Nginx (403 Forbidden)

December 1, 2016 38.4k views
Nginx Ubuntu Django Deployment
dmitrybaranchuk
By:
dmitrybaranchuk

Deploying my web app (Nginx, Gunicorn, Django) on Ubuntu 16.10 I get a 403 error when clients try to load files to the server. Files are supposed to be saved in /var/www/annotator/media/dmitrybaranchuk/

I’ve read a lot of topics about the similar issues however nothing helped. I’m almost positive this is the problem with nginx / permissions / users. Maybe someone knows how I can fix this issue. The main information is below.

Error Logs

  • Safari Web Inspector:
    [Error] Failed to load resource: the server responded with a status of 403 (Forbidden) (dmitrybaranchuk, line 0)

  • nginx-error.log:
    [error] 10713#10713: *5 directory index of “/var/www/annotator/media/dmitrybaranchuk/” is forbidden, client: 31.173.80.174, server: 138.197.16.71, request: “POST /media/dmitrybaranchuk/ HTTP/1.1”, host: “138.197.16.71”, referrer: “http://138.197.16.71/

  • /var/log/nginx/error.log: empty

Info

  • Nginx processes:
    root - master process /usr/sbin/nginx -g daemon on; master_process on;
    www-data - worker process

  • /var/www permissions:
    /var/www and every directory/file inside has permission: 777, user: www-data, group: www-data.

  • SELinux: Disabled

  • /etc/nginx/sites-enabled/annotator

    server {
listen 80;
server_name 138.197.16.71;
access_log /home/dmitrybaranchuk/pose_annotator/logs/nginx-access.log;
error_log /home/dmitrybaranchuk/pose_annotator/logs/nginx-error.log;

location /static/ {
    alias /home/dmitrybaranchuk/pose_annotator/static/;
    expires 30d;
}
location /media/ {
    alias /var/www/annotator/media/;
}
location / {
    autoindex on;
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

  • /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}
Sign In to Comment
2 Answers
kyroskoh December 5, 2016

It is better to use the root directive instead of alias.

location /media/ {
    root /var/www/annotator/;
}

If you are using alias, I recommend you to use $1 for the endpoint such as this:

location /media/ {
    alias /var/www/annotator/media/$1;
}
Report
  • Mountainpaul May 12, 2017

    I don’t agree or disagree with your statements, but if you could explain why you reached these conclusions it would be appreciated.

    Report
dmitrybaranchuk January 1, 2017

The issue is solved. The mistake was pretty stupid: when nginx got url ’/media/dmitrybaranchuk/filename’ it sent the request to location /media/. However I supposed to direct it to location /.

Report
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Related