I got node.js express site on port 3000. And it is configured to work with nginx.
It worked well through nginx until I decided to configure nginx to get css, js and image files directly from public folder without node.js express:
/etc/nginx/sites-enabled# cat myDomain.com.public
server {
listen 80;
server_name myDomain.com;
access_log /var/log/nginx/myDomain.com.access.log;
location / {
proxy_pass http://127.0.0.1:3000/;
}
location ~ ^/(images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /root/pathToNodeJsExpressSiteFolder/public;
access_log off;
expires max;
}
}
But now this site works without css and js. It returns 403 forbidden requesting them:
style.css
/stylesheets
GET
403
Forbidden
What I did wrong?
it requires both read and execute privilege to the directory and all parent directories of this directory for those static resources on file system for nginx. If you found some entries in your nginx error log like:
open() "/root/pathToNodeJsExpressSiteFolder/public/stylesheets/style.css" failed (13: Permission denied)
Then you need:
$ sudo chmod +rx /root/pathToNodeJsExpressSiteFolder/public
$ sudo chmod +rx /root/pathToNodeJsExpressSiteFolder
$ sudo chmod +rx /root
Note: $ sudo chmod +rx /root is not recommended because it always limits non-root user to access /root.
A 403 forbidden response may be related to the nginx process don't having permission to read the files. Check that the folder public is recursively readable by the user running nginx and change the permissions if needed:
sudo chmod -R 744 /root/pathToNodeJsExpressSiteFolder/public
Related
I have nginx in a docker container. My docker-compose.yml is like this (simplified):
nginx:
volumes:
- /var/www/html:/www/:rw
- /media/storage:/storage/:rw
Where /var/www/html is my website root and /media/storage is an external drive in my host machine (Azure).
Now I'm trying to point the website URL example.com/downloads to /storage but without success. My nginx/conf.d/example.com.conf is as following (simplified):
server {
listen 80 default;
server_name example.com;
# this works
root /www;
index index.php;
# this get a 404 error
location /downloads{
root /storage;
}
}
But I get a 404 error for example.com/downloads. What am I forgetting here? The file permissions and owner to both paths are the same. I don't know if the bad configuration is in example.com.conf or in docker-compose.yml. How should I configure these?
I solved this myself using alias /storage; instead of root /storage.
I am inside /root directory and I have a folder inside it called testfolder. Inside that folder I have a bunch of folders and subfolders which I want to host on the nginx server.
I am running the following command to start my Nginx server:
docker run --name file-server -v $(pwd)/testfolder:/app -p 8080:80 -d nginx
/etc/nginx/sites-available/default file has the following contents:
location /testfolder {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
alias /root/testfolder/;
autoindex on;
try_files $uri $uri/ =404;
}
Now when I start my server and hit /testfolder, It gives me a 403 error
Serving static files using nginx as web server is a good option.
For making the static files available you need to copy your testfolder to /usr/share/nginx/html inside the nginx image. After which you will be able to see the files on your browser on port 8080.
Docker cmd:-
docker run -it --rm -d -p 8080:80 --name web -v ~/code/docker/testfolder:/usr/share/nginx/html nginx
For accessing the directory in list view for static files, we need to create a custom nginx conf file and pass it to the nginx container.
Ex:-
Docker command:-
docker run -it --rm -d -p 8080:80 --name web -v ~/code/nginx-static:/usr/share/nginx/html -v ~/code/nginx-static/default.conf:/etc/nginx/conf.d/default.conf nginx
default.conf:-
server{
listen 80 default_server;
listen [::]:80 default_server;
location / {
autoindex on;
root /usr/share/nginx/html;
}
}
I'm trying to upload/download a .pdf file in Nginx, but it's returning error 502, before the proccess, the program insert data in mysql, and it's normal, only when trying to upload a file.
/etc/nginx/sites-available/projectexample
server {
listen 80;
server_name xxx.xx.xxx.xxx;
location / {
uwsgi_pass unix:///home/user/projectexample/projectexample.sock
include uwsgi_params:
}
}
I have tried another posts in stackoverflow, but nothing work.
Thanks
I tried, and works
sudo chown myusername:www-data
I'm doing this tutorial to setup my django application to run on nginx. Everything works except for nginx serving the wsgi it is supposedly listening for on port 8001.
