403 after changing root, but permissions look correct
Adam Pearlman
adam at adampearlman.com
Sun Mar 23 15:48:49 UTC 2014
I've been struggling with this for a few hours.
I installed nginx 1.4.6 on Fedora 20. The test page displayed fine. I
changed the root, leaving all other configuration the same, and I get a 403
Forbidden error.
If I look at the permissions for the original test page and the new page,
they appear identical.
Working test page:
namei -om /usr/share/nginx/html/index.html
f: /usr/share/nginx/html/index.html
dr-xr-xr-x root root /
drwxr-xr-x root root usr
drwxr-xr-x root root share
drwxr-xr-x root root nginx
drwxr-xr-x root root html
-rw-r--r-- root root index.html
Not working:
namei -om /var/www/html/index.html
f: /var/www/html/index.html
dr-xr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-xr-x root root html
-rw-r--r-- root root index.html
The error log seems to be what I would expect as well:
2014/03/23 12:45:08 [error] 5490#0: *13 open() "/var/www/html/index.html"
failed (13: Permission denied), client: XXX.XX.XXX.XXX, server: localhost,
request: "GET /index.html HTTP/1.1", host: "
ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"
The Nginx config has "user nginx" - I tried using root and it made no
difference. I also made user ngnix the owner & group of the files, but that
didn't work. If I move the index file from /var/www/html to
/usr/share/nginx/html (the test file location) it works fine making me
suspect the path, but as I said, permissions appear correct.
Any help would be very much appreciated. Thanks!
- Adam
I've included the config file below just in case:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request"
'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html; ################THIS WORKS
#root /var/www/html; #####################THIS DOESN'T
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
}
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based
configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# location / {
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# root html;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# }
#}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140323/2a71f838/attachment.html>
More information about the nginx
mailing list