Nginx 访问静态站点 403

原创: Charles7c

发布于: 2025-08-26 22:09

更新于: 5 天前

通过 Nginx 部署了静态博客，访问时出现 403 错误。

---

tail -f error.log 查看错误日志，提示权限不足，本身 403 也是表示该含义。

error.log

2025/08/26 22:00:09 [crit] 22#22: *69 stat() "/usr/share/nginx/html/charles7c/index.html" failed (13: Permission denied), client: xx.xx.xx.xx, server: charles7c.top, request: "GET /favicon.ico HTTP/1.1", host: "charles7c.top"

检查 Nginx 配置，没有特殊问题。

nginx.conf

worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    # 限制 body 大小
    client_max_body_size 100m;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    ## 知识库
    server {
        listen       443 ssl;
        server_name  charles7c.top www.charles7c.top;

        ssl_certificate      /etc/nginx/cert/charles7c.top.pem;
        ssl_certificate_key  /etc/nginx/cert/charles7c.top.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location / {
            root   /usr/share/nginx/html/charles7c;
            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
            error_page 405 =200 https://$host$request_uri;

            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
            
            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
                return 204;
            }
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    # 将 HTTP 请求转发到 HTTPS
    server {
        listen  80;
        server_name  charles7c.top www.charles7c.top;
        rewrite ^ https://$http_host$request_uri? permanent;
    }
}

之前还遇到过一次 error.log 提示权限不足是因为 nginx.conf 的 user 配置项错误，但当时是接口提示 502 错误，这回是静态资源访问提示 403 错误。

回顾之前其他部署场景，唯一区别在于没有调整目录权限，将 /usr/share/nginx/html 权限改为 777。

chmod -R 777 /usr/share/nginx/html

再次访问，恢复正常。403 错误其实已经提示的很清晰了。