nginx安装和前端访问配置以及403 Forbidden解决方案
作者:weixin_44956870
本文介绍CentOS下Nginx安装与配置,包括安装命令、配置文件路径、启动及重启方法,并详细说明多个前端站点的代理设置与缓存策略,同时提供解决403错误的权限检查及SELinux调整方案
nginx安装
- 安装命令(centos环境):
sudo yum install epel-release(本次安装nginx未执行该条命令) sudo yum install nginx
- 配置文件位置:
/etc/nginx/nginx.conf
- 启动:
sudo systemctl start nginx
- 配置开机启动:
sudo systemctl enable nginx
- 重启:
/usr/sbin/nginx -s reload sudo systemctl daemon-reload
前端nginx访问配置
8001系统+10002系统+10003系统+10005系统
server {
listen 10003;
server_name web.zc.com;
index index.php index.html index.htm default.php default.htm default.html;
root /mnt/web/zc-web/dist;
try_files $uri $uri/ /index.html; # 将所有请求导 index.html
#PROXY-START/
location ~ ^/prod-api(.*)$ {
rewrite ^/prod-api(.*)$ $1 break;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_filedaYAOiSb 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_filedaYAOiSb 1;
expires 1m;
}
if ( $static_filedaYAOiSb = 0 )
{
add_header Cache-Control no-cache;
}
}
#PROXY-END/
}
server {
listen 10005;
server_name client.zc.com;
index index.php index.html index.htm default.php default.htm default.html;
root /mnt/web/zc-client/dist;
try_files $uri $uri/ /index.html; # 将所有请求导 index.html
#PROXY-START/
location ~ ^/dev-api(.*)$ {
rewrite ^/dev-api(.*)$ $1 break;
proxy_pass http://127.0.0.1:8080;
}
location ~ ^/prod-api(.*)$ {
rewrite ^/prod-api(.*)$ $1 break;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_filedaYAOiSb 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_filedaYAOiSb 1;
expires 1m;
}
if ( $static_filedaYAOiSb = 0 )
{
add_header Cache-Control no-cache;
}
}
#PROXY-END/
}
server {
listen 10002;
server_name jetlinks.zc.com;
index index.php index.html index.htm default.php default.htm default.html;
root /mnt/web/jetlinks/dist;
try_files $uri $uri/ /index.html; # 将所有请求导 index.html
#PROXY-START/
location ~ ^/api(.*)$ {
rewrite ^/api(.*)$ $1 break;
proxy_pass http://127.0.0.1:9999;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; # 【可选】开启websocket协议
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_filedaYAOiSb 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_filedaYAOiSb 1;
expires 1m;
}
if ( $static_filedaYAOiSb = 0 )
{
add_header Cache-Control no-cache;
}
}
#PROXY-END/
}
server {
listen 8001;
server_name icp.zc.com;
index index.php index.html index.htm default.php default.htm default.html;
root /mnt/web/icp/dist;
try_files $uri $uri/ /index.html; # 将所有请求导 index.html
#PROXY-START/
location ~ ^/icp-api(.*)$ {
rewrite ^/icp-api(.*)$ $1 break;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_filedaYAOiSb 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_filedaYAOiSb 1;
expires 1m;
}
if ( $static_filedaYAOiSb = 0 )
{
add_header Cache-Control no-cache;
}
}
#PROXY-END/
}nginx访问 403 Forbidden
[root@yutu-node3 ~]# curl http://localhost:8001 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.20.1</center> </body> </html>
(1)检查文件或目录的权限,确保 Nginx 用户(通常是 www-data、nginx 或 nobody)有读取权限
ll /path/to/your/file chmod -R 755 /path/to/your/file # 确保目录文件可读 chown -R nginx:nginx /path/to/your/directory # 确保 Nginx 用户有权限
(2)如果服务器启用了 SELinux 或 AppArmor,可能会限制 Nginx 访问某些文件或目录。
chcon -R -t httpd_sys_content_t /path/to/your/directory
(3)清除 Nginx 缓存并重新加载配置
nginx -s reload
【终极大法】临时关闭 SELinux,建议避免使用:
setenforce 0
总结
以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。