Nginx 403 error,so how can i fix this problem?
When i access the main.css from chrome browser,it response me 403 error.
➜ ~ tail -fn4 /var/log/nginx/error.log
2016/04/23 08:16:51 [error] 10488#0: *1 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:16:53 [error] 10488#0: *1 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:21:48 [error] 10488#0: *4 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:24:49 [error] 10488#0: *5 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
namei tool,all parent directory have 755,and the main.css have 644.
➜ ~ namei -l /data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css
f: /data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css
drwxr-xr-x root root /
drwxr-xr-x root root data
drwxr-xr-x root root apache-tomcat-8.0.33
drwxr-xr-x root root webapps
drwxr-xr-x root root ROOT
drwxr-xr-x root root static
drwxr-xr-x root root css
-rw-r--r-- root root main.css
start nginx's user is root:
➜ ~ ps aux | grep "nginx: worker process" | awk '{print $1}'
root
nginx conf:
upstream tomcat {
server 127.0.0.1:8887;
}
server {
listen 80;
server_name www.xx.com xx.com;
charset utf-8;
access_log /var/log/nginx/tomcat.access.log main;
location / {
proxy_pass http://tomcat;
proxy_redirect off;
client_max_body_size 500M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$
{
root /data/apache-tomcat-8.0.33/webapps/ROOT;
expires 7d;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
}
It's quite possible that you are hosting on a machine that has selinux enforced.
what does sestatus give you?
Related
I want to do proxy_pass for
https://atmvpn.appdomain.cloud/sft-ui/sft/api/orgs/v1/org in such a way that should be
https://dev.apnat.net/sft/api/orgs/v1/orgso while proxy_pass we need to remove sft-ui so I add below location in nginx.conf file
`location /sft-ui/sft/api {
access_log off;
rewrite ^/sft-ui/(.*) /$1 break;
proxy_pass <%= ENV["AMS_DOMAIN"] %>;
}`
I have set AMS_DOMAIN as environment variable. But when I hit https://atmvpn.appdomain.cloud/sft-ui/sft/api/orgs/v1/org in browser I get error "502 Bad Gateway".
in Logs of openshift pod I can see:
2020/06/05 07:06:46 [error] 11#11: *1 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 172.30.96.141, server: , request: "GET /sft-ui/sft/api/orgs/v1/org HTTP/1.1", upstream: "https://104.18.12.180:443/sft/api/orgs/v1/org", host: "atmvpn.appdomain.cloud"
2020/06/05 07:06:46 [warn] 11#11: *1 upstream server temporarily disabled while SSL handshaking to upstream, client: 172.30.96.141, server: , request: "GET /sft-ui/sft/api/orgs/v1/org HTTP/1.1", upstream: "https://104.18.12.180:443/sft/api/orgs/v1/org", host: "atmvpn.appdomain.cloud"
Just adding proxy_ssl_server_name on; its resolved
location /sft-ui/sft/api {
access_log off;
rewrite ^/sft-ui/(.*) /$1 break;
proxy_pass <%= ENV["AMS_DOMAIN"] %>;
#By setting to "on" can proxy to upstream hosts using SNI
proxy_ssl_server_name on;
}
I'm install PHP7.0, Nginx1.4.6 and configured as below but I got many errors.
sudo nano /etc/php/7.0/fpm/pool.d/www.conf
#listen = /run/php/php7.0-fpm.sock
#listen = /var/run/php/php7.0-fpm.sock
listen = 127.0.0.1:9000
user = www-data
group = www-data
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
server {
# listen 80 default_server;
listen 80;
listen [::]:80 default_server ipv6only=on;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Let see the Log:
2017/01/26 03:33:54 [error] 2976#0: *8 connect() failed (111: Connection refused) while connecting to upstream, client: 96.9.77.42, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "128.199.133.1$
2017/01/26 03:33:55 [error] 2976#0: *8 connect() failed (111: Connection refused) while connecting to upstream, client: 96.9.77.42, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "128.199.133.1$
2017/01/26 03:33:55 [error] 2976#0: *8 connect() failed (111: Connection refused) while connecting to upstream, client: 96.9.77.42, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "128.199.133.1$
you may need to set listen.allowed_clients to 127.0.0.1 & comment group & user sections
# only localhost can connect to PHP-FPM
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
# listen.owner = www-data
# listen.group = www-data
then restart php-fpm service, check if it is running on port 9000
I have a Rails 4.2.0, Ruby 2.2.1p85 (ubuntu 14.04), with Puma 2.11.1 and nginx 1.8 as a reverse proxy.
