Nginx 403 forbidden under Debian 7

debiannginx

I encounter a 403 forbidden error on my laptop with Debian 7

file permission is 775: chmod 775 -R /var/www

nginx error log shows:

2013/07/05 16:27:06 [error] 7351#0: *12 directory index of
"/var/www/install/" is forbidden, client: 127.0.0.1, server:
localhost, request: "GET /install/ HTTP/1.1", host: "localhost"

phpinfo works fine

hereby my configuration:

1, /etc/nginx/nginx.conf

user www-data;

worker_processes 1;

pid /var/run/nginx.pid;

events {
worker_connections 768;
# multi_accept on; }

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*; }

2, /etc/nginx/sites-enabled/default

server {
listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
#root /usr/share/nginx/www;
root /var/www;
index index.html index.php;

# Make site accessible from http://localhost/
server_name localhost;
server_name_in_redirect off;

location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        # try_files $uri $uri/ /index.html;
        try_files $uri $uri/ /index.php?$args;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
}

location /doc/ {
        alias /usr/share/doc/;
        autoindex on;
        allow 127.0.0.1;
        allow ::1;
        deny all;
}

# Rewrite for Fork CMS  
location ~ ^/(backend|install|api(/\d.\d)?(/client)?).*.php$ {
# backend/install/api are existing dirs, but should all pass via the front try_files $uri $uri/ /index.php?$args; }

location ~ ^(.+.php)(.*)$ { include fastcgi_params; fastcgi_pass
127.0.0.1:9000; fastcgi_index index.php; }
# gzip  
gzip on;
gzip_disable "MSIE [1-6].(?!.*SV1)"; # disables gzip compression for browsers that don't support it (in this case MS
Internet Explorer before version 6 SV1). gzip_http_version 1.1;
gzip_vary on; # This sets the response header Vary: Accept-Encoding.
Some proxies have a bug in that they serve compressed content to
browsers that don't support it. By setting the Vary: Accept-Encoding
header, you instruct proxies to store both a compressed and
uncompressed version of the content. gzip_comp_level 6; gzip_proxied
any; gzip_types text/plain text/css application/json
application/x-javascript text/xml application/xml application/xml+rss
text/javascript application/javascript text/x-js ; gzip_buffers 16
8k;
# client caching  location ~   \.(css|js|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|swf|tar|tif|tiff|wav|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$
{ expires 31d; add_header Pragma "public"; add_header Cache-Control
"public, must-revalidate, proxy-revalidate"; }

# End of Fork

Best Answer

Your issue is that http://localhost/install passes by the second rule of the try_files which is $uri/ so it tries to access install as a folder, but you don't have autoindex on, so it fails with a forbidden error.

try_files $uri $uri/ /index.php?$args;

I suggest removing the $uri/ part.

try_files $uri /index.php?$args;

Related Solutions

Node.js + Nginx – What now

Nginx works as a front end server, which in this case proxies the requests to a node.js server. Therefore you need to setup an nginx config file for node.

This is what I have done in my Ubuntu box:

Create the file yourdomain.com at /etc/nginx/sites-available/:

vim /etc/nginx/sites-available/yourdomain.com

In it you should have something like:

# the IP(s) on which your node server is running. I chose port 3000.
upstream app_yourdomain {
    server 127.0.0.1:3000;
    keepalive 8;
}

# the nginx server instance
server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;
    access_log /var/log/nginx/yourdomain.com.log;

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options
    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;

      proxy_pass http://app_yourdomain/;
      proxy_redirect off;
    }
 }

If you want nginx (>= 1.3.13) to handle websocket requests as well, add the following lines in the location / section:

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

Once you have this setup you must enable the site defined in the config file above:

cd /etc/nginx/sites-enabled/ 
ln -s /etc/nginx/sites-available/yourdomain.com yourdomain.com

Create your node server app at /var/www/yourdomain/app.js and run it at localhost:3000

var http = require('http');

http.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/plain'});
    res.end('Hello World\n');
}).listen(3000, "127.0.0.1");
console.log('Server running at http://127.0.0.1:3000/');

Test for syntax mistakes:

nginx -t

Restart nginx:

sudo /etc/init.d/nginx restart

Lastly start the node server:

cd /var/www/yourdomain/ && node app.js

Now you should see "Hello World" at yourdomain.com

One last note with regards to starting the node server: you should use some kind of monitoring system for the node daemon. There is an awesome tutorial on node with upstart and monit.

Best Answer

Related Solutions

Node.js + Nginx – What now

Related Topic