Ownership and permissions for nginx local webserver
Solution 1
The issue I had was the configuration file for my virtual host and the permissions with my webserver root. These are my current, working configuration settings for anybody else struggling with similar problems:
nginx.conf
user yourusername staff;
worker_processes 1;
error_log logs/error.log;
error_log logs/error.log warn;
error_log logs/error.log notice;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
location / {
root /Users/yourusername/webserver;
autoindex on;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include servers/*;
}
servers/example
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name local.example.com;
root /Users/yourusername/webserver/example;
index index.php index.html index.htm;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Once these were set up properly, I then ran these commands to fix my permission errors in the webserver:
sudo chown -R yourusername /Users/yourusername/webserver
sudo chmod 755 /Users/yourusername/webserver/example
Don't forget to add 127.0.0.1 local.example.com
into your hosts file.
Solution 2
Checklist for the case:
- Ensure that 403 Forbidden caused by web server, not application scripts. For example make index.php looks like
echo 'hi there';
If the error still exists, then probably we have misconfigurated web server.
- Find out a reason of permission denied error, generated by web server. You can temporarly add this directive to your servers/example config (maybe right after server_name):
error_log /var/log/nginx/example.error.log warn
or even so
error_log /var/log/nginx/example.error.log notice
But according to your nginx.conf you're already done that, so check the log-file to find information about permissions related troubles.
Normally you should find there concrete description of problem - files invalid permission, socket invalid permissions or upstream troubles.
- Fix the error. This generally depends on what we had found on previous step.
a. Wrong permissions for files hosted on web server.
1) Who is who - determ web server user (nginx
by default) and owner and group for the site directory (/Users/nickcorin/webserver/example). Each parent directory (itself) should be (at least) executable (--x) for nginx
user (Users, nickcorin, and webserver).
2) While the example
dir and all of its content should also be readable (r-x). To achieve that you could use these commands:
# cd example
# find . -type d | xargs chmod 755
# find . -type f | xargs chmod 644
(doing this does not make files executable as sudo chmod -R 755 /Users/nickcorin/webserver does)
b. Upstream troubleshooting. Check that firewall (if any) is ok with your upstream php { server 127.0.0.1:9000; }
Note1. "Welcome to Nginx" html document usually stored in /usr/share/ that has required grants.
Note2. It's better to use some location in your system which you'll create and set all required access permissions manually for your environment rather then use user directories which come with 700 permission (and cause some additional step to setup permissions related stuff).
Note3. Remember that 403 Forbidden
is also responded when we have no index file in a directory.
Comments
-
Nick Corin almost 2 years
I'm having trouble setting up my local nginx environment. I've been reading countless tutorials online and everything seems to have jumbled my brain a little.
OS: OSX 10.11.4 El Capitan Nginx: 1.8.1 PHP-FPM: 5.5.31
My web root's file directory is as follows for now:
/webserver /webverver/phpinfo.php /webserver/example /webserver/example/index.php
I can access the default "Welcome to Nginx" page using curl or in a web browser accessing localhost. If I then browse I get the indexing of files, yet the PHP files will attempt to download rather than execute. If I try to access the example site that I have created at
local.example.com
(which I have added to my hosts file) then I get 403 Forbidden header return using curl and a nice, simple 'Access Denied' using the web browser.I'm not so clued up on file permissions and directory ownership, could someone advise as to how I should be configuring everything? I was advised to run the following command, but it changed nothing as of yet:
sudo chmod -R 755 /Users/nickcorin/webserver
There aren't any logs in my error log besides 'signal started' logs.
Here's my configuration at the moment:
nginx.conf
#user nobody; worker_processes 1; error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; tcp_nopush on; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; location / { root /Users/nickcorin/webserver; autoindex on; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } include servers/*; }
servers/example
upstream php { server 127.0.0.1:9000; } server { listen 80; root /Users/nickcorin/webserver/example; server_name local.example.com; index index.php index.html index.htm; autoindex on; location ~ \.php$ { try_files $uri $uri/ /index.php?$args ; index index.html index.htm index.php; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_intercept_errors on; include fastcgi_params; } }
** EDIT - NGINX Folder Permissions & Process Owners **
I ran
ls -la
on my log folder/usr/local/var/nginx
and this was the result:drwxr-xr-x 4 nickcorin admin 136 Apr 20 23:53 . drwxr-xr-x 5 nickcorin admin 170 Apr 20 21:47 .. -rw-r--r-- 1 root admin 4718 Apr 21 08:06 access.log -rw-r--r-- 1 nickcorin admin 480 Apr 21 10:28 error.log
And this was the result on my webserver root:
drwxr-xr-x 4 nickcorin staff 136 Apr 22 12:23 . drwx-----x+ 54 nickcorin staff 1836 Apr 22 10:01 .. drwxr-xr-x 3 nickcorin staff 102 Apr 20 22:14 example -rw-r--r--@ 1 nickcorin staff 23 Apr 19 11:58 info.php
This was the result of
ps aux | grep nginx
:root 756 0.0 0.0 2466616 480 ?? Ss 12:24PM 0:00.00 nginx: master process nginx nickcorin 759 0.0 0.0 2445080 820 s000 S+ 12:24PM 0:00.00 grep nginx nobody 757 0.0 0.0 2475832 1044 ?? S 12:24PM 0:00.00 nginx: worker process
** EDIT #2 - Virtual Host Config File **
I managed to fix my problem and things seem to be working smoothly now. I had to edit my Virtual Host configuration file to this:
server { listen 80; listen [::]:80 ipv6only=on; server_name local.example.com; root /Users/nickcorin/webserver/example; index index.php index.html index.htm; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
I also fixed my permissions with the following two lines:
sudo chown -R nickcorin /Users/nickcorin/webserver (Web Server Root) sudo chmod 755 /Users/nickcorin/webserver/example (Virtual Host Root)
Thank you to everyone that helped me figure this out :)
-
Nick Corin about 8 yearsWow! Thanks for the answer! :D 1. My index.php contains a phpinfo() echo already. 2. My error.log only contains entries of the nginx signal started. This should point towards a permission error like you said, I used
ps aux | grep nginx
and 'root' handled the nginx master process but 'nobody' handled the worker process. I will attempt the permission change though! Thank you so much for the answer. On the third note, I did see this - I have an index.php present in the website root and have turned autoindexing on just in case. -
Nick Corin about 8 yearsRunning the chmod commands didn't change anything, I have a feeling it has to do with the users and groups. 'Nobody' handles the nginx process. When I right click the 'example' folder and click get info it says that 'nickcorin' can read/write, staff can read and everybody can read. That's it.
-
Admin about 8 yearsIt will be more easier to find and fix problems if you fix file permissions for error_log and its directory. I guess that if worker processes are running under 'nobody' user there might be issues with logging. But I am not sure. You have to check permissions /var/log/nginx or wherever nginx logs are stored. If you want to get stuff working instantly - you're free to set 777 on nginx logs directory. But if you want to understand, what exactly is happened, then check if there are any issues with logging! :) Try to post some
ls -la
listings of nginx logs folder. -
Nick Corin about 8 yearsThanks @A.Efremov! I have listed some of my terminal outputs in the question. I don't think I'm fully understanding the permissions and ownership concept.
-
Nick Corin about 8 yearsSo, turns out I ended up fixing my error. I searched through every web tutorial I could find and edited my server config file. I'm not exactly sure how it fixed my errors, but this is the way I will configure my virtual hosts in the future. Thank you for all your help :) I will post my config file in the question.