If I execute:
$ rvmsudo rails server -b 172.31.555.555 -p 80 -e production
with
$ sudo service nginx stop
Everything is alright.
... but if I try with nginx in the middle:
$ rvmsudo bundle exec puma -e production -b unix:///var/run/myapp.sock
with
$ sudo service nginx start
The pages showed up, but not the assets (CSS, JS, JPG, PNG).
This is my configuration:
$ cat /etc/nginx/sites-enabled/myapp.work:
upstream myapp.work {
server unix:///var/run/myapp.sock;
}
server {
listen 80;
server_name myapp.work;
root /var/www/myapp/public;
location / {
proxy_pass http://myapp.work; # match the name of upstream directive which is defined above
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* ^/assets/ {
expires 1y;
add_header Cache-Control public;
add_header Last-Modified "";
#add_header ETag "";
break;
}
}
$ cat /etc/nginx/nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
$ cat config/environments/production.rb
Rails.application.configure do
config.cache_classes = true
config.eager_load = true
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
config.serve_static_files = false
config.assets.js_compressor = :uglifier
config.assets.css_compressor = :sass
config.assets.compile = true
config.assets.digest = true
config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
config.log_level = :debug
config.action_mailer.raise_delivery_errors = true
config.action_mailer.default_url_options = { host: 'http://52.88.555.555', port: 80 }
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "mail.mymail.com",
:port => 587,
:domain => "mydomain.com",
:user_name => ENV["txa_mail"],
:password => ENV["txa_pass"],
:authentication => :login,
:enable_starttls_auto => true,
:openssl_verify_mode => 'none'
}
config.i18n.fallbacks = true
config.active_support.deprecation = :notify
config.log_formatter = ::Logger::Formatter.new
config.active_record.dump_schema_after_migration = false
end
$ cat /var/log/nginx/error.log
2015/09/19 19:16:44 [error] 20716#0: *1 open() "/var/www/myapp/public/assets/application-6c87dce3bc16e6e98066ff6c6acd127148ff8009271165207404a1fcdd25989f.css" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/application-6c87dce3bc16e6e98066ff6c6acd127148ff8009271165207404a1fcdd25989f.css HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:44 [error] 20716#0: *1 open() "/var/www/myapp/public/assets/application-609d6f1d02655c07f8c3b280c986f2ff351f6105e327145be40faff36df2bb8c.js" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/application-609d6f1d02655c07f8c3b280c986f2ff351f6105e327145be40faff36df2bb8c.js HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:44 [error] 20716#0: *3 open() "/var/www/myapp/public/assets/logo-google-feed7f037310a2e6fd952385e026f6176f23b5a02fab50f2823020ae52b8cc3b.png" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/logo-google-feed7f037310a2e6fd952385e026f6176f23b5a02fab50f2823020ae52b8cc3b.png HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:45 [error] 20716#0: *1 open() "/var/www/myapp/public/assets/home01h-2416d3a81632df5d1854647d2eab530f81c6349dd4d15eda6c010592aafec815.jpg" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/home01h-2416d3a81632df5d1854647d2eab530f81c6349dd4d15eda6c010592aafec815.jpg HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:45 [error] 20716#0: *4 open() "/var/www/myapp/public/assets/home01v-db52d62784e9f4c85aaa42a67e77789cc414a13e7b9cb53807a46e81444c336a.jpg" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/home01v-db52d62784e9f4c85aaa42a67e77789cc414a13e7b9cb53807a46e81444c336a.jpg HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:45 [error] 20716#0: *3 open() "/var/www/myapp/public/assets/icon-f2-3b43c9fd8a0c8013f9044a1e87697e4297ca45bd6f197ce3cca5ec4c2ee2183a.png" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/icon-f2-3b43c9fd8a0c8013f9044a1e87697e4297ca45bd6f197ce3cca5ec4c2ee2183a.png HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:45 [error] 20716#0: *1 open() "/var/www/myapp/public/assets/icon-t2-0dcd845909680a6ab701bc0e9df0b5dc4b6dae79dabbff689471dc63e7088547.png" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/icon-t2-0dcd845909680a6ab701bc0e9df0b5dc4b6dae79dabbff689471dc63e7088547.png HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
Please help me!! I've tried lots of things during two days and nothing worked.
