Nginx (403 Forbidden)

December 1, 2016 31.7k views
Deployment Django Nginx Ubuntu
dmitrybaranchuk
By:
dmitrybaranchuk

Deploying my web app (Nginx, Gunicorn, Django) on Ubuntu 16.10 I get a 403 error when clients try to load files to the server. Files are supposed to be saved in /var/www/annotator/media/dmitrybaranchuk/

I've read a lot of topics about the similar issues however nothing helped. I'm almost positive this is the problem with nginx / permissions / users. Maybe someone knows how I can fix this issue. The main information is below.

Error Logs

  • Safari Web Inspector:
    [Error] Failed to load resource: the server responded with a status of 403 (Forbidden) (dmitrybaranchuk, line 0)

  • nginx-error.log:
    [error] 10713#10713: *5 directory index of "/var/www/annotator/media/dmitrybaranchuk/" is forbidden, client: 31.173.80.174, server: 138.197.16.71, request: "POST /media/dmitrybaranchuk/ HTTP/1.1", host: "138.197.16.71", referrer: "http://138.197.16.71/"

  • /var/log/nginx/error.log: empty

Info

  • Nginx processes:
    root - master process /usr/sbin/nginx -g daemon on; master_process on;
    www-data - worker process

  • /var/www permissions:
    /var/www and every directory/file inside has permission: 777, user: www-data, group: www-data.

  • SELinux: Disabled

  • /etc/nginx/sites-enabled/annotator

    server {
listen 80;
server_name 138.197.16.71;
access_log /home/dmitrybaranchuk/pose_annotator/logs/nginx-access.log;
error_log /home/dmitrybaranchuk/pose_annotator/logs/nginx-error.log;

location /static/ {
    alias /home/dmitrybaranchuk/pose_annotator/static/;
    expires 30d;
}
location /media/ {
    alias /var/www/annotator/media/;
}
location / {
    autoindex on;
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

  • /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}
Log In to Comment
2 Answers
kyroskoh December 5, 2016

It is better to use the root directive instead of alias.

location /media/ {
    root /var/www/annotator/;
}

If you are using alias, I recommend you to use $1 for the endpoint such as this:

location /media/ {
    alias /var/www/annotator/media/$1;
}
Reply
  • Mountainpaul May 12, 2017

    I don't agree or disagree with your statements, but if you could explain why you reached these conclusions it would be appreciated.

dmitrybaranchuk January 1, 2017

The issue is solved. The mistake was pretty stupid: when nginx got url '/media/dmitrybaranchuk/filename' it sent the request to location /media/. However I supposed to direct it to location /.

Reply
Have another answer? Share your knowledge.

Related Questions