I have 3 domain names and am trying to host all 3 sites on one server (a Digital Ocean droplet) using Nginx.
mysite1.name mysite2.name mysite3.name
Only 1 of them works. The other two result in 403 errors (in the same way).
In my nginx error log, I see: [error] 13108#0: *1 directory index of "/usr/share/nginx/mysite2.name/live/" is forbidden
.
My sites-enabled config is:
server {
server_name www.mysite2.name;
return 301 $scheme://mysite2.name$request_uri;
}
server {
server_name mysite2.name;
root /usr/share/nginx/mysite2.name/live/;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.html index.php;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
All 3 sites have nearly identical config files.
Each site's files are in folders like /usr/share/nginx/mysite1.name/someFolder, and then /usr/share/nginx/mysite1.name/live is a symlink to that. (Same for mysite2 and mysite3.)
I've looked at Nginx 403 forbidden for all files but that didn't help.
Any ideas on what might be wrong?
This question is related to
configuration
nginx
http-status-code-403
domain-name
You need execute permission on your static files directory. Also they need to be chown'ed by your nginx user and group.
when you want to keep the directory option,you can put the index.php ahead of $uri like this.
try_files /index.php $uri $uri/
To fix this issue I spent a full night. Here's my two cents on this story,
Check if you are using hhvm as php interpreter. Then it's possible that it's listening on port 9000 so you will have to modify your web server's config.
This is a side note: If you are using mysql, and connections from hhvm to the mysql become impossible, check if you have apparmor installed. disable it.
6833#0: *1 directory index of "/path/to/your/app" is forbidden, client: 127.0.0.1, server: lol.com, request: "GET / HTTP/1.1", host: "localhost"
I was running Ubuntu 15.10 and encountered the 403 Forbidden error due to a simple reason. In the nginx.conf(configuration file for nginx), the user was 'www-data'. Once I changed the username to [my username], it worked fine assuming the necessary permissions were given to my username. Steps followed by me:
chmod 755 /path/to/your/app
My configuration file looks like this:
**user [my username]**;#I made the change here.
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80;
server_name My_Server;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
Because you're using php-fpm
, you should make sure that php-fpm
user is the same as nginx
user.
Check /etc/php-fpm.d/www.conf
and set php user and group to nginx
if it's not.
The php-fpm
user needs write permission.
In fact there are several things you need to check. 1. check your nginx's running status
ps -ef|grep nginx
ps aux|grep nginx|grep -v grep
Here we need to check who is running nginx. please remember the user and group
check folder's access status
ls -alt
compare with the folder's status with nginx's
(1) if folder's access status is not right
sudo chmod 755 /your_folder_path
(2) if folder's user and group are not the same with nginx's running's
sudo chown your_user_name:your_group_name /your_folder_path
and change nginx's running username and group
nginx -h
to find where is nginx configuration file
sudo vi /your_nginx_configuration_file
//in the file change its user and group
user your_user_name your_group_name;
//restart your nginx
sudo nginx -s reload
Because nginx default running's user is nobody and group is nobody. if we haven't notice this user and group, 403 will be introduced.
It look's like some permissions problem.
Try to set all permisions like you did in mysite1 to the others site.
By default file permissions should be 644 and dirs 755. Also check if the user that runs nginx have permission to read that files and dirs.
Here's how I managed to fix it on my Kali machine:
Locate to the directory:
cd /etc/nginx/sites-enabled/
Edit the 'default' configuration file:
sudo nano default
Add the following lines in the location
block:
location /yourdirectory {
autoindex on;
autoindex_exact_size off;
}
Note that I have activated auto-indexing in a specific directory
/yourdirectory
only. Otherwise, it will be enabled for all of your folders on your computer and you don't want it.
