403 Forbidden Error Nginx - How to Solve

From Brian Nelson Ramblings
Revision as of 01:16, 4 July 2019 by Brian (Talk | contribs) (Incorrect Permissions)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

403 Forbidden Error Nginx - How to Solve

Fixing 403 Forbidden Nginx Errors

The "403 Forbidden" browser error is the most common error encountered when working with NGINX.

Learn more about what causes this NGINX error, how to locate the source of the error, and how to correct the underlying problem.

About the Error

"403 Forbidden" is an all-purpose NGINX error which indicates that you have asked for something that NGINX - for a variety of potential reasons - cannot deliver. "403" is actually an HTTP status code that means that the web server has received and understood your request, but that it cannot take any further action.

Fixing Nginx HTTP errors

Once you have the correct error log file, it’s time to watch for errors. In our experience, the best way to do this is by running a continuous stream of the error log in your shell screen using the tail utility.

tail -n0 -f /var/log/nginx/error.log

Once you’ve ran this command, tail will continuously output any newly appended content to the error.log as it comes in until you hit Control + C. We are running with zero lines, so this way we do not have any confusion when accessing the site that any output is new. If you are in a live environment you will want to grep out your ip address, so you only get your traffic.

tail -n0 -f /var/log/nginx/error.log | grep '192\.168\.2\.2'

Now, you will need to replicate the issue that you are getting. The error should be printed out right away after you replicate the issue. For example, if you have a 403 Forbidden error, then you should refresh the page that is causing the problem so that a new error log entry can be appended. Once that is done, you’ll see a new line in the error log which should hopefully lead you to the right path to fixing the issue. We’re going to cover a few of the most common issues below.

Incorrect Directory Settings

The error below can be caused by two different reasons: incorrect directory index or disallowed directory listing.

2019/06/31 15:03:43 [error] 29231#0: *2098806 directory index of "/usr/share/nginx/static/" is forbidden, client: 1.1.1.1, server: domain.com, request: "GET / HTTP/1.1", host: "domain.com" If you are trying to list all the files in a folder, you will get that error if the directory does not have directory listing enabled.

You can enable directory listing by adding the following line to your Nginx configuration, you can read more about this option here: http://nginx.org/en/docs/http/ngx_http_autoindex_module.html

autoindex on;

The other possibility for that error to come up is if your index setting is incorrect, so for example, you have a index.php file in that folder, however, your index setting is setup to index.htm and index.html. This means that only these files are checked if no specific file is provided. If you alter it to something like the following, your index.php file should work:

index index.htm index.html index.php;

Incorrect Permissions

The error below is generally caused by incorrect Unix permissions, you will need to make sure you have the correct permissions for the entire path.

2019/07/01 00:31:57 [error] 29231#0: *2115270 open() "/usr/share/nginx/static/forbidden" failed (13: Permission denied), client: 1.1.1.1, server: domain.com, request: "GET /forbidden HTTP/1.1", host: "domain.com"

As you see, the file that we are trying to access is /usr/share/nginx/static/forbidden. In order for Nginx to access it with no problems at all, Nginx must have read permissions for that specific file as well as execute for all the folders above it. This means that /, /usr, /usr/share, /usr/share/nginx and /usr/share/nginx/static must be executable by Nginx and the file /usr/share/nginx/static/forbidden must be readable by Nginx in this case.

Set File Ownership

Go to the directory above the website's document root. For example, if your website's document root is /usr/share/nginx/example.com go to /usr/share/nginx with the command:

cd /usr/share/nginx

Change the ownership of all the files from this point down to the nginx user with the command:

 chown -R nginx:nginx *
Set Permissions

Set the permissions of each directory at this location to 755 with the command:

chmod 2755 [directory name]

For example, to set the permissions of the briansnelsons.com directory, the command is:

chmod 2755 briansnelson.com

Then go to the web document root directory:

cd example.com

Change the permissions of all the files in this directory with the command:

chmod 644 *