403-forbidden: when nginx accesses static resource files (css,js,images)

created at 07-21-2021 views: 5

Bellow are four possibilities you should check to solve this problem.

1 check ports

There is no response for a long time when accessing the resource folder
When this problem occurred, I checked and found that the firewall port was not open:

$ firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Through the development of the port, the problem was solved:

$ firewall-cmd --add-port=80/tcp --permanent
$ firewall-cmd --reload
$ firewall-cmd --query-port=80/tcp
# Appears yes proving that the port is opened successfully

Access the resource file again, 403-forbidden appears

2 Authority of the static directory

Query the error log:

open() "/data/fiels/" failed (13: Permission denied), client: 192.168.31.1, server: 192.168.31.128, request: "GET /files HTTP/1.1", host: "192.168.31.128"

It shows that there is no permission, so I went to the resource folder and changed all folder permissions to 777 (there are two solutions here):

$ chmod -R 777 /data/files

3 nginx user privileges

normally, the user in nginx.conf should be the same as the user you are using to run your apps (also the owner of apps), it would be configured as:

user [username];

if it still not work, you can try to set the user as root:

$ vi nginx.conf 

user  root;   # Modify to root and default to nginx
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
   worker_connections  1024;
}

After solving the file permission problem, it still doesn't work:

*1 directory index of "/data/files/" is forbidden, client: 192.168.31.1, server: 192.168.31.128, request: "GET /files/ HTTP/1.1", host: "192.168.31.128"

4 check SELinux

$ getenforce
Enforcing # This indicates that the security policy has been enforced


$ vim /etc/selinux/config

SELINUX=disabled # Modify to disabled

after saving changes, you need to reboot your server (VPS), and remember to restart nginx and your application etc.

step 4 solved my problem on aws Lightsails instance

Please log in to leave a comment.