Nginx Showing Welcome Page/403 Error instead of homepage

Question

I am using CentOs 6.8

Using CloudFlare DNS in Development Mode

Nginx shows welcome page, its picking up from

/usr/share/nginx/html

But not from:

/home/nginx/domains/XYZDomain.com/public/

In Directory:

/etc/nginx/conf.d

2 Configurations Files:

default.conf
virtual.conf

default.conf file output

# Main Local

server {
        listen 80;
        server_name localhost;
        root   /usr/share/nginx/html;
        index index.php index.html index.htm;


        location / {
                try_files $uri $uri/ =404;
        }

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/html;
        }

        #
        location ~ \.php$ {
                include fastcgi_params;
                #fastcgi_pass 127.0.0.1:9000;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        }

        location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
        }
        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }
        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

}

virtual.conf file output:

server {

            listen   80;
            #server_name  www.XYZDomain.com;
            # Now Changed to below withouth wwww.
            server_name  XYZDomain.com;
            rewrite ^/(.*) http://XYZDomain.com/$1 permanent;

            location / {

                        root   /home/nginx/domains/XYZDomain.com/public/;
                        index  index.html;

                        }

}

nginx.conf file in /etc/nginx/nginx.conf output

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    #default_type  application/octet-stream;
    #changed to text/html
    default_type text/html;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

All Directories with permissions.

ls -la /home/nginx/domains/XYZDomain.com

drwxr-s--- 6 root root 4096 Jul  1 12:54 .
drwxr-xr-x 3 root root 4096 Jul  2 14:44 ..
drwxr-s--- 2 root root 4096 Jun 30 15:58 backup
drwxr-s--- 2 root root 4096 Jun 30 15:58 log
drwxr-s--- 2 root root 4096 Jun 30 15:58 private
drwxr-sr-x 2 root root 4096 Jul  2 15:01 public

I have tried modifying default.php and virtual.conf file

Can Anyone can help me what's wrong in this? I am really confused and have wasted a whole day on this.

Are you missing a `server` for "XYZDomain.com"? You seem to redirect "www.XYZDomain.com" to "XYZDomain.com", which if pointed to this host will be handled by the `server` block in `default.conf`. — Richard Smith, Jul 02 '19 at 18:41
@RichardSmith I changed `server_name www.XYZDomain.com` to `server_name XYZDomain.com` in `virtual.conf`. Still, it's doing same. Sorry, I am new to this, I will try my best from what I understand. — Noorsimar, Jul 03 '19 at 02:24
changed `default_type application/octet-stream;` to `default_type text/html;` still same.. — Noorsimar, Jul 03 '19 at 05:27
A good debugging step would be to disable `default.conf` and hit it again. See if you get the expected page or something else, which will let you know if it's at least picking up your `virtual.conf` file. I'm sure you already know this, but since you mentioned you are new at this, be sure to reload nginx after making config changes. — patrick3853, Jul 03 '19 at 05:53
@patrick3853 https://stackoverflow.com/questions/19285355/nginx-403-error-directory-index-of-folder-is-forbidden/19302688 This helped me changing user in nginx.conf to root Though, I guess it can be harmful? — Noorsimar, Jul 03 '19 at 07:47
@Python I've added an answer based on your updates with examples to get it fixed. — patrick3853, Jul 03 '19 at 09:26

score 2 · Answer 1 · answered Jul 03 '19 at 09:23

2

It looks like this is a permissions problem. Nginx is running as the nginx user, but the files are owned by root and do not have global read permissions, meaning the nginx user cannot see them.

First, do not run ngninx as root! This is very bad. If someone compromises your site, they could potentially have root access to the server.

There are several approaches to solving this. This easiest is to simply change the owner of the files to nginx:

chown -R nginx:nginx /home/nginx/domains/XYZDomain.com

Of course, you will have to remember to do this for any new files you create

You can also change just the group for the file to nginx, and make them group readable:

chgrp -R nginx /home/nginx/domains/XYZDomain.com
chmod -R g+r /home/nginx/domains/XYZDomain.com

The second approach is a little more secure, because nginx does not have write permissions and can only read the files. However, this can cause other problems if you have scripts that need to dynamically create or edit files.

