root 不是应该是一个叫做public的文件夹么

先把 nginx 默认的 index.html 文件删除，和 rails 要删除 public 目录下的 index.html 原理一样

然后把 server 中的 root 指向 rails app 的 public 目录

#1 楼 @ywjno 啊，必须要有这个？

#2 楼 @willmouse 你好，我删了之后，403. 你说 root 指向 public 是这样: root /home/hlcfan/workspace/chatpro/public;

我最后这么写，在我本机可以正常跑。但是到了服务器就有问题了.403.求解。

server {
        listen       80;
        server_name  106.187.94.74;

    root /home/hlcfan/workspace/chatpro/public;
    passenger_enabled on;
    rails_env production;
        #charset koi8-r;

        #access_log  logs/host.access.log  main;

    #location / {
    #   root   /home/hlcfan/workspace/chatpro/public;
    #   index  index.html index.htm;
    #}

error.log 里依然访问/public/index.html....

2012/04/25 02:14:23 [error] 2819#0: *19 "/home/hlcfan/chatpro/public/index.html" is forbidden (13: Permission denied), client: 118.202.225.7, server: localhost, request: "GET / HTTP/1.1", host: "106.187.94.74"

@lgn21st @Rei @ywencn @zmbacker 求帮忙。我实在无解啊。

修改后重启 nginx 了么？ server_name localhost; => 要改成你自己的域名

而且你的 rvm 怎么安装到这里了？用 sudo 装的？ passenger_root /usr/local/rvm/gems/ruby-1.9.3-p125/gems/passenger-3.0.12; passenger_ruby /usr/local/rvm/wrappers/ruby-1.9.3-p125/ruby;

#7 楼 @loddit 你好，修改完已经 reload 了.localhost 已经换成我的 ip 了.rvm 是系统默认装到那里的. passenger 在 standalone 模式是可以跑的。但是用 nginx 就出问题。

@huacnlee 华顺，求帮忙。

`"/home/hlcfan/chatpro/public/index.html" is forbidden (13: Permission denied) 注意这段！

#10 楼 @huacnlee 恩，我注意这段了。但是我没有思路。

1. Nginx 配置文件完整发出来
2. ls /home/hlcfan/chatpro/public/ -lh 发出来看看

ls -lh

[hlcfan@li414-74 chatpro]$ ls -lh
total 1.8M
drwxrwxr-x 8 hlcfan hlcfan 4.0K Apr 21 06:04 app
drwxrwxr-x 5 hlcfan hlcfan 4.0K Apr 21 06:04 config
-rw-rw-r-- 1 hlcfan hlcfan  157 Apr 21 06:04 config.ru
drwxrwxr-x 2 hlcfan hlcfan 4.0K Apr 21 06:04 db
drwxrwxr-x 2 hlcfan hlcfan 4.0K Apr 21 06:04 doc
-rw-rw-r-- 1 hlcfan hlcfan   10 Apr 25 03:57 dump.rdb
-rw-rw-r-- 1 hlcfan hlcfan 1.7K Apr 21 08:16 Gemfile
-rw-rw-r-- 1 hlcfan hlcfan 4.6K Apr 23 09:11 Gemfile.lock
drwxrwxr-x 4 hlcfan hlcfan 4.0K Apr 21 06:04 lib
drwxrwxr-x 2 hlcfan hlcfan 4.0K Apr 21 07:11 log
-rw------- 1 hlcfan hlcfan 1.7M Apr 25 04:02 nohup.out
drwxrwxr-x 3 hlcfan hlcfan 4.0K Apr 25 03:26 public
-rw-rw-r-- 1 hlcfan hlcfan  272 Apr 21 06:04 Rakefile
-rw-rw-r-- 1 hlcfan hlcfan   41 Apr 21 06:04 README.rdoc
drwxrwxr-x 2 hlcfan hlcfan 4.0K Apr 21 06:04 script
-rwxrwxr-x 1 hlcfan hlcfan  134 Apr 22 07:00 start.sh
drwxrwxr-x 7 hlcfan hlcfan 4.0K Apr 21 06:04 test
drwxrwxr-x 6 hlcfan hlcfan 4.0K Apr 21 07:00 tmp
drwxrwxr-x 5 hlcfan hlcfan 4.0K Apr 21 07:07 vendor

