Django server error 403 forbidden nginx/1.10.3 (ubuntu)

Question

I have some media content in ubuntu server. I can upload files. but when I try to load files it shows 403 forbidden nginx/1.10.3 (ubuntu) .In file permission, it displays rw-------- .

How can I retrieve all content without error? I'm not familiar with Ubuntu

I used this snippet to recover files. However, it only works the single time. After some while, it shows the same error.

sudo chmod -R 664 /home/django/media/image/
sudo chmod -R a+X /home/django/media/image/

Answer 1

The nginx user must be able to read those files. You can use group permissions to allow that. Also the wsgi user must have its umask set so that files it creates are readable for the group as well.

In your case it looks like your wsgi user has umask 077 , which makes files it creates only readable by the owner ( rw-------- ). Thus nginx does not have read permission. Instead use umask 027 , which will permit group users to access those files, but not write to them (there's no reason for nginx to have write access).

For example if you are using gunicorn as your wsgi server, you can use gunicorn flags --group www --umask 027 . Make sure both gunicorn and nginx user belongs to the www group.

Fix permission something like this.

# set group to `www` for all files recursively
sudo chgrp www -R /home/django/media/
# set all files to be read/write by owner and readable by group `www`
find /home/django/media/ -type f -exec chmod 640 {} ; 
# same with directories +execute
find /home/django/media/ -type d -exec chmod 750 {} ; 

Alternatively, use 644 for files and 755 for directories, and 022 for umask. Then group permissions don't matter, since all users gets read access.

The latter option is not security best practice, but it's probably fine, as long as you only give the django user write access.