403 Forbidden on Rails app w/ Nginx, Passenger, unix

Question

Hi i am having the 403 error despite following the steps from here

403 Forbidden on Rails app w/ Nginx, Passenger

My app folder permissions

namei -l /home/ubuntu/resume_consumer/current/public

f: /home/ubuntu/resume_consumer/current/public
drwxr-xr-x root   root   /
drwxr-xr-x root   root   home
drwxr-xr-x ubuntu ubuntu ubuntu
drwxrwxr-x ubuntu ubuntu resume_consumer
lrwxrwxrwx ubuntu ubuntu current -> /home/ubuntu/resume_consumer/releases/20150815211156
drwxr-xr-x root   root     /
drwxr-xr-x root   root     home
drwxr-xr-x ubuntu ubuntu   ubuntu
drwxrwxr-x ubuntu ubuntu   resume_consumer
drwxrwxr-x ubuntu ubuntu   releases
drwxrwxr-x ubuntu ubuntu   20150815211156
drwxrwxr-x ubuntu ubuntu public

The Nginx app is running as nobody

ps waux | grep nginx

root     12005  0.0  0.0  42480   900 ?        Ss   Jul28   0:00 nginx: master process /opt/nginx/sbin/nginx
nobody   12006  0.0  0.1  42804  2016 ?        S    Jul28   0:00 nginx: worker process

My nginx config looks as follows

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    passenger_root /home/ubuntu/.rvm/gems/ruby-2.2.1/gems/passenger-5.0.14;
    passenger_ruby /home/ubuntu/.rvm/wrappers/ruby-2.2.1/ruby;

    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  qa.enterprise.getmeed.com;
        root /home/ubuntu/resume/current/public;
        passenger_enabled on;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

       # location / {
        #    root   html;
        #    index  index.html index.htm;
        #}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        #error_page   500 502 503 504  /50x.html;
        #location = /50x.html {
        #    root   html;
        #}

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    server {
        listen       80;
        server_name  qa.getmeed.com;
        root /home/ubuntu/resume_consumer/current/public;
        index index.html index.htm;
        passenger_enabled on;
        rails_env production;
        passenger_friendly_error_pages on;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    }


    # HTTPS server
    #
    #server {
    #    listen       443;
    #    server_name  localhost;

    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers   on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

When i look at logs, i find an alert that says PassengerAgent not found another error that the directory is forbidden. I am not sure if the alert is related.

2015/08/15 23:40:41 [notice] 20858#0: signal process started
2015/08/15 23:40:41 [alert] 12005#0: Unable to start Phusion Passenger: Support binary PassengerAgent not found (tried: /home/ubuntu/.rvm/gems/ruby-2.2.1/gems/passenger-5.0.14/buildout/support-binaries/PassengerAgent and /root/.passenger/support-binaries/5.0.14/PassengerAgent). This probably means that your Phusion Passenger installation is broken or incomplete, or that your 'passenger_root' setting contains the wrong value. Please reinstall Phusion Passenger or adjust the setting (see: https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html#PassengerRoot). (-1: Unknown error)
2015/08/15 23:45:04 [error] 20859#0: *375 directory index of "/home/ubuntu/resume_consumer/current/public/" is forbidden, client: 104.135.15.7, server: qa.getmeed.com, request: "GET / HTTP/1.1", host: "qa.getmeed.com"                                  

Answer 1

You simply need to see if you can read the file inside /home/ubuntu/resume_consumer/current/public . You are showing us the permissions set in the home directory of Ubuntu, but current and public will have their own permissions as well.

First assuming there is an index.html inside of public, does the following return an error:

sudo -u nobody /home/ubuntu/resume_consumer/current/public

If so then you have a permission problem. You could resolve this by adding the nobody user to the same ubuntu group:

sudo adduser nobody ubuntu

and then ensure the group ubuntu users have the same access as the ubuntu user.

sudo chmod -R g=u /home/ubuntu/resume_consumer

Answer 2

Thanks all! it turns out there is no issue with the nginx. There was an error about passenger in nginx logs, which i wan't sure was related initially, But it turns out that was the root cause.

I had passenger installed but the passenger was not installed for the application specifically. I had to go to the application directory and install passenger gem and then use the passenger_root corresponding to the gem in application in nginx config. That fixed the issue.