There is a lot more to get into regarding permissions and web servers, with lots of security implications, which is too much to get into here. You can find plenty of information on stackoverflow.com if you are curious.

answered Jul 03 '19 at 09:23

patrick3853

1,100
9
17

I always get ***403 Forbidden nginx/1.16.0*** On Changing user to **nginx** I did that to all the directories: ``` `sudo chown -R nginx:nginx /home/nginx/*` `sudo chown -R 0755 /home/nginx/*` `sudo chown -R nginx:nginx /home/nginx/domains/XYZDomain.com/*` `sudo chown -R 0755 /home/nginx/domains/XYZDomain.com/*` `sudo chown -R nginx:nginx /home/nginx/domains/XYZDomain.com/public/*` `sudo chown -R 0755 /home/nginx/domains/XYZDomain.com/public/*` Plus what you said too... – Noorsimar Jul 03 '19 at 10:36
On tail > tail -f /var/log/nginx/error.log `2019/07/03 10:25:12 [error] 26313#26313: *3 "/home/nginx/domains/XYZDomain.com/public/index.html" is forbidden (13: Permission denied), client: 142.111.2xx.1xx, server: www.XYZDomain.com, request: "GET / HTTP/1.1", host: "XYZDomain.com"` Checking **/etc/passwd** --x-- `nginx:x:498:498:nginx user:/var/cache/nginx:/sbin/nologin` --x-- Is something wrong in here? – Noorsimar Jul 03 '19 at 10:38
Selinux is Disabled – Noorsimar Jul 03 '19 at 16:16
1

Yes, you are confusing `chown` and `chmod`. The `chown 0755` you ran tried to set the owner to the user id of 0755, which probably doesn't exist. If you want to change permissions (which is different from ownership) you use `chmod` – patrick3853 Jul 03 '19 at 20:28
1

@Python Honestly, it looks like your permissions are all jacked up. I imagine `/home/nginx` is the home directory for the `nginx` user, in which case `nginx` would typically be the owner of all those files. I'm guessing you created the `domains/*` directory as `root`, which is why `root` became the owner. Try running **just** `chown -R nginx:nginx /home/nginx` and then try it again. – patrick3853 Jul 03 '19 at 23:26
What I did was, I transferred all the domain files into `/var/www/html/DOMAIN.com/public` and changed `virtual.conf` file root directory accordingly. Now it is working fine. Is there anything else, I can/should/must do? Thanks for everything. – Noorsimar Jul 04 '19 at 03:26
1

This is a good solution. In fact, I prefer placing my root directories in `/var/www` instead of `/home` due to more restrictive permissions in the `/home` directory. There is certainly more you can do, but for a simple website, you shouldn't need to do anything else. – patrick3853 Jul 04 '19 at 03:32
Exactly! plus there are many other things one must have to consider in order to reach that solution. Thanks for your support. – Noorsimar Jul 04 '19 at 03:48

score 0 · Answer 2 · answered Jul 03 '19 at 07:51

0

Nginx 403 error: directory index of [folder] is forbidden

Changing User in /etc/nginx/nginx.conf from nginx to root

helped...

is it harmful? or security risk? Now thats a question...

Thanks StackOverFlow & Thanks Community

Love

answered Jul 03 '19 at 07:51

Noorsimar

120
1
2
8

score 0 · Accepted Answer · answered Jul 04 '19 at 03:41

One way was to change user to root but it's harmful.

Second is to Transfer all the domain files into

/var/www/html/XYZDomain.com/public Instead of /home/nginx/domains/XYZDomain.com/public/

and changed virtual.conf(in conf.d directory) file from root /home/nginx/domains/XYZDomain.com/public; to root /var/www/html/XYZDomain.com/public

Things to take care of is:

Check of extra useless Spaces
Copied code from the web can cause problems
Always run nginx -T to check for errors
Always Restart Nginx before testing service nginx restart
Running tail -f /var/log/nginx/error.log to check latest error logs
Make sure your web directory has access permissions
Toggle SELinux, It can cause issues.

Nginx Showing Welcome Page/403 Error instead of homepage

3 Answers3