Esclarecimento por favor: escreva permissões / usr / share / nginx / www | DigitalOcean
Depois de instalar um SSL por meio do Laravel Forge , meu site não carrega nada. Ao tentar reiniciar o NGINX, ele falha. Se eu executar sudo nginx -t
, obtenho o seguinte:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/usr/share/nginx/logs/static.log" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
Aqui está minha configuração do NGINX:
# non-www to www redirect
server {
listen 80;
server_name MYDOMAIN.com;
return 301 $scheme://www.MYDOMAIN.com$request_uri;
}
server {
listen 80 default_server;
server_name www.MYDOMAIN.com *.MYDOMAIN.com;
root /home/forge/MYDOMAIN.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/MYDOMAIN.com/10957/server.crt;
ssl_certificate_key /etc/nginx/ssl/MYDOMAIN.com/10957/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
# Built-in filename-based cache busting
# https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L403
# This will route all requests for /css/style.20120716.css to /css/style.css
# Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting
# This is not included by default, because it'd be better if you use the build
# script to manage the file names.
location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
try_files $uri $1.$2;
}
# Expire rules for static content
# No default expire rule. This config mirrors that of apache as outlined in the
# html5-boilerplate .htaccess file. However, nginx applies rules by location,
# the apache rules are defined by type. A consequence of this difference is that
# if you use no file extension in the url and serve html, with apache you get an
# expire time of 0s, with nginx you'd get an expire header of one month in the
# future (if the default expire rule is 1 month). Therefore, do not use a
# default expire rule with nginx unless your site is completely static
# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
access_log logs/static.log;
}
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
# WebFonts
# If you are NOT using cross-domain-fonts.conf, uncomment the following directive
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# How long to allow each connection to stay idle; longer values are better
# for each individual client, particularly for SSL, but means that worker
# connections are tied up longer. (Default: 65)
keepalive_timeout 20;
# Speed up file transfers by using sendfile() to copy directly
# between descriptors rather than using read()/write().
sendfile on;
# Tell Nginx not to send out partial frames; this increases throughput
# since TCP frames are filled up before being sent out. (adds TCP_CORK)
tcp_nopush on;
# Expire rules for static content
# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
# access_log logs/static.log; # I don't usually include a static log
}
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
# Compression
# Enable Gzip compressed.
gzip on;
# Compression level (1-9).
# 5 is a perfect compromise between size and cpu usage, offering about
# 75% reduction for most ascii files (almost identical to level 9).
gzip_comp_level 5;
# Don't compress anything that's already small and unlikely to shrink much
# if at all (the default is 20 bytes, which is bad as that usually leads to
# larger files after gzipping).
gzip_min_length 256;
# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
gzip_proxied any;
# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the client's Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
gzip_vary on;
# Compress all output labeled with one of the following MIME-types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/schema+json
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
image/bmp
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
text/cache-manifest
text/css
text/javascript
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml;
# text/html is always compressed by HttpGzipModule
client_max_body_size 128M;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/MYDOMAIN.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Não tenho certeza se isso é importante, mas não quero todo o meu site em SSL, apenas rotas específicas (que especifico em meu aplicativo e que funcionam bem localmente). Ainda preciso adicionar um ouvinte para 443
nesse arquivo, potencialmente? Esse problema de permissão também está me jogando por um loop. Eu realmente aprecio qualquer ajuda!
Também estou recebendo o seguinte erro ao executar nginx -t
:
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2015/08/06 07:59:21 [warn] 5972#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2015/08/06 07:59:21 [emerg] 5972#0: open() "/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed
Eu tive exatamente o mesmo problema no meu servidor de forja, criando o diretório de logs que resolveu o problema:
cd /usr/share/nginx;
sudo mkdir logs
Você precisa ter um host virtual separado para http
e https
. E você deve especificar as chaves TLS somente no bloco https
.
Na sua configuração atual, você está tendo um https
server em http
port, o que não funcionará de forma alguma.
Eu enfrentei um problema semelhante ao reiniciar o Nginx e descobri que ele é uma causa do SeLinux . Certifique-se de tentar depois de desativar o SeLinux ou temporariamente configurá-lo para o modo Permissivo usando o comando abaixo:
setenforce 0
Erros que eu estava vendo no arquivo de log que foi corrigido após o ajuste acima:
[emerg] 21285#0: open() "/var/www/html/amaeka/logs/access.log" failed (13: Permission denied)
[emerg] 21301#0: open() "/var/www/html/amaeka/logs/access.log" failed (13: Permission denied)
Tags nginx file-permissions