Question

Nginx (403 Forbidden)

Deploying my web app (Nginx, Gunicorn, Django) on Ubuntu 16.10 I get a 403 error when clients try to load files to the server. Files are supposed to be saved in /var/www/annotator/media/dmitrybaranchuk/

I’ve read a lot of topics about the similar issues however nothing helped. I’m almost positive this is the problem with nginx / permissions / users. Maybe someone knows how I can fix this issue. The main information is below.

Error Logs

  • Safari Web Inspector: [Error] Failed to load resource: the server responded with a status of 403 (Forbidden) (dmitrybaranchuk, line 0)

  • nginx-error.log: [error] 10713#10713: *5 directory index of “/var/www/annotator/media/dmitrybaranchuk/” is forbidden, client: 31.173.80.174, server: 138.197.16.71, request: “POST /media/dmitrybaranchuk/ HTTP/1.1”, host: “138.197.16.71”, referrer: “http://138.197.16.71/

  • /var/log/nginx/error.log: empty

Info

  • Nginx processes: root - master process /usr/sbin/nginx -g daemon on; master_process on; www-data - worker process

  • /var/www permissions: /var/www and every directory/file inside has permission: 777, user: www-data, group: www-data.

  • SELinux: Disabled

  • /etc/nginx/sites-enabled/annotator

server {
    listen 80;
    server_name 138.197.16.71;
    access_log /home/dmitrybaranchuk/pose_annotator/logs/nginx-access.log;
    error_log /home/dmitrybaranchuk/pose_annotator/logs/nginx-error.log;

    location /static/ {
        alias /home/dmitrybaranchuk/pose_annotator/static/;
        expires 30d;
    }
    location /media/ {
        alias /var/www/annotator/media/;
    }
    location / {
        autoindex on;
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
  • /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}
Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I had the same error that took me several days but had to give static folder access right to the Nginx user process and worked just fine, sudo chown [the user owning your file]:[nginx process user] target_folder_here

[My Problem solved!] I had the same problem with the media files that uploaded. The media files wouldn’t be loaded and when I wanted to inspect the page and go to the URL of the image, it was showing me 403 forbidden.

I solve this problem by giving the permission of 777 to all the folders through the media file in the server. for example, if the media files are in the root /home/your-project/media/images, then you should run these commands in the server: (for example in Centos 7)

in the root / : chmod -R 777 /home in the root /home/: chmod -R 777 /your-project in the root /your-project/ : chmod -R 777 /media in the root /media: chmode -R 777 /images

hope it helps whoever stucks in this problem.

The issue is solved. The mistake was pretty stupid: when nginx got url ‘/media/dmitrybaranchuk/filename’ it sent the request to location /media/. However I supposed to direct it to location /.

It is better to use the root directive instead of alias.

location /media/ {
    root /var/www/annotator/;
}

If you are using alias, I recommend you to use $1 for the endpoint such as this:

location /media/ {
    alias /var/www/annotator/media/$1;
}