1

我创建了一个自动安装 nginx 的 zc.buildout 配置,带有配置和启动脚本。

一切正常,除了为了成功运行 nginx,我必须将它作为sudo. 我在 ubunut 下运行它,只是想知道为什么我必须这样做。请注意,这是在我的构建中本地安装的 nginx,而不是系统范围的。

这是我的develop.cfg构建配置。

[buildout]
extends = buildout.cfg
parts +=
    gunicorn
    pcre-source
    nginx
    webserver
    launcher

[opts]
control-script = ${django:control-script}
user = andre
server_name = localhost
listen_port = 443
media_dir = ${buildout:directory}/cdn/
workers = 2
pidfile = ${buildout:directory}/bin/${opts:control-script}.pid
socketfile = ${buildout:directory}/bin/${opts:control-script}.sock

[gunicorn]
recipe = zc.recipe.egg:scripts
dependent-scripts = true
eggs =
    ${buildout:eggs}
    eventlet
    gunicorn

[pcre-source]
recipe = hexagonit.recipe.download
url = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz
strip-top-level-dir = true

[nginx]
recipe = hexagonit.recipe.cmmi
url = http://nginx.org/download/nginx-1.4.1.tar.gz
environment-section = environment
configure-options =
    --with-pcre=${pcre-source:location}
    --with-http_ssl_module

[webserver]
recipe = gocept.nginx
configuration =

    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       ${buildout:directory}/parts/nginx/conf/mime.types;
        default_type  application/octet-stream;

        sendfile        on;
        keepalive_timeout  70;

        server {
            server_name localhost;
            listen 443;
            access_log  ${logs:access_log};

            ssl on;
            ssl_certificate ${buildout:directory}/dev/server.crt;
            ssl_certificate_key ${buildout:directory}/dev/server.key;

            location ^~ /media/ {
                root ${opts:media_dir};
                expires 31d;
            }

            location ^~ /static/ {
                root ${opts:media_dir};
                expires 31d;
            }

            location / {
                proxy_pass http://unix:${opts:socketfile}:;
                proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_connect_timeout 10;
                proxy_read_timeout 10;

                proxy_set_header X-Scheme $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For  $remote_addr;
                # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
        }
    }

[launcher]
recipe = collective.recipe.template
input = templates/launcher.sh
output = ${buildout:directory}/bin/${opts:control-script}.sh
mode = 755

所以,使用这个配置,在运行 buildout 之后,像这样正常运行它:

$ ./bin/webserver start
Starting nginx 
nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)

但是,使用 sudo 运行它会成功启动:

$ sudo ./bin/webserver start
Starting nginx 
$
4

1 回答 1

1

端口 443 低于 1024,这意味着它是一个受保护的端口,只能由 root 打开。所以你的构建是正确的,你只是遇到了 30 个旧的 unix 限制:-)

在端口 8443 左右启动 nginx 可能会正常工作。

一个选项:在构建的非特权端口上运行它,但从一些全局安装的服务器重定向流量。

于 2013-09-14T18:43:16.277 回答