I have Nginx installed with PHP-FPM ( php 7.2) on a CentOS 7
I created a new account with name deploy
I added deploy to group deploy, added deploy to group Nginx
I created a folder in deploy's home web/public, then set permission 777 -R web/public/
then I changed user = deploy, group = deploy in /etc/opt/remi/php72/php-fpm.d/www.conf
SELinux disabled
My problem is:
- I can run php, but cannot access static file ( css, js... ) via browser
This is an error message:
- 19/04/27 22:51:22 [error] 4165#0: *1601 open() "/home/deploy/web/public/robots.txt" failed (13: Permission denied), client: 216.244.66.xxx, server: _, request: "GET /robots.txt HTTP/1.1", host: "domain.com"
This is Nginx setting
server {
listen 80;
server_name domain.con;
root /home/deploy/web/public;
index index.html index.php;
error_log /var/logs/nginx/error_log error;
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
root /home/deploy/web/public;
autoindex on;
access_log on;
expires max;
log_not_found on;
}
Please help me
Update, solution is:
chmod +x /home/deploy
chmod +x /home/deploy/public
Run commands:
chmod +x /home/deploy
chmod +x /home/deploy/public
Related
I've installed Nginx on my Digital Ocean droplet and I've done a build for my react application, now I want to serve the build index.html file to Nginx,
/etc/nginx/sites-enabled/default:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /root/project-name/dist;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
When I visit the server in the browser I get an 404 message.
The path /root/project-name/dist is valid:
If I change the root path to:
root /var/www/html;
Then I get the default Nginx page displayed:
The root and var folder are both in the same path:
So why can't I point my root to a different folder?
Resolved the error.
Step 1. Read the logs (!!)
Nginx: stat() failed (13: permission denied)
My nginx logs are located in /var/log/nginx/. The error.log showed:
2021/10/04 18:18:41 [crit] 1565#1565: *3 stat() "/root/project-name/dist/" failed (13: Permission denied), client: 82.73.195.213, server: _, request: "GET / HTTP/1.1", host: "104.248.82.123"
Step 2. Change access to folders:
chmod +x /root/
chmod +x /root/project-name
chmod +x /root/project-name/dist
I've tried since hours with lots of solutions but cannot get rid of this 403 error on serving a static subdomain with NGINX.
I've tried chmod all my permissions in the directory to the static folder and editing the config file over and over.
NGINX serves beautifully my reverse proxied Node app but shuts down all the static subdomains that once were in the server.
Permissions:
dr-xr-xr-x root root /
drwxr-xr-x root root home
drwx--x--x ca****8sh nginx ca****8sh
lrwxrwxrwx ca****8sh ca****8sh www -> public_html
drwxr-x--- ca****8sh ca****8sh public_html
drwxr-xr-x nginx nginx residenza******.******ano.ch;
config file:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name residenza******.******ano.ch;
root /home/ca****8sh/www/residenza******.******ano.ch/;
location / {
#try_files $uri $uri/ =404;
index index.html;
#autoindex on;
#autoindex_exact_size off;
}
[continues with SSL setup]
I've also tried tweaking things around like enabling autoindex but to no avail.
I'm on despair, please help!
Check which user nginx is using in first line of nginx.conf. It should be either nginx or www-data. then run this command. Replace www-data with nginx if the user is nginx
chown -R www-data /home/ca****8sh/www/residenza******.******ano.ch/
If you are using SELinux like CentOS, run these commands too:
sudo setsebool -P httpd_can_network_connect on
chcon -Rt /home/ca****8sh/www/residenza******.******ano.ch/
I have handled by changing the global nginx user to a higher tier user. This is what was causing the permits issue.
I am trying to confirm my logs are in json format but I cannot even see one log. I am using docker-compose
version: '3'
services:
nginx:
image: test_site
volumes:
- /Users/mikeJ/Desktop/test-logs/access:/tmp/logs/access
- /Users/mikeJ/Desktop/test-logs/error:/tmp/logs/error
build:
context: .
restart: unless-stopped
ports:
- "8040:8040"
ngnix.conf
worker_processes 1;
events { worker_connections 1024; }
http {
include mime.types;
sendfile on;
access_log on;
log_format json_combined escape=json
'{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status": "$status",'
'"body_bytes_sent":"$body_bytes_sent",'
'"request_time":"$request_time",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
server {
listen 8040;
error_log /tmp/logs/error/error.log warn;
access_log /tmp/logs/access/access.log;
server_name localhost;
location /{
root /usr/share/nginx/html/;
index index.html;
}
location ~ ^/test/footer {
root /usr/share/nginx/html/;
expires 5m;
access_log on;
}
}
dockerfile
FROM nginx:1.15.0-alpine
RUN rm -v /etc/nginx/nginx.conf
# Copying nginx configuration file
ADD nginx.conf /etc/nginx/
# setup nginx caching
RUN mkdir -p /tmp/nginx/cache
#create directory for logs
RUN mkdir -p /tmp/logs/error
RUN mkdir -p /tmp/logs/access
#adding footer file
ADD footer /usr/share/nginx/html/footer
# Expose ports
EXPOSE 8040
I even ssh into the container and nothing is there.
from inside the container
# ps aux | grep nginx
1 root 0:00 nginx: master process nginx -g daemon off;
7 nginx 0:00 nginx: worker process
Could you confirm if the nginx.conf is correct?
