403 Forbidden response on a ubuntu + nginx + passenger server
This means you have no readable index file in /home/deploy/movieseat/current/public
.
So add it by making sure nginx user
has rights to read its content ... By default nginx user is nginx
. And you are putting rights to user root
and group deploy
. So make sure nginx user is added to deploy
group.
Remove this allow all;
directive, it has nothing to do with your issue.
Keep configuration from first update (try_files
).
Related videos on Youtube
Peter Boomsma
Updated on September 18, 2022Comments
-
Peter Boomsma over 1 year
I'm trying to deploy my Rails app on my Digital Ocean VPS but I'm getting a 403 when I visit the IP adres.
This is the output of my errorlog:
[ 2014-11-02 04:18:12.0511 23504/7f64e6a36780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '23503', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' } [ 2014-11-02 04:18:12.0628 23507/7f544fe55780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.23503/generation-0/request [ 2014-11-02 04:18:12.1029 23512/7fd0a6b6b7c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.23503/generation-0/logging [ 2014-11-02 04:18:12.1035 23504/7f64e6a36780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started! [ 2014-11-02 04:18:12.1191 23512/7fd0a6b6b7c0 agents/LoggingAgent/Main.cpp:289 ]: Caught signal, exiting... [ 2014-11-02 04:18:13.1537 23534/7f9940e05780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '23533', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' } [ 2014-11-02 04:18:13.1632 23537/7fa7dc711780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.23533/generation-0/request [ 2014-11-02 04:18:13.1788 23542/7fd3b4c307c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.23533/generation-0/logging [ 2014-11-02 04:18:13.1792 23534/7f9940e05780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started! [ 2014-11-02 04:40:54.6081 25129/7fd334fd9780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '25128', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' } [ 2014-11-02 04:40:54.6228 25132/7fe9a63c6780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.25128/generation-0/request [ 2014-11-02 04:40:54.6460 25137/7f157336b7c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.25128/generation-0/logging [ 2014-11-02 04:40:54.6464 25129/7fd334fd9780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started! 2014/11/02 04:40:55 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:40:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:41:57 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:41:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:41:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:43:10 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:43:11 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53" 2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
So it looks like the permission to
/home/deploy/movieseat/current/public/
isn't correct.I've used
sudo chown -R root:deploy public/
to change the permission. And this is the result when I check the permission now:deploy@movieseat:~/movieseat/current$ stat public File: 'public' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fd01h/64769d Inode: 1200531 Links: 3 Access: (0775/drwxrwxr-x) Uid: ( 0/ root) Gid: ( 1000/ deploy) Access: 2014-11-02 05:01:43.317270999 -0500 Modify: 2014-11-02 04:31:30.497270999 -0500 Change: 2014-11-02 05:01:43.317270999 -0500 Birth: -
I've restarted my NGINX but still I'm getting the 403. Could someone point out where the problem might be?
Update
sudo vim /etc/nginx/sites-enabled/default
server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /home/deploy/movieseat/current/public; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; # Uncomment to enable naxsi on this location # include /etc/nginx/naxsi.rules }
Update 2
stat current File: 'current' -> '/home/deploy/movieseat/releases/20141102093117' Size: 46 Blocks: 0 IO Block: 4096 symbolic link Device: fd01h/64769d Inode: 1200822 Links: 1 Access: (0777/lrwxrwxrwx) Uid: ( 1000/ deploy) Gid: ( 1000/ deploy) Access: 2014-11-02 04:39:56.921270999 -0500 Modify: 2014-11-02 04:31:39.601270999 -0500 Change: 2014-11-02 04:31:39.601270999 -0500
Update 3
stat 20141102093117
deploy@movieseat:~/movieseat/releases$ stat 20141102093117 File: '20141102093117' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fd01h/64769d Inode: 1200364 Links: 11 Access: (0775/drwxrwxr-x) Uid: ( 1000/ deploy) Gid: ( 1000/ deploy) Access: 2014-11-02 04:42:58.721270999 -0500 Modify: 2014-11-02 04:31:39.537270999 -0500 Change: 2014-11-02 04:31:39.537270999 -0500 Birth: -
Update 4
My passenger config
## # Phusion Passenger config ## # Uncomment it if you installed passenger or passenger-enterprise ## passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini; # passenger_ruby /usr/bin/ruby; passenger_ruby /home/deploy/.rbenv/shims/ruby; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*;
-
derdigge over 9 yearsplease show me your sites-enabled nginx config file.
-
Peter Boomsma over 9 yearsUpdated my question to show it. I think this is enough, the rest is commented out.
-
Navern over 9 yearsplease show permissions on your "current" directory. It should contain "x" permissions as well.
-
Peter Boomsma over 9 yearsUpdated my question which the results.
-
Navern over 9 yearsYour current directory is symlink. Try put disable_symlinks off; in your server configuration. Also please stat directory /home/deploy/movieseat/releases/20141102093117.
-
Xavier Lucas over 9 years@Navern It's off by default.
-
Peter Boomsma over 9 yearsI've added the
stat 20141102093117
to my question and addeddisable_symlinks_off
and restarted nginx to no effect. -
Navern over 9 years@XavierLucas yep, i know it. I see you have already solved this one. It's great. I always forget about IndexDirectory:)
-
-
Peter Boomsma over 9 yearsI've added the
allow all;
but it doesn't seem to do much. The 'deploy' user is running nginx. -
Xavier Lucas over 9 yearsAllow/Deny directives are used for ACLs, it has nothing to do with filesystem rights.
-
Peter Boomsma over 9 yearsWhen I go to the folder
/home/deploy/movieseat/current/public
and check it's content I get404.html 422.html 500.html assets favicon.ico robots.txt system
. I'm afraid I don't quite follow you. How do I add a index file by making sure nxing user has rights to read? -
Xavier Lucas over 9 years@PeterBoomsma So you set
index index.html index.htm;
but you have no index file in this folder ! Also, check nginx user in yournginx.conf
file and set adequate rights in this folder ... Postls -lh
output from there and your nginx.conf file content. Time to learn some basic concepts ! -
Peter Boomsma over 9 yearsMakes sence. I guess, I thought everything would go through the Rails route file. I've added a index.html to the public folder and that gets shown, so that's awesome. But rails doesn't have a index.html file, so how would I "fix" that?
-
Xavier Lucas over 9 years
-
Peter Boomsma over 9 yearsI´ve been following this guide : gorails.com/deploy/ubuntu/14.04 which also mentions passenger. I´ve installed passenger.
deploy@movieseat:~$ passenger -v Phusion Passenger version 4.0.53
I've updated the question with the nginx.conf Passenger part. -
Xavier Lucas over 9 years@PeterBoomsma Then follow the guide and open another question on what you get stuck on. You must try to get it work by yourself first. Also it's getting too chatty and we'll end up with update 153 in 10 minutes. Error cause found, question closed.
-
Peter Boomsma over 9 yearsYou're right. Thanks for helping to point out what the problem is.