Nginx: 403 Forbidden nginx/1.12.1 (Ubuntu)

Question

I've never before configured any production server, I'm trying to configure nginx and keep getting the 403 Forbidden error. I can't figure out the reason why it's happening.

Here is a complete error report:

    [crit] 25145#25145: *1 connect() to unix:/home/albert/deploy_test/django_env
/run/gunicorn.sock failed (13: Permission denied) while connecting to 
upstream, client: 192.168.1.118, server: 192.168.1.118, request: "GET / 
HTTP/1.1", upstream: "http://unix:/home/albert/deploy_test/django_env
/run/gunicorn.sock:/", host: "192.168.1.118"

Here is my /etc/nginx/sites-available/deployproject.conf:

(I removed the default config and created a symlink as follows: sudo ln -s /etc/nginx/sites-available/deployproject.conf /etc/nginx/sites-enabled/deployproject.conf)

upstream sample_project_server {
  # fail_timeout=0 means we always retry an upstream even if it failed
  # to return a good HTTP response (in case the Unicorn master nukes a
  # single worker for timing out).
  server unix:/home/albert/deploy_test/django_env/run/gunicorn.sock fail_timeout=0;
}

server {

    listen   80;
    server_name 192.168.1.118;

    client_max_body_size 4G;
    access_log /home/albert/logs/nginx-access.log;
    error_log /home/albert/logs/nginx-error.log;

    location /static/ {
        alias   /home/albert/static/;
    }

    location /media/ {
        alias   /home/albert/media/;
    }

    location / {

        # an HTTP header important enough to have its own Wikipedia entry:
        #   http://en.wikipedia.org/wiki/X-Forwarded-For
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


        # enable this if and only if you use HTTPS, this helps Rack
        # set the proper protocol for doing redirects:
        # proxy_set_header X-Forwarded-Proto https;

        # pass the Host: header from the client right along so redirects
        # can be set properly within the Rack application
        proxy_set_header Host $http_host;

        # we don't want nginx trying to do something clever with
        # redirects, we set the Host: header above already.
        proxy_redirect off;

        # set "proxy_buffering off" *only* for Rainbows! when doing
        # Comet/long-poll stuff.  It's also safe to set if you're
        # using only serving fast clients with Unicorn + nginx.
        # Otherwise you _want_ nginx to buffer responses to slow
        # clients, really.
        # proxy_buffering off;

        # Try to serve static files from nginx, no point in making an
        # *application* server like Unicorn/Rainbows! serve static files.
        if (!-f $request_filename) {
            proxy_pass http://sample_project_server;
            break;
        }
    }

    # Error pages
    error_page 500 502 503 504 /500.html;
    location = /500.html {
        root /home/albert/static/;
    }
}

Here is the complete tutorial I'm using to deploy my app. Here I'm just trying to deploy the most primitive,default django app but in my real app I'm using django as a serverside, so there seems to be no need for nginx to serve static and all that.

Answer 1

Have you taken a look at the gunicorn docs here which has example of how to configure nginx http://docs.gunicorn.org/en/stable/deploy.html

Can you try running gunicorn via TCP instead of unix socket, in your upstream sample_project_server replace server with: server 192.168.0.7:8000 fail_timeout=0; What are the settings in gunicorn? You can bind to localhost via TCP with the following, to check that it isn't a problem with your unix socket: --bind 127.0.0.1:8000

Answer 2

File Permissions. Incorrect file permissions are another cause of the "403 Forbidden" error. The standard setting of 755 for directories and 644 for files is recommended for use with NGINX. The NGINX user also needs to be the owner of the files

Try to change the permissions on your web dir

sudo chown -R albert:www-data /webdirectory
sudo chmod -R 0755 /webdirectory

Move all your sites inside the webdirectory do not leave the dir and files in your root home.