Fatal编程技术网
  • ubuntu/
  • Ubuntu nginx的权限错误zc.buildout

Ubuntu nginx的权限错误zc.buildout

ubuntu nginx

Ubuntu nginx的权限错误zc.buildout,ubuntu,nginx,buildout,Ubuntu,Nginx,Buildout,我创建了一个zc.buildout配置,自动安装nginx,并带有配置和启动脚本 一切正常,除了为了成功运行nginx,我必须以sudo的方式运行它。我在ubunut下运行这个,只是想知道为什么我必须这么做。 请注意,这是在我的构建中本地安装的nginx,而不是系统范围 这是我的develope.cfgbuildout配置 [buildout] extends = buildout.cfg parts += gunicorn pcre-source nginx w

我创建了一个zc.buildout配置,自动安装nginx,并带有配置和启动脚本

一切正常,除了为了成功运行nginx,我必须以
sudo
的方式运行它。我在ubunut下运行这个,只是想知道为什么我必须这么做。 请注意,这是在我的构建中本地安装的nginx,而不是系统范围

这是我的
develope.cfg
buildout配置

[buildout]
extends = buildout.cfg
parts +=
    gunicorn
    pcre-source
    nginx
    webserver
    launcher

[opts]
control-script = ${django:control-script}
user = andre
server_name = localhost
listen_port = 443
media_dir = ${buildout:directory}/cdn/
workers = 2
pidfile = ${buildout:directory}/bin/${opts:control-script}.pid
socketfile = ${buildout:directory}/bin/${opts:control-script}.sock

[gunicorn]
recipe = zc.recipe.egg:scripts
dependent-scripts = true
eggs =
    ${buildout:eggs}
    eventlet
    gunicorn

[pcre-source]
recipe = hexagonit.recipe.download
url = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz
strip-top-level-dir = true

[nginx]
recipe = hexagonit.recipe.cmmi
url = http://nginx.org/download/nginx-1.4.1.tar.gz
environment-section = environment
configure-options =
    --with-pcre=${pcre-source:location}
    --with-http_ssl_module

[webserver]
recipe = gocept.nginx
configuration =

    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       ${buildout:directory}/parts/nginx/conf/mime.types;
        default_type  application/octet-stream;

        sendfile        on;
        keepalive_timeout  70;

        server {
            server_name localhost;
            listen 443;
            access_log  ${logs:access_log};

            ssl on;
            ssl_certificate ${buildout:directory}/dev/server.crt;
            ssl_certificate_key ${buildout:directory}/dev/server.key;

            location ^~ /media/ {
                root ${opts:media_dir};
                expires 31d;
            }

            location ^~ /static/ {
                root ${opts:media_dir};
                expires 31d;
            }

            location / {
                proxy_pass http://unix:${opts:socketfile}:;
                proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_connect_timeout 10;
                proxy_read_timeout 10;

                proxy_set_header X-Scheme $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For  $remote_addr;
                # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
        }
    }

[launcher]
recipe = collective.recipe.template
input = templates/launcher.sh
output = ${buildout:directory}/bin/${opts:control-script}.sh
mode = 755
因此,使用此配置,在运行buildout之后,正常运行它,如下所示:

$ ./bin/webserver start
Starting nginx 
nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)
但是,在运行sudo时,它会成功启动:

$ sudo ./bin/webserver start
Starting nginx 
$
端口443低于1024,这意味着它是受保护的端口,只能由root用户打开。因此,您的构建是正确的,您只是遇到了30年前的unix限制:-)

在端口8443左右启动nginx可能可以正常工作

一个选项:在buildout的一个非特权端口上运行它,但从一些全局安装的服务器重定向流量

端口443低于1024,这意味着它是受保护的端口,只能由root用户打开。因此,您的构建是正确的,您只是遇到了30年前的unix限制:-)

在端口8443左右启动nginx可能可以正常工作

一个选项:在buildout的一个非特权端口上运行它,但从一些全局安装的服务器重定向流量

谢谢你的解释。现在一切都有道理了:)谢谢你的解释。现在一切都有意义了:)