Question

NGINX 403 and 500 ERROR

I’m having a problem with NGINX config or I’m not sure if its NGINX config or server firewall though. The issue is some of our user is showing 403 Forbidden or 500 Internal Server Error, but on most users its working great. So we are thinking the issue is related to server firewall, zone or IP restriction. Hope someone can clear this up for me.

Here is my nginx.conf

user nginx;
worker_processes auto;
worker_rlimit_nofile 2048;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;



# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024; 
}

http {
    gzip             on;
    gzip_comp_level  2;
    gzip_min_length  1000;
    gzip_proxied     expired no-cache no-store private auth;
    gzip_types       text/plain application/x-javascript text/xml text/css application/xml;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';



    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   10;
    types_hash_max_size 4096;

    #access_log off;

    client_body_buffer_size     32k;
    client_header_buffer_size   8k;
    large_client_header_buffers 8 64k;

    #client_body_buffer_size 10K;
    #client_header_buffer_size 1k;
    #client_max_body_size 8m;
    #large_client_header_buffers 2 1k;
    

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*;
    include /etc/nginx/sites-enabled/*;
    server_names_hash_bucket_size 64;
    #include /etc/nginx/sites-available/*.conf;

    server {
        include /etc/nginx/default.d/*.conf;
        location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
            expires 365d;
        }
    }


Here is my first domain

server {
    listen  80;

    server_name domain1.com www.domain1.com;

    root /var/www/html/domain1;
    index index.php index.html index.htm;

    access_log  /var/log/nginx/access-domain1.log  main;
    error_log  /var/log/nginx/error-domain1.log;

    location / {
        try_files $uri $uri.html $uri/ @extensionless-php;
        index index.php;
        
    }

    location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; 
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_connect_timeout 600;
        fastcgi_intercept_errors on;
    }

    location @extensionless-php {
        rewrite ^(.*)$ $1.php last;
    }
}   


Here is my second domain

server {
    listen 80;
    listen [::]:80; 
    server_name vicsports02.com www.domain2.com;
    return 301 https://www.domain2.com$request_uri;
}

server {
    listen *:443 ssl http2;
    listen [::]:443 ssl http2; 

    server_name domain2.com www.domain2.com;

    root /var/www/html/domain2;
    index index.php index.html index.htm;

    ssl_certificate /etc/nginx/ssl/domain2.pem;
    ssl_certificate_key /etc/nginx/ssl/domain2.key;
    #ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;


    location ~ \.php$ {
        #limit_conn addr 10;
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; 
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_connect_timeout 600;
        fastcgi_intercept_errors on;

    }

}


Domain 2 is working great, anyone can access it anywhere and everywhere. Domain 1 has the problem with 403 and 500.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello,

The Nginx configuration looks correct. What I could suggest is checking your Nginx error logs to see if you could get some more information on the actual errors that are occurring rather than the generic 403 and 500 errors.

You can check your Nginx error log with the following command:

sudo tail -100 /var/log/nginx/error.log

Feel free to share the output of the log here. Just make sure to remove any sensitive information if there is any.

Regards, Bobby

Hi @Kyletest,

Looking at your Nginx configurations, everything is looking great.

You mentioned some of your customers are experiencing 403 Forbidden or 500 Internal Server Error. Usually, when someone is experiencing such errors you can check your WebSerivce’s error log to see what’s going on. Looking at your configuration, I can see the log is located at /var/log/nginx/error.log;.

Having said that, it’s really weird that some customers are seeing 500 Internal Server Error. This is error is usually shown with Apache rather than Nginx. The equivalent to this in Nginx is 502 Bad Gateway.

With that said, seeing the error log should tell you the exact error behind this Error Code and point you in the right direction.