Question

NGINX 403 and 500 ERROR

Posted January 3, 2022 96 views
NginxCentOSPHP

I’m having a problem with NGINX config or I’m not sure if its NGINX config or server firewall though. The issue is some of our user is showing 403 Forbidden or 500 Internal Server Error, but on most users its working great. So we are thinking the issue is related to server firewall, zone or IP restriction. Hope someone can clear this up for me.

Here is my nginx.conf

user nginx;
worker_processes auto;
worker_rlimit_nofile 2048;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;



# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024; 
}

http {
    gzip             on;
    gzip_comp_level  2;
    gzip_min_length  1000;
    gzip_proxied     expired no-cache no-store private auth;
    gzip_types       text/plain application/x-javascript text/xml text/css application/xml;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';



    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   10;
    types_hash_max_size 4096;

    #access_log off;

    client_body_buffer_size     32k;
    client_header_buffer_size   8k;
    large_client_header_buffers 8 64k;

    #client_body_buffer_size 10K;
    #client_header_buffer_size 1k;
    #client_max_body_size 8m;
    #large_client_header_buffers 2 1k;


    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*;
    include /etc/nginx/sites-enabled/*;
    server_names_hash_bucket_size 64;
    #include /etc/nginx/sites-available/*.conf;

    server {
        include /etc/nginx/default.d/*.conf;
        location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
            expires 365d;
        }
    }


Here is my first domain

server {
    listen  80;

    server_name domain1.com www.domain1.com;

    root /var/www/html/domain1;
    index index.php index.html index.htm;

    access_log  /var/log/nginx/access-domain1.log  main;
    error_log  /var/log/nginx/error-domain1.log;

    location / {
        try_files $uri $uri.html $uri/ @extensionless-php;
        index index.php;

    }

    location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; 
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_connect_timeout 600;
        fastcgi_intercept_errors on;
    }

    location @extensionless-php {
        rewrite ^(.*)$ $1.php last;
    }
}   


Here is my second domain

server {
    listen 80;
    listen [::]:80; 
    server_name vicsports02.com www.domain2.com;
    return 301 https://www.domain2.com$request_uri;
}

server {
    listen *:443 ssl http2;
    listen [::]:443 ssl http2; 

    server_name domain2.com www.domain2.com;

    root /var/www/html/domain2;
    index index.php index.html index.htm;

    ssl_certificate /etc/nginx/ssl/domain2.pem;
    ssl_certificate_key /etc/nginx/ssl/domain2.key;
    #ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;


    location ~ \.php$ {
        #limit_conn addr 10;
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; 
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_connect_timeout 600;
        fastcgi_intercept_errors on;

    }

}


Domain 2 is working great, anyone can access it anywhere and everywhere. Domain 1 has the problem with 403 and 500.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hi @Kyletest,

Looking at your Nginx configurations, everything is looking great.

You mentioned some of your customers are experiencing 403 Forbidden or 500 Internal Server Error. Usually, when someone is experiencing such errors you can check your WebSerivce’s error log to see what’s going on. Looking at your configuration, I can see the log is located at /var/log/nginx/error.log;.

Having said that, it’s really weird that some customers are seeing 500 Internal Server Error. This is error is usually shown with Apache rather than Nginx. The equivalent to this in Nginx is 502 Bad Gateway.

With that said, seeing the error log should tell you the exact error behind this Error Code and point you in the right direction.

  • Hi. Thank you for answering, unfortunately the error logs points me to nowhere related to NGINX, there are only some PHP Warning related to some undefined index but nothings fatal that would result Error 500 or 502. And right now, we change NGINX with HTTPD on our server but it still showing the same error on some users. How is that possible that its showing 403 Forbidden or 500 Internal Server Error with NGINX text below without any NGINX installed on our server? I’m very confused right now.

Hello,

The Nginx configuration looks correct. What I could suggest is checking your Nginx error logs to see if you could get some more information on the actual errors that are occurring rather than the generic 403 and 500 errors.

You can check your Nginx error log with the following command:

sudo tail -100 /var/log/nginx/error.log

Feel free to share the output of the log here. Just make sure to remove any sensitive information if there is any.

Regards,
Bobby

  • Hi. Thank you for answering, unfortunately the error logs points me to nowhere related to NGINX, there are only some PHP Warning related to some undefined index but nothings fatal that would result Error 500 or 502. And right now, we change NGINX with HTTPD on our server but it still showing the same error on some users. How is that possible that its showing 403 Forbidden or 500 Internal Server Error with NGINX text below without any NGINX installed on our server? I’m very confused right now.

    • Hi there,

      It is also possible that Apache/HTTPD would also return those errors.

      What I could suggest in this case is to:

      • Check your PHP error logs.
      • Check the system logs, it is possible that the server is running out of memory or specific process are being killed.
      • Also as you are on CentOS check for any SELinux errors, it is possible that you might be reaching some SELinux limits.

      Let me know how it goes!