Nginx with php-fpm returns 403 when navigating to site

I have set up a server block for my site running on Nginx on a CentOS 7 VPS.

When I try and navigate to my website, I get a 403 Forbidden error. This is apparently a common issue, but I couldn't relate to the answers I came across:

Nginx and PHP-FPM 403 Forbidden

Here is the default nginx configuration:

server {
    listen       80;
    server_name  <my server ip>;
    root /var/www/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
    error_page 404 /404.html;
    error_page 500 502 503 504  /50x.html;
    location = /50x.html {
        root   /var/www/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

}

Here is the .conf for my site:

server {
  listen 80;
  server_name nativeleaf.co.uk www.nativeleaf.co.uk;
  access_log /var/www/html/nativeleaf.co.uk/access.log combined;
  root /var/www/html/nativeleaf.co.uk;

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}

And here is the config for php-fpm:

; Start a new pool named 'www'.
[www]

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses on a
;                            specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php-fpm.sock

; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1

; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
listen.allowed_clients = 127.0.0.1

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0666
listen.owner = nginx
listen.group = nginx
listen.mode = 0750

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

Logs Check

When I do a tail error.log on the Nginx logs, I see this:

2018/04/26 14:54:01 [error] 12616#12616: *46 directory index of "/usr/share/nginx/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "nativeleaf.co.uk"
2018/04/26 14:54:02 [error] 12616#12616: *46 directory index of "/usr/share/nginx/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "nativeleaf.co.uk"
2018/04/26 14:54:03 [error] 12616#12616: *46 directory index of "/usr/share/nginx/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "nativeleaf.co.uk"
2018/04/26 15:12:00 [error] 13495#13495: *5 "/usr/share/nginx/html/nativeleaf.co.uk/what-is-yerba-mate/index.html" is not found (2: No such file or directory), client: 194.28.51.189, server: nativeleaf.co.uk, request: "GET /what-is-yerba-mate/ HTTP/1.0", host: "www.nativeleaf.co.uk", referrer: "https://www.nativeleaf.co.uk/what-is-yerba-mate/"
2018/04/26 15:15:43 [error] 14163#14163: *7 directory index of "/var/www/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "www.nativeleaf.co.uk"
2018/04/26 15:15:44 [error] 14163#14163: *7 directory index of "/var/www/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "www.nativeleaf.co.uk"
2018/04/26 15:15:44 [error] 14163#14163: *7 directory index of "/var/www/html/nativeleaf.co.uk/" is forbidden, client: 31.205.255.43, server: nativeleaf.co.uk, request: "GET / HTTP/1.1", host: "www.nativeleaf.co.uk"

The permissions are as follows on the folder:

drwxr-xr-x. 7 nginx  nginx   4096 Mar 26 07:07 nativeleaf.co.uk

As for the files inside, the permissions are:

-rw-r--r--.  1 nginx  nginx       418 Mar 23 11:39 index.php

Best Answer

You server section for nativeleaf.co.uk doesn't define how to handle PHP files so it looks for index.html and as it doesn't exist fails with directory index forbidden error. The server section which you call default handles only requests with direct IP access and its settings have no effect on another server section.

Best Answer

Related Solutions

Nginx – Why WordPress Loads Blank Pages on Nginx and PHP-FPM

Nginx not able to connect to php-fpm socket

Related Topic