I run uwsgi with uwsgi --socket :8001 -b 32000 --wsgi-file test.py - this can be served as http on port 8000 fine as earlier in the tutorial.
Below is my .conf file, but some things I am confused about is what should be in the /etc/nginx/sites-*/ folders. Currently I have a symlink of the below .conf file in the sites-enabled directory.
# mysite_nginx.conf
# the upstream component nginx needs to connect to
upstream django {
# server unix:///path/to/your/mysite/mysite.sock; # for a file socket
server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 8000;
# the domain name it will serve for
server_name 127.0.0.1; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias _; # your Django project's media files - amend as required
}
location /static {
alias ~/path/i/changed/to/app/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include ~/path/i/changed/to/uwsgi_params; # the uwsgi_params file you installed
}
}
I got this to work by launching nginx with a specified config file, i.e. nginx -c /path/to/mycoolsite_nginx.conf. Still not sure what the sites-* folders are actually for...
I installed Nginx using Ansible. To install on Centos7 I used the yum package so it by default was run as root user. I want it to start and run as a different user (ex - nginx user) in the Centos box. When I try to run it with a different user I get the following error:
Job for nginx.service failed because the control process exited with
error code. See "systemctl status nginx.service" and "journalctl -xe"
for details.
I know it's not advisable to run as root. So how do I get around this and run nginx as a non root user. Thanks
Add/Change the following in your /etc/nginx/nginx.conf:
user nginx;
You should create the user and grant permissions on the webroot directories recursively.
This way only master process runs as root. Because: Only root processes can listen to ports below 1024. A webserver typically runs at port 80 and/or 443. That means it needs to be started as root.
Note from the documentation on master and worker processes:
The main purpose of the master process is to read and evaluate
configuration files, as well as maintain the worker processes.
The worker processes do the actual processing of requests.
To run master process as non root user:
Change the ownership of the files whose path are specified by following Nginx directives:
error_log
access_log
pid
client_body_temp_path
fastcgi_temp_path
proxy_temp_path
scgi_temp_path
uwsgi_temp_path
Change the listen directives to ports above 1024, log in as desired user and run nginx by nginx -c /path/to/nginx.conf
Just in case it helps, for testing/debugging purpose, I sometimes run an nginx instance as a non privileged user on my Debian (stretch) laptop.
I use a minimal config file like this:
worker_processes 1;
error_log stderr;
daemon off;
pid nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log access.log;
server {
listen 8080;
server_name localhost;
location / {
include /etc/nginx/uwsgi_params;
uwsgi_pass localhost:8081;
}
}
}
and I start the process with:
/usr/sbin/nginx -c nginx.conf -p $PWD
Just in case it helps someone stumbling over this question in 2020, here is my minimal nginx.conf for running a web server on port 8088, works for a non-root user. No modding of file permissions necessary! (Tested on Centos 7.4 with nginx 1.16.1)
error_log /tmp/error.log;
pid /tmp/nginx.pid;
events {
# No special events for this simple setup
}
http {
server {
listen 8088;
server_name localhost;
# Set a number of log, temp and cache file options that will otherwise
# default to restricted locations accessible only to root.
access_log /tmp/nginx_host.access.log;
client_body_temp_path /tmp/client_body;
fastcgi_temp_path /tmp/fastcgi_temp;
proxy_temp_path /tmp/proxy_temp;
scgi_temp_path /tmp/scgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
# Serve local files
location / {
root /home/<your_user>/web;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
}
Why not use the rootless bitnami/nginx image:
$ docker run --name nginx bitnami/nginx:latest
More info
To verify it is not running as root but as your standard user (belonging to the docker group):
$ docker exec -it nginx id
uid=1**8 gid=0(root) groups=0(root)
And to verify that Nginx isn't listening to a root-restricted port 443 even internally:
$ docker ps -a | grep nginx
2453b37a9084 bitnami/nginx:latest "/opt/bitnami/script…" 4 minutes ago Up 30 seconds 8080/tcp, 0.0.0.0:8443->8443/tcp jenkins_nginx
It's easy to configure (see docs) and runs even under random UIDs defined at run time (i.e. not hard-coded in the Dockerfile). In fact this is Bitnami's policy to have all their containers rootless and prepared for UID changes at runtime, which is why we've been using them for a few years now under very security-conscious Openshift 3.x (bitnami/nginx in particular as a reverse proxy needed to enable authentication to MLflow web app).