dyserone dyserone - 1 year ago 256
Ruby Question

Rails, Passenger, Nginx, I get "403 Forbidden" but why?

I am trying to run my app through Passenger-Nginx on port 5000

On my browser I get '403 Forbidden' and on my nginx error log:

2016/07/12 17:52:12 [error] 28924#0: *1 directory index of
"/var/www/cava/public/" is forbidden, client: Y.Y.Y.Y, server:
cava, request: "GET / HTTP/1.1", host: "X.X.X.X:5000"

On passenger root I use what I get from passenger-config --root but whithout the rvm.
If I use the passenger root with rvm loaded I get passenger error, but is what I did here right?

For reference my app config and my nginx.conf:

My app config

server {

listen 5000;

listen [::]:5000;

server_name cava;

root /var/www/cava/public;
#try_files $uri/index.html $uri @app;

# Add index.php to the list if you are using PHP
#index index.html index.htm index.nginx-debian.html;

#location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;

My nginx.conf

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;

http {

passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /home/tasos/.rvm/rubies/ruby-2.3.0/bin/ruby;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

server {

passenger_enabled on;

listen 443 ssl;

root /usr/share/nginx/html;
index index.html index.htm;

ssl_certificate /etc/nginx/ssl/1_beast.smartupweb.com_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/smartup1.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#location / {
# try_files $uri $uri/ =404;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

Any help appreciated.

Answer Source

The error message stated:

directory index of "/var/www/cava/public/" is forbidden

which means that your folder has no index file, or the file that is to be treated as index.

I am not familiar with Passenger, but if you’ll try to put there index.html file with content <h1>Hello World</h1>, it will be likely shown.

The below is not directly related to this problem, but I’ll leave it here for the sake of consistency.

Solution 1

First, determine what user your nginx runs as

ps ueax|grep 'nginx: worker'|grep -v grep|cut -f1 -d' '
#⇒ www-data

or it might be nobody, but in your case it’s www-data according to your conf file.

Change permissions on /var/www/cava/public:

sudo chown -R www-data /var/www/cava/public

Retry, it should work now.

Solution 2

Make your nginx be running as your user. At the very top of conf change:

- user www-data:
+ user tasos;

The latter one is probably more handy for development.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download