Tenho um site WordPress que instalei em um servidor Ubuntu. Eu configurei o Nginx para ouvir solicitações e enviá-las para php-fpm. Estou usando o poolrecurso para que o site WordPress possa ter todos os arquivos e diretórios de propriedade do usuário que opera o site. estou usando opermissões de arquivo sugeridasde 755em diretórios e 640em arquivos.
O site é carregado, exceto alguns arquivos que estão no wp-includesdiretório. Posso usar o Painel de Administração, exceto novamente para certas coisas que são necessárias no wp-includesdiretório.
Aqui estão alguns dos erros que estou vendo no /var/log/nginx/error.log:
2023/10/24 00:38:26 [error] 2611#2611: *10600 open() "/home/user1/www/example.com/wp-includes/css/dashicons.min.css" failed (13: Permission denied), client: 10.0.0.1, server: example.com, request: "GET /wp-includes/css/dashicons.min.css?ver=6.3.2 HTTP/1.1", host: "www.example.com", referrer: "http://www.example.com/"
2023/10/24 00:38:26 [error] 2611#2611: *10602 open() "/home/user1/www/example.com/wp-includes/blocks/navigation/view.min.js" failed (13: Permission denied), client: 10.0.0.1, server: example.com, request: "GET /wp-includes/blocks/navigation/view.min.js?ver=886680af40b7521d60fc HTTP/1.1", host: "www.example.com", referrer: "http://www.example.com/"
2023/10/24 00:38:26 [error] 2611#2611: *10603 open() "/home/user1/www/example.com/wp-includes/blocks/navigation/style.min.css" failed (13: Permission denied), client: 10.0.0.1, server: example.com, request: "GET /wp-includes/blocks/navigation/style.min.css?ver=6.3.2 HTTP/1.1", host: "www.example.com", referrer: "http://www.example.com/"
2023/10/24 00:38:26 [error] 2611#2611: *10604 open() "/home/user1/www/example.com/wp-includes/css/admin-bar.min.css" failed (13: Permission denied), client: 10.0.0.1, server: example.com, request: "GET /wp-includes/css/admin-bar.min.css?ver=6.3.2 HTTP/1.1", host: "www.example.com", referrer: "http://www.example.com/"
2023/10/24 00:38:26 [error] 2611#2611: *10605 open() "/home/user1/www/example.com/wp-includes/blocks/navigation/view-modal.min.js" failed (13: Permission denied), client: 10.0.0.1, server: example.com, request: "GET /wp-includes/blocks/navigation/view-modal.min.js?ver=b478fa3cd1475dec97d3 HTTP/1.1", host: "www.example.com", referrer: "http://www.example.com/"
2023/10/24 00:38:26 [error] 2611#2611: *10604 open() "/home/user1/www/example.com/wp-includes/js/admin-bar.min.js" failed (13: Permission denied), client: 10.0.0.1, server: example.com, request: "GET /wp-includes/js/admin-bar.min.js?ver=6.3.2 HTTP/1.1", host: "www.example.com", referrer: "http://www.example.com/"
2023/10/24 00:38:26 [error] 2611#2611: *10603 open() "/home/user1/www/example.com/wp-includes/js/comment-reply.min.js" failed (13: Permission denied), client: 10.0.0.1, server: example.com, request: "GET /wp-includes/js/comment-reply.min.js?ver=6.3.2 HTTP/1.1", host: "www.example.com", referrer: "http://www.example.com/"
2023/10/24 00:38:26 [error] 2611#2611: *10605 open() "/home/user1/www/example.com/wp-includes/js/hoverintent-js.min.js" failed (13: Permission denied), client: 10.0.0.1, server: example.com, request: "GET /wp-includes/js/hoverintent-js.min.js?ver=2.2.1 HTTP/1.1", host: "www.example.com", referrer: "http://www.example.com/"
Por que o Nginx teria acesso a tudo, exceto às coisas no wp-includesdiretório?
