https禁止nginx 403

时间:2019-01-02 23:15:36

标签: node.js nginx centos

我在DigitalOcean上创建了Droplet,在其上设置了我的nodeJS应用程序,连接了我的域,一切正常,但是我想设置https和我安装了所有证书等。我在CentOS 7.5上运行它,我的nodeJS应用程序位于此目录中:

/home/mdurakovic/mensurdurakovic.com

HTTP可以正常工作,但是当我尝试使用HTTPS打开网站时,我在浏览器中收到错误消息

403 Forbidden nginx/1.12.2

所以我在nginx日志中查找,然后看到此错误:

2019/01/02 23:03:39 [error] 11014#0: *1 directory index of "/home/mdurakovic/mensurdurakovic.com/public/" is forbidden, client: 213.149.62.113, server: mensurdurakovic.com, request: "GET / HTTP/2.0", host: "mensurdurakovic.com"

我更改了组权限,因此在执行此命令时:

f: /home/mdurakovic/mensurdurakovic.com/public/
dr-xr-xr-x root       root  /
drwxr-xr-x root       root  home
drwx--x--- mdurakovic nginx mdurakovic
drwxrwxrwx nginx      nginx mensurdurakovic.com
drwxrwxrwx nginx      nginx public

您可以清楚地看到,nginx有权执行用户的主目录,但仍然无法正常工作。任何帮助将不胜感激。

编辑: 这是我的/etc/nginx/conf.d/mensurdurakovic.com.conf文件:

server {
    listen 80;
    server_name  mensurdurakovic.com;

    location / {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://68.183.69.186:8080;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name mensurdurakovic.com;
    root /home/mdurakovic/mensurdurakovic.com/public;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /etc/letsencrypt/live/mensurdurakovic.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mensurdurakovic.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-$
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    resolver 8.8.8.8;

}

1 个答案:

答案 0 :(得分:1)

您正在让您的http连接代理发出请求,但没有https。如果您在ssl配置中添加了一个块(并删除了root和resolver),则它应该可以正常工作:

location / {
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://68.183.69.186:8080;
}
相关问题
最新问题