Hello I am using Amazon Ec2 with Nginx. I recently setup nginx and when I for example access blog.com/index.php it shows up in the browser correctly but when I access other file extension like JPEG, PNG, JS etc the file becomes 403.
Here is the error log.
[error] 5637#0: *132 open() "/var/www/html/js/jquery.js" failed (13: Permission denied), client: 10.000.00.00, server: blog.com, request: "GET /js/jquery.min.js HTTP/1.1", host: "blog.com"
The permission stats on the js file (403 Forbiddon)
-rw-r--r-- 1 ec2-user ec2-user 93636 /var/www/html/js/jquery.js
The permission stats on the index.php file
-rw-r--r-- 1 ec2-user ec2-user 1281 /var/www/html/index.php
My Nginx conf file:
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 8096;
multi_accept on;
use epoll;
}
http {
charset UTF-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 10;
client_header_timeout 10;
client_body_timeout 10;
reset_timedout_connection on;
send_timeout 10;
limit_conn_zone $binary_remote_addr zone=addr:5m;
limit_conn addr 100;
gzip on;
gzip_static on;
gzip_http_version 1.0;
gzip_disable "msie6";
gzip_proxied any;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
index index.html index.htm index.php;
server {
listen 80;
server_name localhost;
root /var/www/html;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~* \.php$ {
location ~* \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
server {
listen 80;
server_name blog.com;
location / {
root /var/www/html;
index index.html index.htm index.php;
}
location ~* \.php$ {
ssi on;
root /var/www/html;
fastcgi_param HTTP_USER_AGENT $http_user_agent;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
}
Check the file/directory permissions with
ls -alh
orstat
command. Seems might be a permission/ownership issue.In order for a file to be readable, not only the file needs read permissions, but also all the parent directories need read permissions. My guess is while the file jquery.js has the right permissions:
, the directory js hasn't:
In this case nginx, which run under another user (for instance
www-data
ornginx
) has no read permission on the containing directory, and hence cannot access the file jquery.js. The solution is to either change the permission of the "js" directory, or change ownership to the nginx user.