Now restart your server and it should be working now:
sudo service nginx restart
In my case it was related to SELinux in CentOS 7:
You can check if it is enabled running the following command:
cat /etc/selinux/config
Sample outputs:
SELINUX=enforcing
SELINUXTYPE=targeted
Disabling SELinux permanently Edit the /etc/selinux/config file, run:
sudo vi /etc/selinux/config
Set SELINUX to disabled:
SELINUX=disabled
Save and close the file in vi/vim. Reboot the Linux system:
sudo reboot
If you're simply trying to list directory contents use autoindex on;
like:
location /somedir {
autoindex on;
}
server {
listen 80;
server_name domain.com www.domain.com;
access_log /var/...........................;
root /path/to/root;
location / {
index index.php index.html index.htm;
}
location /somedir {
autoindex on;
}
}
change the try_files
to point to the index.php
path, in the "Laravel" that you mentioned it should be something like this
location / {
try_files $uri $uri/ /public/index.php$request_uri;
}
And in the "codeigniter" project try it like this
location / {
try_files $uri $uri/ /public_web/index.php$request_uri;
}
I encountered similar error
--- "403 Forbidden" in the webpage
--- "13: Permission denied" in the error log at /var/log/nginx/error.log
Below 3 Steps worked for me:
user1@comp1:/home/www/
So, my user name is "user1" (from above)
# user www-data;
user user1;
sudo nginx -s reload
Additionally, I have applied file/folder permissions (before I did above 3 steps)
(755 to my directory, say /dir1/) & (644 for files under that directory):
(I am not sure, if this additional step is really required, just above 3 steps might be enough):
chmod 755 ./dir1/
chmod 644 ./dir1/*.*
Hope this helps quick someone. Best of luck.
In my case I didn't run this command
sudo apt-get install php7.4-fpm
For me the problem was that any routes other than the base route were working, adding this line fixed my problem:
index index.php;
Full thing:
server {
server_name example.dev;
root /var/www/example/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I had the same problem, the logfile showed me this error:
2016/03/30 14:35:51 [error] 11915#0: *3 directory index of "path_scripts/viewerjs/" is forbidden, client: IP.IP.IP.IP, server: domain.com, request: "GET /scripts/viewerjs/ HTTP/1.1", host: "domain", referrer: "domain.com/new_project/do_update"
I am hosting a PHP app with codeignitor framework. When i wanted to view uploaded files i received a 403 Error
.
The problem was, that the nginx.conf
was not properly defined. Instead of
index index.html index.htm index.php
i only included
index index.php
I have an index.php in my root and i thought that was enough, i was wrong ;) The hint gave me NginxLibrary
You might get this because of Nginx policy (eg. "deny"), or you might get this because of Nginx misconfiguration, or you might get this because of filesystem restrictions.
You can determine if its the later (and possibly see evidence of a misconfiguration by using strace (except, the OP won't have access to that):
# pidof nginx
11853 11852
# strace -p 11853 -p 11852 -e trace=file -f
Process 11853 attached - interrupt to quit
Process 11852 attached - interrupt to quit
[pid 11853] stat("/var/www/html/kibanaindex.html", 0x7ffe04e93000) = -1 ENOENT (No such file or directory)
[pid 11853] stat("/var/www/html/kibana", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
^CProcess 11853 detached
Process 11852 detached
Here I'm inspecting the filesystem activity done by nginx while a ran a test (I had the same error as you).
Here's a selected part of my config at the time
location /kibana/3/ {
alias /var/www/html/kibana;
index index.html;
}
In my case, as strace quite clearly shows, the joining of in the "alias" to the "index" was not what I had expected, and it seems I need to get into the habit of always appending directory names with a /, so in my case, the following worked:
location /kibana/3/ {
alias /var/www/html/kibana/;
index index.html;
}
If you have directory indexing off, and is having this problem, it's probably because the try_files you are using has a directory option:
location / {
try_files $uri $uri/ /index.html index.php;
} ^ that is the issue
Remove it and it should work:
location / {
try_files $uri /index.html index.php;
}
TL;DR: This is caused because nginx will try to index the directory, and be blocked by itself. Throwing the error mentioned by OP.
try_files $uri $uri/
means, from the root directory, try the file pointed by the uri
, if that does not exists, try a directory instead (hence the /
). When nginx access a directory, it tries to index it and return the list of files inside it to the browser/client, however by default directory indexing is disabled, and so it returns the error "Nginx 403 error: directory index of [folder] is forbidden".
Directory indexing is controlled by the autoindex
option: https://nginx.org/en/docs/http/ngx_http_autoindex_module.html
location ~* \.php$ {
...
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
Change default
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
to
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
solved my problem.
I resolved my problem, if i configure like follow:
location = /login {
index login2.html;
}
It'll show the 403 error.
[error] 4212#2916: *2 directory index of "D:\path/to/login/" is forbidden
I've tried autoindex on
, but not working.
If i change my configure like this, it works.
location = /login/ {
index login2.html;
}
I think the exact matching, if it's a path should be a directory.
Source: Stackoverflow.com