen;
worker_processes auto;
worker_rlimit_nofile 2048;
#pcre_jit on;
pid /var/run/nginx.pid;
# [ debug | info | notice | warn | error | crit ]
error_log /var/log/nginx.error_log info;
events {
worker_connections 2000;
# use [ kqueue | epoll | /dev/poll | select | poll ];
# use poll;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_lowat 12000;
keepalive_timeout 75 20;
#lingering_time 30;
#lingering_timeout 10;
#reset_timedout_connection on;
include sites-enabled/*.conf;
}
权限:
$ ls -l /srv/www/
drwxr-x--x 4 bichomen bichomen 4096 Jun 1 10:10 sonerezh
$ ls -l /srv/www/sonerezh/
-rw-rw-r-- 1 bichomen bichomen 90 Jun 1 09:15 index.html
已经解决了安装nginx的所有问题:
https://github.com/Sonerezh/sonerezh/issues/305