nginx sub dir get forbidden error

[carlsue]

i setup nginx and dufs on the same device ,config nginx revers proxy to dufs ,but get forbidden error: location /dufs { proxy_pass http://127.0.0.1:5000; }

[sigoden]

Must be misconfig on auth options. Don't include /dufs prefix in the auth path. If it still fails, please provide the full configuration for further assistance.

[carlsue]

Must be misconfig on auth options. Don't include /dufs prefix in the auth path. If it still fails, please provide the full configuration for further assistance.

config dufs 'config' option enabled '1' option port '5000' option allow_upload '1' option allow_search '1' list auth '2:2@/sda1:rw' list auth '1:1@/sda1/TDDOWNLOAD' option internet '1' option enable_cors '1'

` worker_processes auto;

user root;

include module.d/*.module;

events {}

http { access_log off; log_format openwrt '$request_method $scheme://$host$request_uri => $status' ' (${body_bytes_sent}B in ${request_time}s) <- $http_referer';

    include mime.types;
    default_type application/octet-stream;
    sendfile on;

    client_max_body_size 128M;
    large_client_header_buffers 2 1k;

    gzip on;
    gzip_vary on;
    gzip_proxied any;

    root /www;

    server { #see uci show 'nginx._lan'
            listen 443 ssl default_server;
            listen [::]:443 ssl default_server;
            server_name _lan;
            include restrict_locally;
            include conf.d/*.locations;
            ssl_certificate /etc/nginx/conf.d/_lan.crt;
            ssl_certificate_key /etc/nginx/conf.d/_lan.key;
            ssl_session_cache shared:SSL:32k;
            ssl_session_timeout 64m;
            access_log off; # logd openwrt;
    }

    server { #see uci show 'nginx._redirect2ssl'
            listen 80;
            listen [::]:80;
            server_name _redirect2ssl;
            return 302 https://$host$request_uri;
    }

    include conf.d/*.conf;

}

configuration file /etc/nginx/module.d/luci.module:

load_module /usr/lib/nginx/modules/ngx_http_ubus_module.so;

configuration file /etc/nginx/mime.types:

types { text/html html htm shtml; text/css css; text/xml xml; image/gif gif; image/jpeg jpeg jpg; application/javascript js; application/atom+xml atom; application/rss+xml rss;

text/mathml                                      mml;
text/plain                                       txt;
text/vnd.sun.j2me.app-descriptor                 jad;
text/vnd.wap.wml                                 wml;
text/x-component                                 htc;

image/avif                                       avif;
image/png                                        png;
image/svg+xml                                    svg svgz;
image/tiff                                       tif tiff;
image/vnd.wap.wbmp                               wbmp;
image/webp                                       webp;
image/x-icon                                     ico;
image/x-jng                                      jng;
image/x-ms-bmp                                   bmp;

font/woff                                        woff;
font/woff2                                       woff2;

application/java-archive                         jar war ear;
application/json                                 json;
application/mac-binhex40                         hqx;
application/msword                               doc;
application/pdf                                  pdf;
application/postscript                           ps eps ai;
application/rtf                                  rtf;
application/vnd.apple.mpegurl                    m3u8;
application/vnd.google-earth.kml+xml             kml;
application/vnd.google-earth.kmz                 kmz;
application/vnd.ms-excel                         xls;
application/vnd.ms-fontobject                    eot;
application/vnd.ms-powerpoint                    ppt;
application/vnd.oasis.opendocument.graphics      odg;
application/vnd.oasis.opendocument.presentation  odp;
application/vnd.oasis.opendocument.spreadsheet   ods;
application/vnd.oasis.opendocument.text          odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                 pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                 xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                 docx;
application/vnd.wap.wmlc                         wmlc;
application/wasm                                 wasm;
application/x-7z-compressed                      7z;
application/x-cocoa                              cco;
application/x-java-archive-diff                  jardiff;
application/x-java-jnlp-file                     jnlp;
application/x-makeself                           run;
application/x-perl                               pl pm;
application/x-pilot                              prc pdb;
application/x-rar-compressed                     rar;
application/x-redhat-package-manager             rpm;
application/x-sea                                sea;
application/x-shockwave-flash                    swf;
application/x-stuffit                            sit;
application/x-tcl                                tcl tk;
application/x-x509-ca-cert                       der pem crt;
application/x-xpinstall                          xpi;
application/xhtml+xml                            xhtml;
application/xspf+xml                             xspf;
application/zip                                  zip;

