Nginx + Passenger 403 error
Question
I have a hybrid php/Rails app sitting on one AWS ec2 server. I am hosting a Mediawiki installation and using Rails as a frontend to it. For the Rails app, I am using Passenger as a server. I would like location / to serve the Rails app, and anything at location /w or any .php files to be served by Mediawiki (php5-fpm).
I used to have a working configuration, but it was hacked together and I would like to refactor it.
My current working implementation gives me a 403 Forbidden error when I try to access the Rails app at / .
The error I get (from rails_error.log ): 2017/10/24 20:08:31 [error] 14947#14947: *2 directory index of "/var/www/myapp/public/" is forbidden, client: xx.yy.zz.aa, server: myapp.amazonaws.com, request: "GET / HTTP/1.1", host: "myapp.amazonaws.com"
I would like to be able to access only the Rails app at / for now; I am not focused on the php5-fpm configurations yet.
Here are my .conf files:
sites-available/myapp.conf:
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=mw_cache:10m max_size=10g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
server {
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name myapp.com;
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
root /var/www/myapp/public;
passenger_enabled on;
location /w {
alias /var/www/mediawiki-1.28.0;
index index.php index.html index.htm;
charset utf-8;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_cache mw_cache;
fastcgi_cache_valid 200 60m;
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:7777;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
error_log /var/log/nginx/mediawiki_error.log;
access_log /var/log/nginx/mediawiki_access.log;
}
error_log /var/log/nginx/rails_error.log;
access_log /var/log/nginx/rails_access.log;
}
nginx.conf:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
passenger_root /home/ubuntu/.rvm/gems/ruby-2.3.1@myapp/gems/passenger-5.1.1;
passenger_ruby /home/ubuntu/.rvm/gems/ruby-2.3.1@myapp/wrappers/ruby;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
I have a suspicion it has to do with how Passenger is installed or running, or it could be that I am running Passenger not as www-data but as ubuntu .
/var/www/myapp/ is also owned by ubuntu, though I have tried chown -R www-data /var/www/myapp and chown -R ubuntu:www-data /var/www/myapp to no avail.
Does anyone have any pointers from here?
Thanks.
1 answers
solution1
1 2017-10-25 08:51:25
Your config works for me: the app is started successfully, at least, if I start Nginx as root (how it usually is done).
Note that the user directive from your config tells Nginx what user to run its workers as, it does not specify what user to run the Passenger core as (that is inherited from what Nginx was started with).
My pointers would be as follows:
Usually the first thing to do is to check the logs. Your config declares logfiles, but doesn't set the top level error log, so you're missing the Passenger log output.
To solve this, move the
error_log /var/log/nginx/error.log;to above thehttp {line in yournginx.conf.If needed, you can also set
passenger_log_level 7;(in thehttpblock) to get very detailed logs.By changing the log level and observing the result you can also ensure that the config you think is being used, is actually the one that is used, on the URL that you are querying (ie you can see requests coming in).
Passenger has some troubleshooting tools, eg
passenger-statuscan be used to inspect if it's running successfully. Note that you haven't declared a passenger_pre_start url, so your app won't be started by Passenger until the first request is routed to it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.