I am trying to serve static cache files using nginx. There are index.html files under the rails_root/public/cache directory. I tried the following configuration first, which doesn't work:
root <%= current_path %>/public;
try_files /cache$uri/index.html /cache$uri.html @rails;
This give error:
[error] 4056#0: *13503414 directory index of "(...)current/public/" is forbidden, request: "GET / HTTP/1.1"
I then tried
root <%= current_path %>/public/cache;
try_files $uri/index.html $uri.html @rails;
And to my surprise this works. Why is it that I can do the latter not the former( since they point to the same location)
Permissions of file system
The permissions of the folders are:
775 public
755 cache
644 index.html
Rails sits in the user ~ directory, so the folders and files are all belong to the user good. The user for nginx is root for master and http for each worker processors:
89:http 7865 0.1 0.0 8876 2624 ? S Jul10 0:51 nginx: worker process
112:root 24927 0.0 0.0 8532 1828 ? Ss Jun28 0:03 nginx: master process /usr/sbin/nginx -c /etc/nginx/conf/nginx.conf
My favicon is sitting under public/ is served correctly by the following:
# asset server
server {
listen 80;
server_name assets.<%= server_name %>;
expires max;
add_header Cache-Control public;
charset utf-8;
root <%= current_path %>/public;
}
LOG
For my working setup: access log shows:
request:"GET / HTTP/1.1" 200 uri:"/index.html"
request:"GET /assets/gas/468x15_4.gif HTTP/1.1" 200 uri:"/assets/gas/468x15_4.gif"
If I add index nonexistent the same directory index forbidden error would appear with following access log:
request:"GET / HTTP/1.1" 403 uri:"/"
error log:
directory index of "RAILS_ROOT/current/public/cache/gas/" is forbidden, client: _IP_, server: example.com, request: "GET / HTTP/1.1", host: "gas.example.com"
UPDATE
Please see the full config file. Note that it is complete and the example given above are a bit simplified.
I am using Nginx 1.22
I think index should be processed before try_files near NGX_HTTP_ACCESS_PHASE for as the log suggests you are requesting directory.
The correct way would be hitting official mailing list with this question.
The problem lies in the
ifdirectives inlocationblocks. These were only shown in the full config files (sorry to those who tried to solve this problem without that). Once I moved those toserverblock level it works fine.directory index of *** is forbiddenis an indication that no content directives are available in the location block. In this case thelocationis a nestedlocationblock, created whenifdirective is used in alocationblock.ifdirectives underserverblock level doesn't have this problem. Myifs can be moved and still function properly, but I am not sure whatifs won't work if moved.So in this case file permissions are probably not so relevant.
@Vbart is correct in saying that if is evil.