CODEWITHSUNDEEP
nginxcentos7
cloud_cloud
cloud_cloud

Reputation: 2189

How to set up Nginx correctly when 403 Forbidden on CentOS 7?

On CentOS 7

/etc/hosts:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.1  app1

Installed Nginx from package:

yum install nginx

In /etc/nginx/nginx.conf:

# ...
include /etc/nginx/conf.d/*.conf;

server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}
# ...

Created a new file under /etc/nginx/sites-available/ named myapp:

upstream app {
    # Path to Unicorn SOCK file, as defined previously
    server unix:///home/deploy/myapp/tmp/sockets/unicorn.sock;
}

server {
    listen 192.168.0.1:80;
    server_name app1;

    # Application root, as defined previously
    root /home/deploy/myapp/public;

    try_files $uri/index.html $uri @app;

    location @app {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass http://app;
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;
}

Link it to /etc/nginx/sites-enabled/:

cd /etc/nginx/sites-enabled/
ln -s ../sites-available/myapp

Restart nginx:

service nginx restart

Then try to access url:

curl 192.168.0.1

Got error:

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.10.2</center>
</body>
</html>

I removed default index.html file under /usr/share/nginx/html path, so it got 403 Forbidden.

Nginx error log /var/log/nginx/error.log:

2017/07/25 03:35:59 [error] 8200#0: *1 directory index of "/usr/share/nginx/html/" is forbidden, client: 192.168.0.2, server: _, request: "GET / HTTP/1.1", host: "192.168.0.1"

Why it accessed default /usr/share/nginx/html/ path, but not new added myapp under /etc/nginx/sites-enabled/ directory?

Upvotes: 2

Views: 10482

Answers (2)

cloud_cloud
cloud_cloud

Reputation: 2189

The real problem is, the OS distribution version and package version, makes software different.

Attention: It's CentOS 7.3!

The method I used to install nginx was:

yum update
yum install epel-release
yum install nginx

Then, the nginx version maybe a little different from others like package on Ubuntu. So the usage is not the same, too.

Its directory is:

/etc/nginx/nginx.conf
/etc/nginx/conf.d/
# Notice, there aren't these directories exist!
/etc/nginx/sites-available/
/etc/nginx/sites-enabled/

So the usage is different and the following is necessary!

First, comment out the default setting in /etc/nginx/nginx.conf:

#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#   }

Second, create the new config for application under /etc/nginx/conf.d/:

# File Name: rails.conf
upstream app {
    # Path to Unicorn SOCK file, as defined previously
    server unix:/home/deploy/myapp/tmp/sockets/unicorn.sock fail_timeout=0;
}

server {
    listen 192.168.0.1:80;
    server_name app1;

    # Application root, as defined previously
    root /home/deploy/myapp/public;

    try_files $uri/index.html $uri @app;

    location @app {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-FORWARDED_PROTO https;
        proxy_pass http://app;
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;
  }

If exist default.conf under /etc/nginx/conf.d/, remove it.

Third, check syntax and restart nginx:

nginx -t
service nginx restart

It will access the path pointed to /home/deploy/myapp/public when run curl 192.168.0.1.

Upvotes: 1

dhia
dhia

Reputation: 370

The error your getting is saying that nginx is not able to access the index folder of /usr/share/nginx/html/ this is happening when it hot the tryfile @app directive in the app.conf.the reason for that is that by default nginx have autoindex off; that mean if you request a / path it will not allowed on a try_file. see: autoindex

in your case you need to add autoindex on; directive in the server before the try_file directive.

Upvotes: 0

Related Questions