我创建了一个zc.buildout配置,该配置会自动使用配置和启动脚本安装nginx。

一切正常,除了,为了成功运行nginx,我必须以sudo身份运行它。我在ubunut下运行它,只是想知道为什么我必须这样做。
请注意,这是在我的扩展中本地安装的nginx,而不是系统范围内的。

这是我的develop.cfg扩展配置。

[buildout]
extends = buildout.cfg
parts +=
    gunicorn
    pcre-source
    nginx
    webserver
    launcher

[opts]
control-script = ${django:control-script}
user = andre
server_name = localhost
listen_port = 443
media_dir = ${buildout:directory}/cdn/
workers = 2
pidfile = ${buildout:directory}/bin/${opts:control-script}.pid
socketfile = ${buildout:directory}/bin/${opts:control-script}.sock

[gunicorn]
recipe = zc.recipe.egg:scripts
dependent-scripts = true
eggs =
    ${buildout:eggs}
    eventlet
    gunicorn

[pcre-source]
recipe = hexagonit.recipe.download
url = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz
strip-top-level-dir = true

[nginx]
recipe = hexagonit.recipe.cmmi
url = http://nginx.org/download/nginx-1.4.1.tar.gz
environment-section = environment
configure-options =
    --with-pcre=${pcre-source:location}
    --with-http_ssl_module

[webserver]
recipe = gocept.nginx
configuration =

    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       ${buildout:directory}/parts/nginx/conf/mime.types;
        default_type  application/octet-stream;

        sendfile        on;
        keepalive_timeout  70;

        server {
            server_name localhost;
            listen 443;
            access_log  ${logs:access_log};

            ssl on;
            ssl_certificate ${buildout:directory}/dev/server.crt;
            ssl_certificate_key ${buildout:directory}/dev/server.key;

            location ^~ /media/ {
                root ${opts:media_dir};
                expires 31d;
            }

            location ^~ /static/ {
                root ${opts:media_dir};
                expires 31d;
            }

            location / {
                proxy_pass http://unix:${opts:socketfile}:;
                proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_connect_timeout 10;
                proxy_read_timeout 10;

                proxy_set_header X-Scheme $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For  $remote_addr;
                # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
        }
    }

[launcher]
recipe = collective.recipe.template
input = templates/launcher.sh
output = ${buildout:directory}/bin/${opts:control-script}.sh
mode = 755


因此,使用此配置,在运行buildout之后,通常以如下方式运行它:

$ ./bin/webserver start
Starting nginx
nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)


但是,使用sudo运行会成功启动:

$ sudo ./bin/webserver start
Starting nginx
$

最佳答案

端口443低于1024,这意味着它是受保护的端口,只能由root用户打开。因此,您的构建是正确的,您刚刚遇到了30个旧的Unix限制:-)

在8443左右的端口上启动nginx可能会正常工作。

一个选项:通过构建在非特权端口上运行它,但从某些全局安装的服务器那里重定向流量。

08-28 00:44
查看更多