Rails, Passenger, Nginx, I get “403 Forbidden” but why?

Question

I am trying to run my app through Passenger-Nginx on port 5000

On my browser I get '403 Forbidden' and on my nginx error log:

2016/07/12 17:52:12 [error] 28924#0: *1 directory index of "/var/www/cava/public/" is forbidden, client: YYYY, server: cava, request: "GET / HTTP/1.1", host: "XXXX:5000"

On passenger root I use what I get from passenger-config --root but whithout the rvm. If I use the passenger root with rvm loaded I get passenger error, but is what I did here right?

For reference my app config and my nginx.conf:

My app config

server {


    listen 5000;

    listen [::]:5000;

    server_name cava;

    root /var/www/cava/public;
    #try_files $uri/index.html $uri @app;

    # Add index.php to the list if you are using PHP
    #index index.html index.htm index.nginx-debian.html;

    #location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
    #}
}

My nginx.conf

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
    passenger_ruby /home/tasos/.rvm/rubies/ruby-2.3.0/bin/ruby;


    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;


    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;

    server {

        passenger_enabled on;


        listen 443 ssl;

        root /usr/share/nginx/html;
        index index.html index.htm;

        ssl_certificate /etc/nginx/ssl/1_beast.smartupweb.com_bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/smartup1.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL;

        #location / {
         #       try_files $uri $uri/ =404;
        #}
}
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

Any help appreciated.

Answer 1

The error message stated:

directory index of "/var/www/cava/public/" is forbidden

which means that your folder has no index file, or the file that is to be treated as index.

I am not familiar with Passenger, but if you'll try to put there index.html file with content <h1>Hello World</h1> , it will be likely shown.

---

The below is not directly related to this problem, but I'll leave it here for the sake of consistency.

Solution 1

First, determine what user your nginx runs as

ps ueax|grep 'nginx: worker'|grep -v grep|cut -f1 -d' '
#⇒ www-data

or it might be nobody , but in your case it's www-data according to your conf file.

Change permissions on /var/www/cava/public :

sudo chown -R www-data /var/www/cava/public

Retry, it should work now.

Solution 2

Make your nginx be running as your user . At the very top of conf change:

- user www-data:
+ user tasos;

The latter one is probably more handy for development.