application/octet-stream                         bin exe dll;
application/octet-stream                         deb;
application/octet-stream                         dmg;
application/octet-stream                         iso img;
application/octet-stream                         msi msp msm;

audio/midi                                       mid midi kar;
audio/mpeg                                       mp3;
audio/ogg                                        ogg;
audio/x-m4a                                      m4a;
audio/x-realaudio                                ra;

video/3gpp                                       3gpp 3gp;
video/mp2t                                       ts;
video/mp4                                        mp4;
video/mpeg                                       mpeg mpg;
video/quicktime                                  mov;
video/webm                                       webm;
video/x-flv                                      flv;
video/x-m4v                                      m4v;
video/x-mng                                      mng;
video/x-ms-asf                                   asx asf;
video/x-ms-wmv                                   wmv;
video/x-msvideo                                  avi;

}

configuration file /etc/nginx/restrict_locally:

    allow ::1;
    allow fc00::/7;
    allow fec0::/10;
    allow fe80::/10;
    allow 127.0.0.0/8;
    allow 10.0.0.0/8;
    allow 172.16.0.0/12;
    allow 192.168.0.0/16;
    allow 169.254.0.0/16;
    allow 171.213.0.0/16;
    deny all;

configuration file /etc/nginx/conf.d/luci.locations:

location /cgi-bin/luci { index index.html; include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 9; uwsgi_pass unix:////var/run/luci-webui.socket; } location ~ /cgi-bin/cgi-(backup|download|upload|exec) { include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 9; uwsgi_pass unix:////var/run/luci-cgi_io.socket; }

location /luci-static { error_log stderr crit; }

location /ubus { ubus_interpreter; ubus_socket_path /var/run/ubus/ubus.sock; ubus_parallel_req 2; }

location /dufs { proxy_pass http://127.0.0.1:5000; }

configuration file /etc/nginx/uwsgi_params:

uwsgi_param QUERY_STRING $query_string; uwsgi_param REQUEST_METHOD $request_method; uwsgi_param CONTENT_TYPE $content_type; uwsgi_param CONTENT_LENGTH $content_length;

uwsgi_param REQUEST_URI $request_uri; uwsgi_param PATH_INFO $document_uri; uwsgi_param DOCUMENT_ROOT $document_root; uwsgi_param SERVER_PROTOCOL $server_protocol; uwsgi_param REQUEST_SCHEME $scheme; uwsgi_param HTTPS $https if_not_empty;

uwsgi_param REMOTE_ADDR $remote_addr; uwsgi_param REMOTE_PORT $remote_port; uwsgi_param SERVER_PORT $server_port; uwsgi_param SERVER_NAME $server_name; `

[sigoden]

I don't know much nginx, you'd better leave nginx alone and see if the dufs configuration is correct.

First, do not set auth and see if dufs can be accessed normally. Second, set auth, check if Nginx passes the Authorization header to dufs. @carlsue

[carlsue]

I don't know much nginx, you'd better leave nginx alone and see if the dufs configuration is correct.

First, do not set auth and see if dufs can be accessed normally. Second, set auth, check if Nginx passes the Authorization header to dufs. @carlsue

[sigoden]

I can only help with the problem of dufs. You must be involved with nginx. I can't help you.

You'd better report the issue through https://github.com/sigoden/dufs/issues/new?assignees=&labels=&projects=&template=bug_report.md

[sigoden]

some tips if you want to run dufs with subpath /dufs :

• pass the --path-prefix /dufs option
• auth expression don't require the/dufs prefix

  -- -a user:admin@/dufs/dir1
  ++ -a user:admin@/dir1

[sigoden]

Closing this issue due to lack of information.

[carlsue]

通过测试，发现跟nginx版本有关系。 在windows上用nginx同样配置可以成功 server { listen 80; server_name 127.0.0.1;

location /ddd {
   proxy_pass http://192.168.1.21:5000/;
  sub_filter '/__dufs_v0.40.0__/' '/ddd/__dufs_v0.40.0__/';
  sub_filter_types *;
  sub_filter_once off;
}
access_log  logs/127.0.0.1_80.access.log;
error_log  logs/127.0.0.1_80.error.log;

}

但在openwrt上安装的nginx由于没有sub_filter模块，所以会有如下错误

[carlsue]

successed! install nginx-full instade nginx in the openwrt OS.

[sigoden]

Congratulation ✨