403 nginx error - permissions denied

Question

I am getting 403 forbidden error when I try to access a domain using nginx. The nginx logs I get are:

[error] 13656#0: *4 "/var/www/example.com/www/index.php" is forbidden (13: Permission denied), client: 31.179.107.194, server: example.com, request: "GET / HTTP/1.1", host: "example.com"

/var/www/ has recursive 777 permissions. Sites-available config is:

#HTTP serve
#
server {
        listen   80;

        root /var/www/example.com/www/;
        index index.php index.html index.htm;

        server_name example.com;

        access_log /var/log/nginx/example.com.access.log combined buffer=1024k;
        error_log /var/log/nginx/example.com.error.log;

        client_max_body_size 128M;

        if (!-e $request_filename) {
                rewrite ^/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)/$ /index.php?controller=$1&action=$2 last;
        }

        location ~ \.php$ {
                if (!-f $document_root/$fastcgi_script_name){
                        return 404;
                }

                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                proxy_connect_timeout 600s;
                proxy_read_timeout 600s;
                include fastcgi_params;
        }

        location ~ /\.ht {
                deny all;
        }
}

nginx.conf contains user root; directive.

What's wrong?

Answer 1

One possible cause is that you are using SELinux. See Why does Nginx return a 403 even though all permissions are set properly?.

Also, setting user root is a security risk and is not recommended. Using an unprivileged user like 'www-data' or `nobody' is recommended, along with permissions that allow that user to access the minimal amount of data necessary.