问题
I am trying to set up roundcube / phpldapadmin / ... with nginx on relative urls, e.g.:
example.com/roundcube
example.com/phpldapadmin
First of all, everything was working fine with Apache 2.4. I have the following folders:
# roundcube
/var/www/roundcube
# phpldapadmin
/usr/share/phpldapadmin
I have the following location for roundcube:
location /roundcube/ {
root /var/www;
index index.php;
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Which works fine, but the following for phpldapadmin does not work:
location /phpldapadmin/ {
alias /usr/share/phpldapadmin/htdocs;
index index.php index.html index.htm;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I get a 403 forbidden, with the following logs:
2016/02/07 21:43:33 [error] 23047#0: *1 directory index of "/usr/share/phpldapadmin/htdocs" is
forbidden, client: xxx.xxx.xxx.xxx, server: ****, request: "GET /phpldapadmin/ HTTP/1.1",
host: "****"
I checked the permission:
$ namei -om /usr/share/phpldapadmin/htdocs
f: /usr/share/phpldapadmin/htdocs
drwxr-xr-x root root /
drwxr-xr-x root root usr
drwxr-xr-x root root share
drwxr-xr-x root root phpldapadmin
drwxr-xr-x root www-data htdocs
$ ls -l /usr/share/phpldapadmin/htdocs/index.php
-rw-r--r-- 1 root root 20036 Oct 28 17:32 /usr/share/phpldapadmin/htdocs/index.php
I tried changing the owner to :www-data but it did not work. When I tried the following for roundcube it did not work:
location /roundcube/ {
alias /var/www/roundcube;
...
}
I am thinking that this is probably a problem with a trailing /, or something similar, but I am really new to nginx so I can't find it...
Basically, I have the inverse problem of this question : https://stackoverflow.com/questions/31820362/nginx-403-directory-is-forbidden-when-using-root-location
回答1:
The location and alias should both have a trailing / or neither have a trailing /. But in your case, you should be using root instead of alias for both location blocks.
location /roundcube {
root /var/www;
index index.php;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
location /phpmyadmin {
root /usr/share;
index index.php index.html index.htm;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
The fastcgi_index will not do anything in a location that only matches .php (see this document).
The SCRIPT_FILENAME parameter is needed in both blocks (or neither if it is already in /etc/nginx/fastcgi_params).
回答2:
Alternatively you can try to write at the top of nginx.conf >> user username
Since I am using AWS Linux EC2 instance I wrote
user ec2-user;
instead of
user nginx;
This solves the problem by giving all the required permissions
来源:https://stackoverflow.com/questions/35259014/forbidden-location-when-using-alias-in-nginx-for-relative-urls