Reputation: 95
Why am I getting 403 Forbidden status codes for static files served via nginx / php-fpm?
I have a folder structure like this:
/usr/share/nginx/idevaffiliate/install/templates/bootstrap/css/bootstrap.css
I'm getting 403 responses when trying to access this and other static files via the webserver:
[30/Aug/2016:04:56:33 +0100] "GET /idevaffiliate/install/templates/bootstrap/css/bootstrap.css HTTP/1.1" 403 46 "http://example.com/idevaffiliate/install/install.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
Here is my nginx location directive:
location ~ ^/idevaffiliate/(images|javascript|js|css|flash|media|static)/ {
rewrite ^ https://$server_name$request_uri? permanent;
root /usr/share/nginx/;
expires 30d;
}
location ^~ /idevaffiliate {
root /usr/share/nginx/;
index index.html index.htm index.php;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include /etc/nginx/fastcgi.conf;
}
Folder permissions for all files and subdirectories:
[root@BTCUKSW001 nginx]# ls -la
total 20
drwxr-xr-x 12 nginx nginx 4096 Feb 3 2014 idevaffiliate
Excerpt from /etc/php-fpm.d/www.conf:
[www]
listen = /var/run/php5-fpm.sock
listen.allowed_clients = 127.0.0.1
listen.owner = nginx
listen.group = nginx
listen.mode = 0666
user = nginx
group = nginx
I have no idea why I'm having "access denied" problems with this. Can anyone tell me why and how to fix?
Upvotes: 1
Views: 945
Answers (1)
Reputation: 49702
You show two location blocks in your question. The first one looks like a redirect loop, but will never be entered because the second location block overrides it using the ^~ modifier. See this document for location block processing.
The reason you are receiving a 403 response for static files, is because you are asking php5-fpm to serve them. The fastcgi_pass directive in your location ^~ /idevaffiliate block sends all requests to php5-fpm, when it only wants to see PHP scripts.
There are a number of patterns available, but a common solution is to use a nested location to serve just the PHP files:
location ^~ /idevaffiliate {
root /usr/share/nginx;
index index.html index.htm index.php;
...
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include /etc/nginx/fastcgi.conf;
}
}
Upvotes: 3
Related Questions
- Nginx 403 forbidden for all files
- 403 error on PHP files with nginx, PHP-FPM and docker
- Nginx is throwing an 403 Forbidden on Static Files
- Access denied (403) for PHP files with Nginx + PHP-FPM
- Nginx static files 403 forbidden
- Nginx: 403 on static files (port 80 only)
- Static files served by Apache but not by Nginx
- Nginx giving 403 code for django static files
- Nginx / Django: Accessing static files results in 403 Forbidden
- NGINX: Returning 403 on .php files