403 after changing root, but permissions look correct
Adam Pearlman
adam at adampearlman.com
Mon Mar 24 14:31:39 UTC 2014
Turns out this was my fault. I was using "sudo service nginx start" instead
of just "sudo nginx."
On Sun, Mar 23, 2014 at 5:35 PM, Steve Holdoway <steve at greengecko.co.nz>wrote:
> Having just had a similar problem with migrating a MySQL database, I
> suggest that you check whether SELinux/Apparmor is running.
>
> Why prople think it's ok to use a program that can be switched off in an
> instant to improve their 'security' is and always will be a mystery to
> me!
>
> Cheers,
>
> Steve
>
> On Sun, 2014-03-23 at 11:48 -0400, Adam Pearlman wrote:
> > I've been struggling with this for a few hours.
> >
> > I installed nginx 1.4.6 on Fedora 20. The test page displayed fine. I
> > changed the root, leaving all other configuration the same, and I get
> > a 403 Forbidden error.
> >
> > If I look at the permissions for the original test page and the new
> > page, they appear identical.
> >
> > Working test page:
> > namei -om /usr/share/nginx/html/index.html
> > f: /usr/share/nginx/html/index.html
> > dr-xr-xr-x root root /
> > drwxr-xr-x root root usr
> > drwxr-xr-x root root share
> > drwxr-xr-x root root nginx
> > drwxr-xr-x root root html
> > -rw-r--r-- root root index.html
> >
> > Not working:
> > namei -om /var/www/html/index.html
> > f: /var/www/html/index.html
> > dr-xr-xr-x root root /
> > drwxr-xr-x root root var
> > drwxr-xr-x root root www
> > drwxr-xr-x root root html
> > -rw-r--r-- root root index.html
> >
> > The error log seems to be what I would expect as well:
> > 2014/03/23 12:45:08 [error] 5490#0: *13 open()
> > "/var/www/html/index.html" failed (13: Permission denied), client:
> > XXX.XX.XXX.XXX, server: localhost, request: "GET /index.html
> > HTTP/1.1", host: "ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"
> >
> >
> > The Nginx config has "user nginx" - I tried using root and it made no
> > difference. I also made user ngnix the owner & group of the files, but
> > that didn't work. If I move the index file from /var/www/html
> > to /usr/share/nginx/html (the test file location) it works fine making
> > me suspect the path, but as I said, permissions appear correct.
> >
> >
> > Any help would be very much appreciated. Thanks!
> >
> >
> > - Adam
> >
> >
> > I've included the config file below just in case:
> >
> >
> > # For more information on configuration, see:
> > # * Official English Documentation: http://nginx.org/en/docs/
> > # * Official Russian Documentation: http://nginx.org/ru/docs/
> >
> > user nginx;
> > worker_processes 1;
> >
> > error_log /var/log/nginx/error.log;
> > #error_log /var/log/nginx/error.log notice;
> > #error_log /var/log/nginx/error.log info;
> >
> > pid /run/nginx.pid;
> >
> > events {
> > worker_connections 1024;
> > }
> >
> > http {
> > include /etc/nginx/mime.types;
> > default_type application/octet-stream;
> >
> > log_format main '$remote_addr - $remote_user [$time_local]
> > "$request" '
> > '$status $body_bytes_sent "$http_referer" '
> > '"$http_user_agent" "$http_x_forwarded_for"';
> >
> > access_log /var/log/nginx/access.log main;
> >
> > sendfile on;
> > #tcp_nopush on;
> >
> > #keepalive_timeout 0;
> > keepalive_timeout 65;
> >
> > #gzip on;
> >
> > # Load modular configuration files from the /etc/nginx/conf.d
> > directory.
> > # See http://nginx.org/en/docs/ngx_core_module.html#include
> > # for more information.
> > include /etc/nginx/conf.d/*.conf;
> >
> > index index.html index.htm;
> >
> > server {
> > listen 80;
> > server_name localhost;
> > root /usr/share/nginx/html; ################THIS WORKS
> > #root /var/www/html; #####################THIS DOESN'T
> >
> > #charset koi8-r;
> >
> > #access_log /var/log/nginx/host.access.log main;
> >
> > location / {
> > }
> >
> > # redirect server error pages to the static page /40x.html
> > #
> > error_page 404 /404.html;
> > location = /40x.html {
> > }
> >
> > # redirect server error pages to the static page /50x.html
> > #
> > error_page 500 502 503 504 /50x.html;
> > location = /50x.html {
> > }
> >
> > # proxy the PHP scripts to Apache listening on 127.0.0.1:80
> > #
> > #location ~ \.php$ {
> > # proxy_pass http://127.0.0.1;
> > #}
> >
> > # pass the PHP scripts to FastCGI server listening on
> > 127.0.0.1:9000
> > #
> > #location ~ \.php$ {
> > # root html;
> > # fastcgi_pass 127.0.0.1:9000;
> > # fastcgi_index index.php;
> > # fastcgi_param SCRIPT_FILENAME /scripts
> > $fastcgi_script_name;
> > # include fastcgi_params;
> > #}
> >
> > # deny access to .htaccess files, if Apache's document root
> > # concurs with nginx's one
> > #
> > #location ~ /\.ht {
> > # deny all;
> > #}
> > }
> >
> > # another virtual host using mix of IP-, name-, and port-based
> > configuration
> > #
> > #server {
> > # listen 8000;
> > # listen somename:8080;
> > # server_name somename alias another.alias;
> > # root html;
> >
> > # location / {
> > # }
> > #}
> >
> >
> > # HTTPS server
> > #
> > #server {
> > # listen 443;
> > # server_name localhost;
> > # root html;
> >
> > # ssl on;
> > # ssl_certificate cert.pem;
> > # ssl_certificate_key cert.key;
> >
> > # ssl_session_timeout 5m;
> >
> > # ssl_protocols SSLv2 SSLv3 TLSv1;
> > # ssl_ciphers HIGH:!aNULL:!MD5;
> > # ssl_prefer_server_ciphers on;
> >
> > # location / {
> > # }
> > #}
> >
> > }
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
> --
> Steve Holdoway BSc(Hons) MIITP
> http://www.greengecko.co.nz
> Linkedin: http://www.linkedin.com/in/steveholdoway
> Skype: sholdowa
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140324/e66b5ae9/attachment-0001.html>
More information about the nginx
mailing list