Nginx 403 forbidden

1、没有权限问题

Linux系统中如果Nginx没有web目录的操作权限，也会出现403错误。解决办法：修改web目录的读写权限，或者是把Nginx的启动用户改成目录的所属用户，重启Nginx即可解决。(windows 下则用管理员启动nginx即可)。

 chmod -R 777 /datachmod -R 777 /data/www/

2、由于Nginx启动用户和Nginx工作用户不一致所致

Linux 查看Nginx的启动用户，发现是nobody，而为是用root启动的(windows一般不存在)

# 查看Nginx的运行进程
ps aux | grep nginx

如下图：

将nginx.config的user改为和启动用户一致。

vim ./nginx.config

3、部分连接访问出现403错误

Nginx 配置服务转发，部分接口出现403错误，我只是做服务器请求地址转发所以根本不存在跨域，猜想是NGINX将请求信息改变了导致无法正常访问，F12查看错误的请求接口中不存在 Content-Type:application/x-www-form-urlencoded，由于某些请求没有用form-data jquery默认就没有Content-Type， Nginx代理修改了你的request-header,修改配置如下

# nginx代理配置
location /cbda-module-common-authority {#不更改请求头信息,其他多余参数全部去掉proxy_set_header Host $http_host; #nginx1.20.1版本可用此配置  #proxy_set_header Host $host; #如果是nginx1.18.0使用proxy_pass http://gatewayservers;
}

4、完整配置如下


user  root; #设置用户
worker_processes  4; # 设置进程数
worker_cpu_affinity auto; #设置进程自动绑定cpu
worker_rlimit_nofile 65535; #设置访问文件的句柄数#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;events {worker_connections  10240;multi_accept on;use epoll;
}http {include       mime.types;default_type  application/octet-stream;#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '#                  '$status $body_bytes_sent "$http_referer" '#                  '"$http_user_agent" "$http_x_forwarded_for"';#access_log  /soft/service/nginx_1.18.0/nginx-1.18.0-install/logs/access.log  main;sendfile        on;tcp_nopush     on;keepalive_timeout  65;tcp_nodelay on;open_file_cache max=102400 inactive=20s;open_file_cache_valid 30s;open_file_cache_min_uses 1;client_header_timeout 30;client_body_timeout 30;reset_timedout_connection on;send_timeout 30;server_tokens off;client_header_buffer_size 1m;large_client_header_buffers 4 1m;client_body_buffer_size 300m;client_body_temp_path /usr/local/service/nginx-1.20.1/client_body_temp;#add_header 'Access-Control-Allow-Origin' '*';add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';gzip on;   #表示开启压缩功能gzip_min_length 2k;  #表示允许压缩的页面最小字节数，页面字节数从header头的Content-Length中获取，默认值为0，表示不管页面多大都进行压缩，设置建议设大于1k。如果小于1k可能会越压越大。gzip_buffers 4 5m; #压缩缓存区大小gzip_http_version 1.1; #压缩版本gzip_comp_level 6; #压缩比率，一般选择4-6，为了性能gzip_typs text/css text/xml application/javascript; #指>定压缩的类型 gzip_vary on; #vary header支持;gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript  application/xml  application/x-httpd-php image/jpeg image/gif image/png image/icon image/jpg;gzip_vary on; #varyheader支持，改选项可以让前端的缓存服务器缓存经过GZIP压缩的页面，例如用Squid缓存经过nginx压缩的数据。upstream gatewayservers {server 192.168.66.142:30858;}server {listen       30857;server_name  localhost;charset utf-8;#access_log  /soft/service/nginx_1.18.0/nginx-1.18.0-install/logs/host.access.log  main;location / {root   /usr/local/service/issue-management-1.0/cbdacim-vue-ui/dist;index  index.html index.htm;try_files $uri $uri/ /index.html;}location /cbda-module-common-authority {proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Host $host;proxy_set_header X-Forwarded-Server $host;proxy_set_header Host $http_host;proxy_set_header accept-encodeing 'gzip, deflate';#proxy_set_header content-type 'application/json';proxy_set_header X-Real-IP $remote_addr;proxy_set_header authorization $http_authorization;proxy_set_header accept '*/*';proxy_set_header x-bce-date $http_x_bce_date;proxy_connect_timeout 300;proxy_send_timeout 300;proxy_read_timeout 300;client_max_body_size	300m;proxy_pass http://gatewayservers;}#静态资源缓存过期设置#location ~* \.(ico|jpeg|gif|png|bmp|swf|flv)$ {#expires 30d;  #过期时间为30天#log_not_found off;#access_log off;#}#location ~* \.(js|css)$ {#expires 7d;#log_not_found off;#access_log off;#}#error_page  404              /404.html;# redirect server error pages to the static page /50x.htmlerror_page   500 502 503 504  /50x.html;location = /50x.html {root   html;}}# another virtual host using mix of IP-, name-, and port-based configuration##server {#    listen       8000;#    listen       somename:8080;#    server_name  somename  alias  another.alias;#    location / {#        root   html;#        index  index.html index.htm;#    }#}# HTTPS server##server {#    listen       443 ssl;#    server_name  localhost;#    ssl_certificate      cert.pem;#    ssl_certificate_key  cert.key;#    ssl_session_cache    shared:SSL:1m;#    ssl_session_timeout  5m;#    ssl_ciphers  HIGH:!aNULL:!MD5;#    ssl_prefer_server_ciphers  on;#    location / {#        root   html;#        index  index.html index.htm;#    }#}}

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/news/693776.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！