Nginx 403设置权限后禁止访问

Question

我想为我的域名获取Letsencrpyt SSL。部分过程是，该网站在获得证书之前需要获得授权。

我创建了文件夹./well-known并运行了我被要求和我得到的命令;

Nginx 403 forbidden. 

我在nginx的/ 1.10.0（Ubuntu的）

我chown的目录，并授予它755仍然是相同的。查看下面我的目录中的权限。

namei -l /var/www/example.com/.well-known      

f: /var/www/example.com/.well-known 
drwxr-xr-x root root/
drwxr-xr-x root root var 
drwxr-xr-x root root www 
drwxr-xr-x cman sudo example.com 
drwxr-xr-x cman sudo .well-known 

我还创建了一个working.html文件中的文件夹/.well-known我和加载example.com/.well-known/working.html，我得到了相同的403禁止。如果你没有使用别名

Nginx.conf

upstream kip_app_server { 
    # fail_timeout=0 means we always retry an upstream even if it failed 
    # to return a good HTTP response (in case the Gunicorn master nukes a 
    # single worker for timing out). 

    server unix:/var/www/example.com/src/run/trav.sock fail_timeout=0; 
} 

server { 
     listen 80; 
     server_name example.com www.example.com; 

location = /favicon.ico { access_log off; log_not_found off; } 
access_log /var/www/example.com/logs/access.log; 
error_log /var/www/example.com/logs/nerror.log; 

charset utf-8; 

client_max_body_size 75M; 

    location /static/ { 
     alias /var/www/example.com/src/static/; 
    } 

    location /media/ { 
     alias var/www/example.com/src/media/; 
    } 

    location ~ /\.well-known { 
     allow all; 
     alias /var/www/example.com/.well-known/; 
    } 


    location/{ 
     include proxy_params; 
     proxy_pass http://kip_app_server; 
     #proxy_set_header X-Forwarded-Host $server_name; 
     #proxy_set_header X-Real-IP $remote_addr; 
    } 
} 

Answer 1

您的代码会工作。

尝试这种情况：

location ^~ /.well-known { 
    allow all; 
    alias /var/www/example.com/.well-known/; 
} 

或该：

location ^~ /.well-known { 
    allow all; 
    auth_basic off; 
    alias /path/to/.well-known/; 
} 

混叠时，将^是必需的。

这是Nginx的特定行为，它们执行匹配的方式。这里有关于匹配逻辑和注意事项的详细描述，这很容易让人困惑：https://github.com/letsencrypt/acme-spec/issues/221