Develop Reference

After setting up server blocks, Nginx is not serving my domain name

I am in the process of deploying my MERN app to a Digital Ocean droplet (Ubuntu 20.04 server).
I followed the steps in the following tutorial to install Nginx. [I have completed all the previous steps]
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
When I visit http://134.122.112.22, I see the Nginx landing page, as expected.
However, after setting up server blocks, when I visit http://sundaray.io, I get the following error.
sundaray.io is my domain name.
When I run the command /var/log/nginx/error.log, I see the following:
How can I fix the error?
EDIT-1
SERVER BLOCK
In order to create the server block, I executed the following commands in order:
mkdir -p /var/www/sundaray.io/html
nano /etc/nginx/sites-available/sundaray.io
Then, I pasted in the following configuration block.
server {
listen 80;
listen [::]:80;
root /var/www/sundaray.io/html;
index index.html index.htm index.nginx-debian.html;
server_name sundaray.io www.sundaray.io;
location / {
try_files $uri $uri/ =404;
}
}
ERROR
Executing the command cat /var/log/nginx/error.log gave me the following result:
EDIT-2
Executing chown -R nginx:nginx /var/www/sundaray.io/html threw the following error:
EDIT-3
Executing ps -elf |grep nginx gave the following result:
EDIT-4
When I executed the command ls /var/www/sundaray.io/html, I got the following result:

1. chmod 777 is NEVER a good idea.
NGINX operats under a runuser. How to check the runuser:
ps -elf |grep nginx. Normaly it will be nginx. Instead of 777 (Open for everyone) do chmod -R 755 /path/to/folder and chown -R nginx:nginx /path/to/folder
But agree. For troubleshooting it can be used. But back to your problem.
2. Directory-Listing disabled.
The error is telling you nginx can not list the directory content. Which is the default behavior. Make sure
root /var/www/sundaray.io/html;
This path exists AND
index index.html index.htm index.nginx-debian.html;
there are one of these files located!
Without any of these files NGINX can't load the default index file on /. Put something in /var/www/sundaray.io/html like
printf "<html>\n<body>\n<h1>Hello from NGINX</h1>\n</body>\n</html>" > /var/www/sundaray.io/html/index.html && chown nginx:nginx /var/www/sundaray.io/html/index.html. This should generate an index.html for you.
If you just want to test your server configuration without any files:
location / {
return 200 "Hello on $host$uri\n";
}

Nginx 403 error for single file while others work

I have a simple Flask/Nginx server and 3 files in location /opt/hosting/files:
[adam#localhost]$ namei -om /opt/hosting/files
f: /opt/hosting/files
dr-xr-xr-x root root /
drwxr-xr-x root root opt
drwxr-xr-x root root hosting
drwxr-xr-x nginx nginx files
In the folder files I have 3 files: two images and a bigger zip file:
[adam#localhost]$ ls -lh /opt/hosting/files/
total 424M
-rwx-----x. 1 nginx nginx 19K 03-06 01:29 file1.jpg
-rwx-----x. 1 nginx nginx 18M 03-06 03:34 file2.png
-rwxr-xr-x. 1 nginx nginx 406M 07-07 13:07 file3.zip
I am serving these files and while the first two appear without a problem, I get 403 Forbidden for the zip file both through www and using wget. I think directories permissions are set correctly, since the two other files are fine. Zip file properties are even higher so this shouldn't be an issue as well.
I tried using chown root:root and chown 777 for file and folders and couldn't access the file anyway. After making changes I'm restarting nginx with sudo systemctl restart uwsgi. SELinux shows Enforcing.
What is the problem here?

Got it. Reading a comment by tinesoft here made me check SELinux context of files (yes, I'm running CentOS, forgot to mention that) and it was:
[adam#localhost]$ ls -lZ /opt/hosting/files
-rwx-----x. nginx nginx unconfined_u:object_r:httpd_sys_content_t:s0 file1.jpg
-rwx-----x. nginx nginx unconfined_u:object_r:httpd_sys_content_t:s0 file2.png
-rwxr-xr-x. nginx nginx unconfined_u:object_r:user_home_t:s0 file3.zip
Then, following SELinux documentation from RedHat I managed to change the type of SELinux context from user_home_t to httpd_sys_content_t using
sudo chcon -t httpd_sys_content_t file3.zip
That was it.

