single page html website - nginx 403 Forbidden

Question

I have CentOS server, nginx installed, domain configured. I want to show basic single page index.html file, but it displays error: 403 Forbidden nginx/1.12.2 . Whole website is located in directory:

/var/www/oceanljepote.com

which contains:

drwxr-xr-x. 5 nginx nginx   59 Jan  5 21:41 .
drwxr-xr-x. 3 nginx nginx   30 Jan  5 14:39 ..
drwxr-xr-x. 2 nginx nginx  121 Jan  5 21:31 css
drwxr-xr-x. 2 nginx nginx   61 Jan  5 21:40 images
-rwxr-xr-x. 1 nginx nginx 3146 Jan  5 21:28 index.html
drwxr-xr-x. 2 nginx nginx  226 Jan  5 21:31 js

I gave ownership and permissions to nginx user so when I execute this:

 namei -om /var/www/oceanljepote.com/css

I get this output:

f: /var/www/oceanljepote.com/css
dr-xr-xr-x root  root  /
drwxr-xr-x root  root  var
drwxr-xr-x nginx nginx www
drwxr-xr-x nginx nginx oceanljepote.com
drwxr-xr-x nginx nginx css

When I open /var/log/nginx/error.log I see this error:

2019/01/05 21:53:40 [error] 15348#0: *1 "/var/www/oceanljepote.com/index.html" is forbidden (13: Permission denied), client: 213.149.62.113, server: oceanljepote.com, request: "GET / HTTP/1.1", host: "oceanljepote.com"

My nginx.conf looks like this:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
       #listen       80 default_server;
       #listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

My /etc/nginx/conf.d/oceanljepote.com.conf looks like this:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/oceanljepote.com;

    index index.html;

    server_name oceanljepote.com www.oceanljepote.com;

    location / {
        try_files $uri $uri/ =404;
    }
}

What I am doing wrong?

Answer 1

By default, SELinux is enabled on CentOS. To serve your single html page, you need either disable SELinux by running setenforce 0 command, or add a new security context for your directory in which your html files exist. For more information about SELinux, you can have a look at this

PS: setenforce 0 command disables SELinux temporarily. You need to edit /etc/sysconfig/selinux file to disable it permanently.