Nginx serve static file and got 403 forbidden

nginx uwsgi
isaacselement picture isaacselement · May 29, 2013 · Viewed 81k times · Source

Just want to help somebody out. yes ,you just want to serve static file using nginx, and you got everything right in nginx.conf:

location /static {
       autoindex on;
       #root /root/downloads/boxes/;
       alias /root/downloads/boxes/;
      }

But , in the end , you failed. You got "403 forbidden" from browser...

----------------------------------------The Answer Below:----------------------------------------

The Solution is very Simple:

Way 1 : Run nginx as the user as the '/root/downloads/boxes/' owner

In nginx.conf : 

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;

YES, in the first line "#user noboy;" , just delete "#" , and change "nobody" to your own username in Linux/OS X, i.e change to "root" for test. The restart nginx.

Attention , You'd better not run nginx as root! Here just for testing, it's dangerous for the Hacker.

For more reference , see nginx (engine X) – What a Pain in the BUM! [13: Permission denied]

Way 2 : Change '/root/downloads/boxes/' owner to 'www-data' or 'nobody'

In Terminal:

ps aux | grep nginx

Get the username of running nginx . It should be 'www-data' or 'nobody' determined by the version of nginx. Then hit in Terminal(use 'www-data' for example):

chown -R www-data:www-data /root/downloads/boxes/

------------------------------One More Important Thing Is:------------------------------

These parent directories "/", "/root", "/root/downloads" should give the execute(x) permission to 'www-data' or 'nobody'. i.e.

ls -al /root
chmod o+x /root
chmod o+x /root/downloads

For more reference , see Resolving "403 Forbidden" error and Nginx 403 forbidden for all files

Answer

gitaarik picture gitaarik · May 29, 2013

You should give nginx permissions to read the file. That means you should give the user that runs the nginx process permissions to read the file.

This user that runs the nginx process is configurable with the user directive in the nginx config, usually located somewhere on the top of nginx.conf:

user www-data

http://wiki.nginx.org/CoreModule#user

The second argument you give to user is the group, but if you don't specify it, it uses the same one as the user, so in my example the user and the group both are www-data.

Now the files you want to serve with nginx should have the correct permissions. Nginx should have permissions to read the files. You can give the group www-data read permissions to a file like this:

chown :www-data my-file.html

http://linux.die.net/man/1/chown

with chown you can change the user and group owner of a file. In this command I only change the group, if you would change the user too you would specify the username BEFORE the colon, like chown www-data:www-data my-file.html. But setting the group permissions correct should be enough for nginx to be able to read the file.

Related questions

Possible reason for NGINX 499 error codes

I'm getting a lot of 499 NGINX error codes. I see that this is a client side issue. It is not a problem with NGINX or my uWSGI stack. I note the correlation in uWSGI logs when a get a 499. address …

Read More
Permission denied - nginx and uwsgi socket

Well I am currently trying to get my django application served using nginx and uwsgi. I am currently using a virtual environment to which uwsgi is installed. However I am currently getting a 502 bad gateway error when attempting to access …

Read More
Error: upstream prematurely closed connection while reading response header from upstream [uWSGI/Django/NGINX]

I am currently ALWAYS getting a 502 on a query my users are doing... which usually returns 872 rows and takes 2.07 to run in MySQL. It is however returning a LOT of information. (Each row contains a lot of stuff). Any ideas? …

Read More