Nginx serving file error 403 forbidden

To give first some history to this problem; I'm setting up a django site on digitalocean first copied using root and the django folder had as the owner root and I've since worked on fixing this and now the site it up and running but one image still has the 403 forbidden error.
I'm looking for a command that can change the rights of this file.
-rwxr----- 1 sammy sammy 566719 Jul 1 14:52 developer.jpg

Your NGINX user is likely using the www-data or a different user, to verify the user being used by NGINX in a shell execute:
grep user /etc/nginx/nginx.conf
Then to change the file permissions:
chown www-data:www-data developer.jpg
Looking at your file permissions they also needed adjusted - see this answer for recommended perms.
(may require sudo, replace www-data with your NGINX user)

chmod -R 777 folder_name
chmod -R 777 file.name //when You are in directory where this file exist
or
chmod -R 777 file_path/file.name

Why does Nginx return a 403 even though all permissions are set properly?

I have Nginx setup and displaying the test page properly. If I try to change the root path, I get a 403 Forbidden error, even though all permissions are identical. Additionally, the nginx user exists.
nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
index index.html index.htm;
server {
listen 80;
server_name localhost;
root /var/www/html; #changed from the default /usr/share/nginx/html
}
}
namei -om /usr/share/nginx/html/index.html
f: /usr/share/nginx/html/index.html
dr-xr-xr-x root root /
drwxr-xr-x root root usr
drwxr-xr-x root root share
drwxr-xr-x root root nginx
drwxr-xr-x root root html
-rw-r--r-- root root index.html
namei -om /var/www/html/index.html
f: /var/www/html/index.html
dr-xr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-xr-x root root html
-rw-r--r-- root root index.html
error log
2014/03/23 12:45:08 [error] 5490#0: *13 open()
"/var/www/html/index.html" failed (13: Permission denied), client:
XXX.XX.XXX.XXX, server: localhost, request: "GET /index.html HTTP/1.1", host: "ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"

I experienced the same problem and it was due to SELinux.
To check if SELinux is running:
# getenforce
To disable SELinux until next reboot:
# setenforce Permissive
Restart Nginx and see if the problem persists. If you would like to permanently alter the settings you can edit /etc/sysconfig/selinux
If SELinux is your problem you can run the following to allow nginx to serve your www directory (make sure you turn SELinux back on before testing this. i.e, # setenforce Enforcing)
# chcon -Rt httpd_sys_content_t /path/to/www
If you're still having issues take a look at the boolean flags in getsebool -a, in particular you may need to turn on httpd_can_network_connect for network access
# setsebool -P httpd_can_network_connect on
For me it was enough to allow http to serve my www directory.

First of all you have to run following command to allow nginx to access filesystem
sudo setsebool -P httpd_read_user_content 1
You can check if the files or directory with following command:
ls -Z
If it is still not accessible, you can try changing the SELinux property of the files and folder with following command:
chcon -Rt httpd_sys_content_t /path/to/www
However, above command cannot apply to files under FUSE or NFS system.
To enable serving files from FUSE mounts, you can use:
setsebool httpd_use_fusefs 1
To enable serving files from NFS mounts, you can use:
setsebool httpd_use_nfs 1

I ran into the same problem. If you're using Fedora/RedHat/CentOS, this might help you:
According to SELinux: setsebool -P httpd_read_user_content 1
Hope this helps.

This is an addition to Prowlas answer but I dont have enough reputation to commment:
If the /path/to/www is a home directory of a user. You should try:
setsebool -P httpd_enable_homedirs=1
This solved my problem
Source: http://forums.fedoraforum.org/archive/index.php/t-250779.html

There are 2 possible reasons for denied access:
Access is denied by DAC. Double check user, group and file permissions. Make sure the nginx process, when running as the user specified in its config file, can access the new html root path.
Access is denied by MAC. The most widely used of such is SELinux. To check whether it caused the problem, you can stop the nginx process and run this command:
setenforce Permissive
Then start nginx again to see if access is granted.
Alternatively, you can check the file context:
setenforce Enforcing
ls -Zd /usr/share/nginx/html /var/www/html
If the two contexts differ, you may need to change the context for the new html root path:
chcon -R -t httpd_sys_content_t /var/www/html
Restart nginx and see if it works fine. If so, you can make the change permanent:
semanage fcontext -a -t httpd_sys_content_t '/var/www/html(/.*)?'
restorecon -Rv /var/www/html
Some of these commands need to be run as root.

well seems logical, all files are root user, try changing it to nginx user, just wanted to make sure it's not a listing permission denied first.
sudo chown -R nginx:nginx /var/www/html

I have met this problem when I added a new user with a folder /home/new_user as a new virtual host. Make sure these folders (/home, /home/new_user, /home/new_user/xxx...) are 755 so that it resolved my problem. At last, I found my problem were correctly according to the /var/log/nginx/error.log file.