It seems that the nginx process does not have permissions to write to the directory created.
ps -eo "%U %G %a" | grep nginx
Run the command above to learn the user. It is nginx in your case.
Change the owner and group for the log directory and reload the nginx service.
#create directory for logs
RUN mkdir -p /tmp/logs/error
RUN mkdir -p /tmp/logs/access && \
chown -R nginx:nginx /tmp/logs/
#adding footer file
ADD footer /usr/share/nginx/html/footer
Check the logs folder post accessing one of your URLs.
I have set a nginx, php, mysql and phpMyAdmin on my laptop (running Arch Linux). Everything was ok till I tried to move the root in my home directory.
Here is the nginx configuration file I'm using:
server {
############### General Settings ###################
listen 80;
server_name localhost;
root /home/me/Development;
charset utf-8;
############## Document Root #####################
location / {
index index.php index.html index.htm;
autoindex on;
}
############## PHPMyAdmin #######################
#location /phpmyadmin {
# rewrite ^/* /phpMyAdmin last;
#}
############# Error redirection pages ################
error_page 404 NGINX/html/404.html;
error_page 500 502 503 504 NGINX/html/50x.html;
############## Proxy Settings for FastCGI PHP Server #####
location ~ \.php$ {
if ($request_uri ~* /phpmyadmin) {
root /usr/share/nginx/html;
}
try_files $uri =404;
#fastcgi_pass 127.0.0.1:9000; (depending on your php-fpm socket configuration)
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
}
location ~ /\.ht {
deny all;
}
}
So I'm trying to make this "Development" folder - the folder where I will store all my php projects. And I want to keep phpMyAdmin in its default location.
Now i get 403 Forbidden if i try to access phpMyAdmin or any php file on the new location - error message:
2016/05/20 14:11:46 [crit] 5292#5292: *3 stat() "/home/me/Development/test.php" failed (13: Permission denied), client: 127.0.0.1, server: localhost, request: "GET /test.php HTTP/1.1", host: "localhost"
It should do something with the linux groups and rights but can't figure it out.
It's selinux, google disabling that or configuring it to allow what you need to do.
When your perms are set right and the logs show 'permission denied' it's selinux.
You are using HTTP to get your page. Now HTTP is returning you the error code '403' which according to RFC 2616 means "The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated."
The two possible reason for this error code
Authentication was provided, but the authenticated user is not permitted to perform the requested operation.
The operation is forbidden to all users. For example, requests for a directory listing return code 403 when directory listing has been disabled.
Try to check your file permissions. There is the solution.
I had a similar problem: I also got the 403 error code and tried to configure the rights of the file with chmod 777. Still the same result.
My problem was I started the nginx webserver with sudo nginx instead of starting it with my user and my rights. Just start the server with nginx without sudo and you should be fine.
I hope this helps someone.
check the owners and mode of the folder by using ls -l command if user is sudo then run this sudo chown -R yourusername:yourusername Development adn also run sudo chmod -R 777 Development
I have a Docker setup that works well with Ubuntu, Nginx, PHP-FPM and MySQL.
WordPress can write to the uploads folder and I can edit templates online, but when I try to upgrade WordPress or plugins, it fails with:
Unpacking the update…
Could not create directory.: wordpress
Installation Failed
I have chmod 777 the entire WordPress folder, so I'm not sure if this is Docker or WordPress related. I have also checked various logs, but the only relevant line I found is this:
192.168.59.3 - - [01/Oct/2014:14:16:58 +0000] "POST /wp-admin/update-core.php?action=do-core-upgrade HTTP/1.1" 200 5576
"/wp-admin/update-core.php" "Mozilla/5.0
(Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/37.0.2062.124 Safari/537.36"
Here's how I created the Docker environment:
brew install docker boot2docker
boot2docker init
# Allow VM access to our space
curl http://static.dockerfiles.io/boot2docker-v1.2.0-virtualbox-guest-additions-v4.3.14.iso > ~/.boot2docker/boot2docker.iso
VBoxManage sharedfolder add boot2docker-vm -name home -hostpath /Users
boot2docker up
Here's how I start the container:
docker run -p 80:80 --name wp -d -v ~/wordpress:/mnt/www:rw wp
Here's the Nginx configuration:
server {
listen 80; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
root /mnt/www;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
try_files $uri $uri/ /index.php?q=$uri&$args;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
# pass the PHP scripts to FastCGI server
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
It seems that some hacks are needed to be able to write to mounted volumes as other users than root. See https://github.com/boot2docker/boot2docker/issues/581
I do not have access of your Dockerfile, but for permissions problems with docker and WordPress to install plugins, templates or create folders you can use the command COPY with chown parameter in Dockerfile. Like below:
COPY [--chown=<user>:<group>] <src>... <dest>
For example, in my code runnig wordpress, I use:
COPY --chown=www-data:www-data ./app/ /var/www/html/
But you need had the last version of Docker to use chown parameter. A lot of people get the unknown chown parameter, this occurs because of Docker version. So before use chown I indicate to update your Docker.
Docker reference about COPY command: https://docs.docker.com/engine/reference/builder/#copy
Wordpress reference about permissions and www-data user: https://codex.wordpress.org/Changing_File_Permissions