Thanks in advance!
Run the following command, RAILS_ENV=production bin/rake assets:precompile
My nginx site configuraton:
upstream nodeName {
server serverIp:7050;
server serverIp:7049 backup;
}
server {
listen 80;
server_name domain.com;
gzip_types application/x-javascript text/css;
access_log /pathToLogs/log.access.log;
location / {
proxy_pass http://nodeName/;
}
location ~ ^/(min/|images/|bootstrap/|ckeditor/|img/|javascripts/|apple-touch-icon-ipad.png|apple-touch-icon-ipad3.png|apple-touch-icon-iphone.png|apple-touch-icon-iphone4.png|generated/|js/|css/|stylesheets/|robots.txt|humans.txt|favicon.ico|xml/) {
root /pathToSite/appdirectory-build;
access_log off;
expires max;
}
}
I want to get sitemap.xml by url http://example.com/xml/sitemap.xml but it gives me
403 Forbidden
nginx/1.4.6 (Ubuntu)
Update
In nginx error log file:
2014/10/09 [error] 16094#0: *49762240 open() "/pathToSite/appdirectory-build/xml/sitemapCallEn.xml" failed (13: Permission denied), client: Ip, server: domain.com, request: "GET /xml/sitemapCallEn.txt HTTP/1.1", host: "domain"
How to change permission and allow to open xml file?
Look into nginx error log. You will find answer there. It's file permission issue likely
I have installed nginx on centos. When I try to open a website I get this error:
500 Internal Server Error
Error log:
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 rewrite or internal redirection cycle while internally redirecting to "/error/404.html", client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
nginx.conf (/etc/nginx/nginx.conf)
#######################################################################
#
# This is the main Nginx configuration file.
#
# More information about the configuration options is available on
# * the English wiki - http://wiki.nginx.org/Main
# * the Russian documentation - http://sysoev.ru/nginx/
#
#######################################################################
#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
# http://wiki.nginx.org/NginxHttpMainModule
#
#----------------------------------------------------------------------
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
#----------------------------------------------------------------------
# Events Module
#
# http://wiki.nginx.org/NginxHttpEventsModule
#
#----------------------------------------------------------------------
events {
worker_connections 1024;
}
#----------------------------------------------------------------------
# HTTP Core Module
#
# http://wiki.nginx.org/NginxHttpCoreModule
#
#----------------------------------------------------------------------
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
include /etc/nginx/conf.d/*.conf;
## Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
}
/etc/nginx/sites-enabled/100-mysite.vhost
server {
listen *:80;
server_name mywebsite.com www.mywebsite.com www.mywebsite2.com mywebsite2.com;
root /var/www/mywebsite.com/web;
index index.html index.htm index.php index.cgi index.pl index.xhtml;
error_page 400 /error/400.html;
error_page 401 /error/401.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 405 /error/405.html;
error_page 500 /error/500.html;
error_page 502 /error/502.html;
error_page 503 /error/503.html;
recursive_error_pages on;
location = /error/400.html {
internal;
}
location = /error/401.html {
internal;
}
location = /error/403.html {
internal;
}
location = /error/404.html {
internal;
}
location = /error/405.html {
internal;
}
location = /error/500.html {
internal;
}
location = /error/502.html {
internal;
}
location = /error/503.html {
internal;
}
error_log /var/log/ispconfig/httpd/mywebsite.com/error.log;
access_log /var/log/ispconfig/httpd/mywebsite.com/access.log combined;
## Disable .htaccess and other hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file /var/www/clients/client2/web3/.htpasswd_stats;
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
##try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9012;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
I tested php with replacing content of index.php with <?php phpinfo(); and there is no problem.
Any suggestion?
You have specified a 404 error page that does not exist. Try creating one in /var/www/mywebsite.com/web/error/404.html and see if it starts working.