Nginx is throwing an 403 Forbidden on Static Files

Question

I have a django app, python 2.7 with gunicorn and nginx.

Nginx is throwing a 403 Forbidden Error, if I try to view anything in my static folder @:

/home/ubuntu/virtualenv/myapp/myapp/homelaunch/static

nginx config(/etc/nginx/sites-enabled/myapp) contains:

server {
        listen       80;
        server_name     *.myapp.com;
        access_log /home/ubuntu/virtualenv/myapp/error/access.log;
        error_log /home/ubuntu/virtualenv/myapp/error/error.log warn;
        connection_pool_size 2048;

        fastcgi_buffer_size 4K;
        fastcgi_buffers 64 4k;

        root /home/ubuntu/virtualenv/myapp/myapp/homelaunch/;

        location /static/ {
            alias /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/;
        }

        location / {
            proxy_pass http://127.0.0.1:8001;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
        }
    }

error.log contains:

2013/11/24 23:00:16 [error] 18243#0: *277 open() "/home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/img/templated/home/img.png" failed (13: Permission denied), client: xx.xx.xxx.xxx, server: *.myapp.com, request: "GET /static/img/templated/home/img2.png HTTP/1.1", host: "myapp.com", referrer: "http://myapp.com/"

access.log contains

xx.xx.xx.xxx - - [24/Nov/2013:23:02:02 +0000] "GET /static/img/templated/base/animg.png HTTP/1.1" 403 141 "http://myapp.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:25.0) Gecko/20100101 Firefox/25.0"
xx.xx.xx.xxx - - [24/Nov/2013:23:02:07 +0000] "-" 400 0 "-" "-"

I tried just viewing say a .css file in /static/ and it throws an error like this in source:

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.1.19</center>
</body>
</html>

Answer 1

Fix 403 error with Django static files on Ubuntu server.

1. Run this -> gpasswd -a www-data your_proj_username

2. Reload nginx -> nginx -s reload

3. Check chmod for your dirs: /home, /home/proj_dir, /home/proj_dir/static

• Run this - stat --format '%a' /home . Result must be 755
• Run this - stat --format '%a' /home/your_proj_dir/static . Result must be 755
• Run this - stat --format '%a' /home/your_proj_dir . Result must be 750

4. If you have different values you can try to change this:

• sudo chmod 755 /home
• sudo chmod 755 /home/your_proj_dir/static
• sudo chmod 750 /home/your_proj_dir

5. Reload you project-server. This solve all permission errors

Answer 2

The best solution in that case would be to add www-data to username group:

gpasswd -a www-data username

For your changes to work, restart nginx

nginx -s reload

Answer 3

I had the same issue no long ago. It might be a combination of factors. I found how to fix 403 access denied by replacing the user in the nginx.conf file.

• I deployed my website on an ubuntu server using Digital Ocean.
• I created a new user on my new ubuntu server and give admin priviliges

    adduser newuser

    usermod -aG sudo newuser 

• I updated my new server and installed few packages

    sudo apt update

    sudo apt install python3-pip python3-dev libpq-dev postgresql postgresql-contrib nginx curl 

• I followed all this beautiful instruction on how to deploy your site on Digital Ocean
• Since I changed the user and I ssh into my new server using this new user, I need to replace the user on the nginx.conf. By default nginx.conf user is www-data:

    user www-data;

    worker_processes auto;

    pid /run/nginx.pid;

Then I replaced with my sudo user and solved my problem. 😀

    user newuser;

    worker_processes auto;

    pid /run/nginx.pid;

• Then I restart nginx, gunicorn and postgresql(even if the last one it is not really necessary)

    sudo systemctl restart nginx 

    sudo systemctl restart gunicorn

    sudo systemctl restart postgresql

And tada.. :) no more issue.

Answer 4

It seems the web server user doesn't have read permissions to the static files. You can solve this in 2 ways:

1. (easiest, safer) run the nginx as you app user instead of default nginx user. To do this, add the following in nginx.conf

   user your_app_user
   

   Replace your_app_user with appropriate unix username for your app. In this case the your_app_user already has necessary permissions to the static content.

2. Another way would be to to grant permissions for the web server user to the static dir.

Answer 5

MacOs El Capitan: At the top of nginx.conf write user username group_name

My user name is Kamil so i write:

user Kamil staff;

(word 'staff' is very important in macOS). This do the trick. After that you don't need to change any permission in your project folder and files.

Answer 6

Try specifying a user at the top of your nginx.conf, above the server section.

user www-data;

Answer 7

The minimum fix that worked for me is:

sudo chmod -R 664 /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/
sudo chmod -R a+X /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/

(BTW, in my case the static folder is called collected_static)

Answer 8

After hours upon hours following so many articles, I ran across : http://nicholasorr.com/blog/2008/07/22/nginx-engine-x-what-a-pain-in-the-bum/

which had a comment to chmod the whole django app dir, so I did:

sudo chmod -R myapp

This fixed it. Unbelievable!

Thanks to those who offered solutions to fix this.

Answer 9

It appears the user nginx is running as (nginx?) is missing privileges to read the local file /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/img/templated/home/img.png. You probably wanna check file permissions as well as permissions on the directories in the hierarchy.