Sling Academy
Home/DevOps/NGINX and Directory Permission: 403 Forbidden Error

NGINX and Directory Permission: 403 Forbidden Error

Last updated: January 19, 2024

The Problem

When working with NGINX, encountering a 403 Forbidden error can be puzzling. This error suggests that the server understands your request, but refuses to authorize it. Understanding the underlying reasons and implementing solutions to fix this error are crucial for developers and system administrators.

Common Causes

Several issues can lead to a 403 Forbidden error in NGINX. Mainly, it stems from improper file and directory permissions, missing index files or incorrect NGINX configuration settings that deny access to resources.

Solutions

Solution 1: Correct Permissions and Ownership

The most common reason for a 403 error is incorrect file and directory permissions. NGINX typically runs under a specific user and group (usually nginx or www-data), and if it doesn’t have proper read access, it will return a 403 error.

  1. Check the current file and directory permissions using ls -l.
  2. Change directory permissions to 755 (drwxr-xr-x) using chmod -R 755 /path/to/directory.
  3. Change file permissions to 644 (-rw-r–r–) using find /path/to/directory -type f -exec chmod 644 {} \;.
  4. Ensure the owner of the files/directories is the user under which NGINX runs. Use chown -R user:group /path/to/directory to correct ownership.

Here are the commands to set proper permissions and ownership:


ls -l /path/to/directory
chmod -R 755 /path/to/directory
find /path/to/directory -type f -exec chmod 644 {} \;
chown -R nginx:nginx /path/to/directory

Notes: Be cautious when changing permissions and ownership. Overly permissive settings can pose security risks. Use 755 for directories and 644 for files as a general best practice.

Solution 2: Configure Correct NGINX Settings

Sometimes, incorrect location blocks or deny directives in the NGINX configuration can cause a 403 error. Reviewing and correcting the configuration settings may resolve the issue.

  1. Locate the NGINX configuration file (usually located at /etc/nginx/nginx.conf or /etc/nginx/sites-available/your_site).
  2. Review the location blocks to ensure there are no deny all directives without proper conditional allowances.
  3. Ensure there’s a proper root or alias directive to define the path to your website’s files.
  4. Check that the index directive lists the correct index files for your site.
  5. Save changes and test the configuration using nginx -t.
  6. Reload NGINX to apply changes with systemctl reload nginx or nginx -s reload.

A correct NGINX location block may look like this:


location / {
    root /var/www/html;
    index index.html index.htm;
}

Notes: Ensuring a correct configuration setting prevents common errors and secures the server. After making changes, always test the configuration before reloading NGINX.

Solution 3: Check for SELinux Context

If you’re on a system with SELinux enabled, it might block NGINX from accessing the content. Adjusting the SELinux context for the web directory may be necessary.

  1. Check the current SELinux context with ls -Z /path/to/directory.
  2. To change the context type to allow NGINX to serve the content, use sudo semanage fcontext -a -t httpd_sys_content_t '/path/to/directory(/.*)?'.
  3. Then, apply the context to the files with sudo restorecon -R /path/to/directory.

The following terminal commands will set the SELinux context appropriately:


ls -Z /path/to/directory
sudo semanage fcontext -a -t httpd_sys_content_t '/path/to/directory(/.*)?'
sudo restorecon -R /path/to/directory

Notes: This solution is specific to systems with SELinux enabled. Skipping this step in such systems can leave you puzzled even if the file permissions are set correctly.

Next Article: NGINX base module directives: The complete guide

Previous Article: NGINX: How to Mass Redirect URLs Using Regular Expressions

Series: NGINX Tutorials

DevOps

You May Also Like

  • How to reset Ubuntu to factory settings (4 approaches)
  • Making GET requests with cURL: A practical guide (with examples)
  • Git: What is .DS_Store and should you ignore it?
  • NGINX underscores_in_headers: Explained with examples
  • How to use Jenkins CI with private GitHub repositories
  • Terraform: Understanding State and State Files (with Examples)
  • SHA1, SHA256, and SHA512 in Terraform: A Practical Guide
  • CSRF Protection in Jenkins: An In-depth Guide (with examples)
  • Terraform: How to Merge 2 Maps
  • Terraform: How to extract filename/extension from a path
  • JSON encoding/decoding in Terraform: Explained with examples
  • Sorting Lists in Terraform: A Practical Guide
  • Terraform: How to trigger a Lambda function on resource creation
  • How to use Terraform templates
  • Understanding terraform_remote_state data source: Explained with examples
  • Jenkins Authorization: A Practical Guide (with examples)
  • Solving Jenkins Pipeline NotSerializableException: groovy.json.internal.LazyMap
  • Understanding Artifacts in Jenkins: A Practical Guide (with examples)
  • Using Jenkins with AWS EC2 and S3: A Practical Guide