Nginx in subdomain: If index is .html error 403 forbidden if index is .php is downloaded

http-status-code-403nginx

It only happens to me in a subdomain, in the rest it works well:

If the index its extension is htm or html gives error:

"403 forbidden"

If the index its extension is php tries to download.

Permissions within / srv / www are the same for all subdomains and they work.

I put the configuration conf:

server {
            ## Escucha en el puerto 80 (HTTP)
            listen 80;

            server_name musica.domain.com;

            location / {
                    return 301 https://$server_name$request_uri;
            }
}


server {
    ## Escucha en el puerto 443 (HTTPS)
    listen 443 ssl http2;

    server_name musica.domain.com;

    ## Certificados
    ssl_certificate /etc/letsencrypt/live/musica.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/musica.domain.com/privkey.pem;
    include snippets/ssl-params.conf;

    access_log  /var/log/nginx/musica_access.log;
    error_log   /var/log/nginx/musica_error.log;

    root /srv/www/sonerezh;

    index index.html index.htm index.php;

    location ~ /.well-known {
            allow all;
    }

    location / {
#              try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php/musica.sock;
            #fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_index index.php;
            include fastcgi_params;
    }
}

The nginx -T command shows me that you are actually reading the subdomain configuration file.

Subdomain access log:

195.16.143.6 - - [01/Jun/2017:09:16:29 +0200] "GET /favicon.ico HTTP/1.1" 404 143 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"
195.16.143.6 - - [01/Jun/2017:09:17:26 +0200] "GET / HTTP/1.1" 200 90 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"
195.16.143.6 - - [01/Jun/2017:10:09:59 +0200] "GET / HTTP/1.1" 200 90 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"
195.16.143.6 - - [01/Jun/2017:10:10:37 +0200] "GET / HTTP/1.1" 403 143 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"

Subdomain error log:

2017/06/01 09:16:29 [error] 3464#3464: *2295 open() "/srv/www/sonerezh/favicon.ico" failed (2: No such file or directory), client: 195.16.143.6, server: musica.domain.com, request: "GET /favicon.ico HTTP/1.1", host: "musica.domain.com"
2017/06/01 09:16:29 [error] 3464#3464: *2295 open() "/srv/www/sonerezh/favicon.ico" failed (2: No such file or directory), client: 195.16.143.6, server: musica.domain.com, request: "GET /favicon.ico HTTP/1.1", host: "musica.domain.com"
2017/06/01 10:10:37 [error] 3466#3466: *2350 directory index of "/srv/www/sonerezh/" is forbidden, client: 195.16.143.6, server: musica.domain.com, request: "GET / HTTP/1.1", host: "musica.domain.com"

nginx.conf:

user bichomen bichomen;

worker_processes auto;
worker_rlimit_nofile 2048;
#pcre_jit on;

pid /var/run/nginx.pid;

#                        [ debug | info | notice | warn | error | crit ]

error_log  /var/log/nginx.error_log  info;

events {
    worker_connections   2000;

    # use [ kqueue | epoll | /dev/poll | select | poll ];
    # use poll;
}


http {
    include mime.types;
    default_type application/octet-stream;


    log_format main      '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $bytes_sent '
                         '"$http_referer" "$http_user_agent" '
                         '"$gzip_ratio"';

    log_format download  '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $bytes_sent '
                         '"$http_referer" "$http_user_agent" '
                         '"$http_range" "$sent_http_content_range"';

    client_header_timeout  3m;
    client_body_timeout    3m;
    send_timeout           3m;

    client_header_buffer_size    1k;
    large_client_header_buffers  4 4k;

    gzip on;
    gzip_min_length  1100;
    gzip_buffers     4 8k;
    gzip_types       text/plain;

    output_buffers   1 32k;
    postpone_output  1460;

    sendfile         on;
    tcp_nopush       on;
    tcp_nodelay      on;
    send_lowat       12000;

    keepalive_timeout  75 20;

    #lingering_time     30;
    #lingering_timeout  10;
    #reset_timedout_connection  on;

    include sites-enabled/*.conf;
}

Permissions:

$ ls -l /srv/www/
drwxr-x--x  4 bichomen bichomen 4096 Jun  1 10:10 sonerezh

$ ls -l /srv/www/sonerezh/
-rw-rw-r-- 1 bichomen bichomen  90 Jun  1 09:15 index.html

With index.html

With index.php

Best Answer

Already solve all the problems that had with the installation of nginx:

https://github.com/Sonerezh/sonerezh/issues/305

Related Topic