Nginx Config

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
    use epoll;
}

http {
    passenger_root /usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.12;
    passenger_ruby /usr/local/rvm/wrappers/ruby-1.9.3-p194/ruby;
    #passenger_default_group root;
    #passenger_default_user root;
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    #sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;

    server {
        listen       80;
        server_name  106.187.94.74;
    root /home/hlcfan/chatpro/public;
    passenger_enabled on;
    rails_env production;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        #location / {
        #     root   html;
        #     index  index.html index.htm;
        #}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
       #some commented config
    }






}

明显是主机没有匹配，采用了默认主机配置 http://106.187.94.74 这样访问的吗？? rails_env production; 这句话可以删除

#14 楼 @sharp 你好，什么意思？怎么配置主机？ 是这样访问的。

change #user nobody; to user root

按理 ip 也是应该可以的，我看错你的问题了，我以为你还是"welcome to nginx"的问题

#16 楼 @sharp 哇！好了! 你就是大神! 为什么加了 user root 就好了？我本机和服务器一模一样，本机没有加就可以。求解。

权限也是文件的一部分，所以你的机器和服务器不可能一模一样，可以观察 ps aux

#18 楼 @sharp 你好，机器的 nginx 进程的 woker process 是以 nobody 跑的。我刚试了下，服务器可以用普通用户 hlcfan 和 root 跑，为什么不能用 nobody 跑呢？

http://wiki.nginx.org/CoreModule#user

If the master process is run as root, then nginx will setuid()/setgid() to USER/GROUP. If GROUP is not specified, then nginx uses the same name as USER. By default it's nobody user and nobody or nogroup group or the --user=USER and --group=GROUP from the ./configure script. 

nobody 属于其他用户，没有 w 的权限，为什么需要 w 的权限呢，留给你研究一下

用 root 权限跑 nginx，从安全上不值得推荐

#3 楼 @hlcfan 我也遇到同样的问题。但是我照你的修改。删除 index.html 后，报 403.然后 root 也改为 public 地址，并且重新加载了。但是还是报 403. 是什么原因呢？我感觉是 root 地址没有链接对

Nginx Config

#user nobody; worker_processes 1;

#error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info;

#pid logs/nginx.pid;

events { worker_connections 1024; }

http { passenger_root /Library/Ruby/Gems/1.8/gems/passenger-3.0.12; passenger_ruby /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/bin/ruby;

include mime.types; default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on; #tcp_nopush on;

#keepalive_timeout 0; keepalive_timeout 65;

#gzip on;

server { listen 80; server_name awesome_project.local; root /Users/wdlgame/Documents/RubyOnRailsWork/depot/public; passenger_enabled on;

#charset koi8-r;

#access_log logs/host.access.log main;

location / { root html; index index.html index.htm; }

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; }

# proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ .php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #}

# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} }

# another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias;

# location / { # root html; # index index.html index.htm; # } #}

# HTTPS server # #server { # listen 443; # server_name localhost;

# ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key;

# ssl_session_timeout 5m;

# ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on;

# location / { # root html; # index index.html index.htm; # } #} }

#22 楼 @wdlgame

你的这个 root 没有改写成 rails 的 public 目录

location / { root html; index index.html index.htm; }

#23 楼 @cxh116 我修改了依旧不行。而且我看到楼主 把这段代码注释了。我也试过注释。但是还是 403.

#24 楼 @wdlgame 权限问题 http://ruby-china.org/topics/458

#25 楼 @cxh116 郁闷啊。连修改 user nobody 为 user root 都报错了 nginx: [emerg] getgrnam("root") failed in /usr/local/nginx/conf/nginx.conf:4。

#26 楼 @wdlgame 你好，

• user root;---- 后边需要加分号;
• 这些需要注释掉，你再试试， #location / { # root html; # index index.html index.htm; #}

#27 楼 @hlcfan #22 楼 @wdlgame 你们的 403 Forbidden 错误是怎么解决的？？？ 我总报错：directory index of "/home/nancy/Project/site/public/" is forbidden ,不知道怎么回事

#28 楼 @nancy 检查目录是否存在，nginx 运行的用户是否有权限访问

#27 楼 @hlcfan 不要用 root 用户运行 nginx，只需让 nginx 的用户能访问项目即可，如配置相同的用户，或使用组权限。在 root 下运行 nginx 非常危险，一旦程序有漏洞，很容易控制整个服务器

文件路径 public/upload/a.xls nginx 下 File.open('upload/a.xls') 不行，要 File.open('public/upload/a.xls') apache 下 File.open('upload/a.xls') 正常 为什么？