请问： openresty(1.13.6.2)访问站点安装目录出现 403 Forbidden 怎么解决？

Question

自己的生产环境：centos7，openresty，php，mysql

出现的问题：IP访问是正常的，输入ip/install显示403 Forbidden，我给/usr/local/openresty/nginx/html目录权限改为777还是不行，请问怎么解决这个问题呢？
刚刚发现，50x.html也可以显示，但是ip/install/index.php不能显示.

如果我访问my ip adress/install/index.php，结果是下载这个文件，请问怎么设置才能正确访问index.php呢？

error.log 显示：

2018/06/08 10:33:18 [error] 12018#12018: *334 directory index of "/usr/local/openresty/nginx/html/install/" is forbidden,

自己的nginx.conf 配置:

user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;
    
    client_max_body_size 8m;    #允许客户端请求的最大单文件字节数
    client_body_buffer_size 2m;  #缓冲区代理缓冲用户端请求的最大字节

   #WAF
    lua_shared_dict limit 50m;  #防cc使用字典，大小50M
    lua_shared_dict guard_dict 100m;
    lua_shared_dict dict_captcha 70m;
    lua_max_running_timers 1;
    lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
    init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
    access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
   

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;

    server {
        listen       80;
        listen       [::]:80 default_server;
        server_name   my ip address;
        
        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {

            root    html;
            index  index.html index.htm index.php;
        }


        location /phpmyadmin {
            alias /usr/share/phpMyAdmin;
            index index.php;
         }

       location ~ /phpmyadmin/.+\.php$ {
            if ($fastcgi_script_name ~ /phpmyadmin/(.+\.php.*)$) {
             set $valid_fastcgi_script_name $1;
            }
             include fastcgi_params;
             fastcgi_pass 127.0.0.1:9000;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin/$valid_fastcgi_script_name;
         }

       

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # 这里新加的
        # PHP 脚本请求全部转发到 FastCGI处理. 使用FastCGI协议默认配置.
        # Fastcgi服务器和程序(PHP,Python)沟通的协议.
        location ~ \.php$ {
            # 设置监听端口
            fastcgi_pass   127.0.0.1:9000;
            # 设置nginx的默认首页文件(上面已经设置过了，可以删除)
            fastcgi_index  index.php;
            # 设置脚本文件请求的路径
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            # 引入fastcgi的配置文件
            include        fastcgi_params;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /document_root$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    
    server {
        listen  443 ssl http2;
        
        server_name  my ip address;
        charset  utf-8;
        ssl on;
        default_type  text/plain;
        
       
       

       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
       ssl_prefer_server_ciphers  on;

       location / {
            root   html;
           index  index.html index.htm index.php;
        }

         location ~ /phpmyadmin/.+\.php$ {
            if ($fastcgi_script_name ~ /phpmyadmin/(.+\.php.*)$) {
             set $valid_fastcgi_script_name $1;
            }
             include fastcgi_params;
             fastcgi_pass 127.0.0.1:9000;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin/$valid_fastcgi_script_name;
         }

       location ~ \.php$ {
            # 设置监听端口
            fastcgi_pass   127.0.0.1:9000;
            # 设置nginx的默认首页文件(上面已经设置过了，可以删除)
            fastcgi_index  index.php;
            # 设置脚本文件请求的路径
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            # 引入fastcgi的配置文件
            include        fastcgi_params;
        }


   }

}

Answer 1

1. 你输入 IP/install 出现403是因为你得 Nginx 配置没有添加对应的 location

   # 其他的配置项
   location /install {
       root html; # 或者 root html/install;
       index index.php;
       # 其他的配置项
   }
   # 其他的配置项

   如果你没有这样的 location，直接访问 IP/install 会判定为在 'html' 目录下查找 'install' 文件夹

2. *.php 文件访问时变成自动下载的原因一般都是 php-fpm 配置错误，或者 php-fpm 没有 正常启动监听
3. 我上传了现在可以正常使用的 Nginx 配置文件，可以在 这里 下载（密码：8qrk）。

Answer 2

“如果我访问my ip adress/install/index.php，结果是下载这个文件，请问怎么设置才能正确访问index.php呢？”
nginx本身不能解析php语言的，应该需要配合对应的模块才能解析Php，否则就当作是一个文件来下载下来了。