Estas são as listagens de diretórios para cada um dos arquivos referenciados:
# ls -al /home
drwxr-xr-x 4 user1 user1 4096 Oct 23 20:52 user1
# ls -al /home/user1/
drwxr-xr-x 3 user1 user1 4096 Oct 23 21:35 www
# ls -al /home/user1/www/
drwxr-xr-x 5 user1 user1 4096 Oct 23 21:52 example.com
# ls -al /home/user1/www/example.com/
-rw-r----- 1 user1 user1 405 Feb 6 2020 index.php
-rw-r----- 1 user1 user1 19915 Jan 1 2023 license.txt
-rw-r----- 1 user1 user1 7399 Jul 5 21:41 readme.html
-rw-r----- 1 user1 user1 7211 May 13 01:35 wp-activate.php
drwxr-xr-x 9 user1 user1 4096 Oct 12 23:12 wp-admin
-rw-r----- 1 user1 user1 351 Feb 6 2020 wp-blog-header.php
-rw-r----- 1 user1 user1 2323 Jun 14 18:11 wp-comments-post.php
-rw-r----- 1 user1 user1 3013 Feb 23 2023 wp-config-sample.php
-r-------- 1 user1 user1 3329 Oct 23 21:52 wp-config.php
drwxr-xr-x 5 user1 user1 4096 Oct 24 00:46 wp-content
-rw-r----- 1 user1 user1 5638 May 30 22:48 wp-cron.php
drwxr-xr-x 27 user1 user1 12288 Oct 12 23:12 wp-includes
-rw-r----- 1 user1 user1 2502 Nov 27 2022 wp-links-opml.php
-rw-r----- 1 user1 user1 3927 Jul 16 16:16 wp-load.php
-rw-r----- 1 user1 user1 49441 Jul 17 17:18 wp-login.php
-rw-r----- 1 user1 user1 8537 Jun 22 18:36 wp-mail.php
-rw-r----- 1 user1 user1 25602 Jul 25 10:35 wp-settings.php
-rw-r----- 1 user1 user1 34385 Jun 19 22:27 wp-signup.php
-rw-r----- 1 user1 user1 4885 Jun 22 18:36 wp-trackback.php
-rw-r----- 1 user1 user1 3236 Jun 14 18:11 xmlrpc.php
# ls -al /home/user1/www/example.com/wp-includes
drwxr-xr-x 95 user1 user1 4096 Oct 12 23:12 blocks
drwxr-xr-x 3 user1 user1 4096 Oct 12 23:12 css
drwxr-xr-x 13 user1 user1 4096 Oct 12 23:12 js
# ls -al /home/user1/www/example.com/wp-includes/blocks/
drwxr-xr-x 2 user1 user1 4096 Oct 12 23:12 navigation
# ls -al /home/user1/www/example.com/wp-includes/blocks/navigation
-rw-r----- 1 user1 user1 16081 Jul 19 15:13 style.min.css
-rw-r----- 1 user1 user1 7814 Jun 29 00:08 view-modal.min.js
-rw-r----- 1 user1 user1 1136 Jun 27 18:24 view.min.js
# ls -al /home/user1/www/example.com/wp-includes/css/
-rw-r----- 1 user1 user1 20319 Feb 11 2023 admin-bar.min.css
-rw-r----- 1 user1 user1 59016 Mar 4 2021 dashicons.min.css
# ls -al /home/user1/www/example.com/wp-includes/js
-rw-r----- 1 user1 user1 3536 Feb 2 2023 admin-bar.min.js
-rw-r----- 1 user1 user1 2981 Apr 9 2022 comment-reply.min.js
-rw-r----- 1 user1 user1 1718 Dec 10 2019 hoverintent-js.min.js
nginx website config file:
server {
server_name example.com www.example.com;
root /home/user1/www/example.com;
index index.php index.html index.htm;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param PHP_VALUE "display_errors=0;\n error_reporting=E_ALL;";
fastcgi_pass unix:/run/php/php-fpm-www.example.com.sock;
}
location ~ /\.ht {
deny all;
}
listen 80;
listen [::]:80;
}
/etc/php/8.1/fpm/pool.d/user1-domain.conf:
[example.com]
user = user1
group = user1
listen = /run/php/php-fpm-www.example.com.sock;
listen.owner = www-data
listen.group = www-data
pm = ondemand
pm.max_children = 25
Versões:
nginx version: nginx/1.18.0
Ubuntu 22.04.3 LTS
PHP 8.1
php8.1-fpm
o que estou perdendo?
Responder1
Os arquivos estáticos são servidos diretamente por nginxe não php-fpmpor isso precisam ser acessíveis pelo usuário que nginxutiliza, normalmente www-data. Você pode incluir o usuário user1no grupo www-dataou, de outra forma, incluir o usuário www-datano grupo user1.
Responder2
Depois de ler mais alguma documentação (Alterando permissões de arquivoeEndurecimento do WordPress: permissões de arquivo) Percebi que no meu sistema iria usar algumas permissões que não eram rigorosas.
Eu estava tentando diretórios 750e arquivos com 640. Quando dei worldacesso de leitura, as coisas começaram a funcionar.
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
Não precisei mudar de propriedade de www-datanada até agora. As php-fpmconfigurações de usuário e grupo parecem estar ótimas:
user = user1
group = user1
listen.owner = www-data
listen.group = www-data
Isso permite que o Nginx execute como www-datae acesse o site fpmcomo user1.