Remember you need to allow other users to read the entire path. Also remember Dropbox will set 700 to its root directory. So chmod 755 ~/Dropbox solved my problem.

The folks using the /home/{user} directory to serve their website need to provide a chmod 755 access on their /home/{user} directory to make this work .
Also , if SELinux is enabled on the server please use the below mentioned commands :-
sudo setsebool -P httpd_can_network_connect on
chcon -Rt httpd_sys_content_t /path/to/www

I was using:
sudo service nginx start
If I use:
sudo nginx
...everything works fine. Can anyone explain the difference between these two?

I ran into the same problem:
Checked nginx.conf to verify the user
Permissions were set properly
Made sure "x" right was set for the entire path
Did a restart from the command line (I'd been using Webmin all this time) and noticed this error:
aed#aed:/var/www/test.local$ sudo service nginx restart
* Restarting nginx nginx
nginx: [warn] conflicting server name "test.local" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "test.local" on 0.0.0.0:80, ignored
Apparently there was a duplicate definition and thus my attempt to access "test.local" failed.

Work fine for me on nginx
semanage permissive -a httpd_t

Another possible reason (NOT IN THIS CASE) is a symlink for index.html file pointing to another directory.
ls -lrt /usr/share/nginx/html/
rsync files to that particular directory will easily solve the problem.
or disable symlinks in nginx.conf
http {
disable_symlinks off;
}

i meet another issue(don't know why yet, but it might be useful for someone else)
i first put the folder under my /home/my_name/www/site_name, and change the owner and change the permission.
then check the selinux stuff.
all the above doesn't solve my problem.
finally, i change the folder to /srv/www/site_name, all is good now.

Modify the file nginx.conf, change the user name to your account name, and restart nginx.it work !

this solved the same problem:
restart Nginx and try again. If it fails, check again the logs. This worked for me

Nginx not following symlinks

I have installed nginx on Ubuntu 12.04. However, nginx does not seem to follow symlinks. I understand that there is a config change required for this but I am not able to find where to make the change. Any help appreciated.

In my case nginx was already configured to follow symbolic links. But the issue was the user nginx could not access my home files and therefore symbolic link to my home directory was not working.
Example
Suppose we have symbolic link /usr/share/nginx/www/mylink -> /home/u/html
cd /usr/share/nginx/www
mkdir -p /home/u/html
sudo ln -sv /home/u/html mylink # creates mylink -> /home/u/html
Give permissions
Give the read and execute permissions using chmod and find:
chmod +rx /home/u
chmod +rw /home/u/html
find /home/u/html/php -type d -exec chmod +rx {} +
find /home/u/html/php -type d -exec chmod +w {} + # optional
Notes:
The permission x is named execute. But when applied to a directory, this permission allows to recurse the directory tree (see Unix modes).
The command find ... -exec chmod ... recursively changes the permissions. We could also use the command chmod -R +rx /home/myuser/html but this last command also gives the execution permission to all regular files, and we do not want that. The option -type d execute chmod to only directories.
The last optional command gives write permission if your PHP scripts require to write data. Try to limit write permission to only required directories for security reasons.
Test
No need to restart ngnix, just press Ctrl+F5 in your browser.
Caution: It is not recommended to create symbolic links pointing to your home directory because a mistake on read/write access or a wrong symbolic link may expose your digital data...
Reference: Arch wiki on nginx

Have a look at the following config option from nginx docs:
Syntax:
disable_symlinks off;
disable_symlinks on |
if_not_owner [from=part];
Default: disable_symlinks off;
Context: http, server, location
This directive appeared in version 1.1.15.

if olibre's answer doesn't help edit the file /etc/nginx/sites-available/default and add this line where you've specified your server root directory.
autoindex on;
save the file and restart server
/etc/init.d/nginx restart