Nginx 403 problem summary

1. No permission problem

On Linux, if nginx does not have access to the web directory, the 403 error will also occur. Solution: Change the read and write permissions of the web directory, or change the nginx startup user to the owning user of the directory, and restart nginx. (On Windows, use the administrator to start nginx.)

 chmod -R 777 /data
 chmod -R 777 /data/www/
Copy the code

2. The startup user and nginx working user are inconsistent

Nginx is started as user “nobody” and root is used.

ps aux | grep "nginx: worker process" | awk'{print $1}'
Copy the code

Change the user of nginx.config to be the same as the startup user

vi conf/nginx.conf
Copy the code

3, some connection access error 403

Error 403 occurred on some interfaces. I just did the server request address forwarding, so there is no cross-domain. Content-type: Application/x-ww-form-urlencoded, jquery does not have content-Type by default because some requests do not use form-data, The nginx proxy has modified your request-header configuration as follows

	#nginx proxy configuration
	location /hello{
	    proxy_pass http://192.168.0.100:8088/adminPage;
	    # do not change the request header information, other redundant parameters are removed
	    proxy_set_header Host $http_host;
	  }
Copy the code

4. Complete the configuration as follows


#user nobody; Configure the user or user group. Default is nobody
worker_processes  1; # Number of processes allowed to be generated. Default is 1

Specify log path, level. This setting can fit into global blocks, HTTP blocks, Server blocks,
# level as: debug | info | notice | warn | error | crit | alert | emerg
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid; # specify the location where nginx run files are stored

events {
    worker_connections  1024;    # Maximum number of connections. Default is 512
    accept_mutex on;   Set network connection serialization to prevent stampedes. Default is on
    multi_accept on;  Set whether a process accepts multiple network connections at the same time. Default: off
    #use epoll; # event driven model, select | poll | kqueue | epoll | who | / dev/poll | eventport
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    # '$status $body_bytes_sent "$http_referer" '
    # '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log logs/access.log main;

    sendfile        on;
    #tcp_nopush on;

    #keepalive_timeout 0;
    keepalive_timeout  65;

    #gzip on;
	  
   
	 upstream tomcat {
        server 192.168. 0100.: 8088;
     }
	 
    server {
        listen       919;
        server_name  222.221120.152.;
	#header Name contains an underscore
	underscores_in_headers on; 
	charset utf-8; # Encoding Settings
	Enable gzip compression
        # Gzip module Settings
        gzip on; # Enable gzip compressed output
        gzip_min_length 1k; Minimum compressed file size
        gzip_buffers 4 16k; # compress buffer
        gzip_http_version 1.0; Compressed version (default 1.1, use 1.0 if squid2.5)
        gzip_comp_level 2; # Compression level
        gzip_types text/plain application/x-javascript text/css application/xml;
        The default compression type already contains text/ HTML, so there is no need to write it below. There will be no problem writing it, but there will be a WARN.
        gzip_vary on;

        #charset koi8-r;
	    #charset utf-8,gbk; # Avoid Chinese garbled characters
        #root D:/senta/dist;

        #access_log logs/host.access.log main;
	
	 location / {
             This specifies the location of the folder to be accessed
            root  D:/htmlPage/;
            index  index.html index.htm;
		    try_files  $uri $uri/ /index.html;
		    #limit_rate 1280k; # Limit speed
		    client_max_body_size  100M;
		    allow all;
            autoindex on;
		    proxy_set_header X-Real-IP  $remote_addr;
		    proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            add_header 'Access-Control-Allow-Headers' 'Content-Type';
            add_header 'Access-Control-Allow-Methods' 'GET';
            add_header 'Access-Control-Allow-Methods' 'POST';
            add_header 'Access-Control-Allow-Methods' 'DELETE';
			add_header 'Access-Control-Allow-Methods' 'PUT';
			add_header 'Access-Control-Allow-Credentials' 'true';
			add_header 'Access-Control-Allow-Origin' The '*';
			proxy_connect_timeout       600s;
            proxy_read_timeout          600s;
            proxy_send_timeout          600s; 
            access_log off;
			break;
        }		
		
		#nginx proxy configuration
	location /hello{
			proxy_pass http://tomcat/adminPage;
			proxy_set_header Host $http_host; 
		}
		
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;}}}Copy the code

1. No permission problem

2. The startup user and nginx working user are inconsistent

3, some connection access error 403

4. Complete the configuration as follows

Related Posts

Interviewer asks: What is a Bloom filter?

10 Surprisingly useful Docker Tips

As a professional independent PaaS manufacturer, Boyun was selected into the Chinese PaaS market research report