Question

Nginx (403 Forbidden)

Posted December 1, 2016 44.7k views
NginxUbuntuDjangoDeployment

Deploying my web app (Nginx, Gunicorn, Django) on Ubuntu 16.10 I get a 403 error when clients try to load files to the server. Files are supposed to be saved in /var/www/annotator/media/dmitrybaranchuk/

I’ve read a lot of topics about the similar issues however nothing helped. I’m almost positive this is the problem with nginx / permissions / users. Maybe someone knows how I can fix this issue. The main information is below.

Error Logs

  • Safari Web Inspector:
    [Error] Failed to load resource: the server responded with a status of 403 (Forbidden) (dmitrybaranchuk, line 0)

  • nginx-error.log:
    [error] 10713#10713: *5 directory index of “/var/www/annotator/media/dmitrybaranchuk/” is forbidden, client: 31.173.80.174, server: 138.197.16.71, request: “POST /media/dmitrybaranchuk/ HTTP/1.1”, host: “138.197.16.71”, referrer: “http://138.197.16.71/

  • /var/log/nginx/error.log: empty

Info

  • Nginx processes:
    root - master process /usr/sbin/nginx -g daemon on; master_process on;
    www-data - worker process

  • /var/www permissions:
    /var/www and every directory/file inside has permission: 777, user: www-data, group: www-data.

  • SELinux: Disabled

  • /etc/nginx/sites-enabled/annotator

    server {
listen 80;
server_name 138.197.16.71;
access_log /home/dmitrybaranchuk/pose_annotator/logs/nginx-access.log;
error_log /home/dmitrybaranchuk/pose_annotator/logs/nginx-error.log;

location /static/ {
    alias /home/dmitrybaranchuk/pose_annotator/static/;
    expires 30d;
}
location /media/ {
    alias /var/www/annotator/media/;
}
location / {
    autoindex on;
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

  • /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}
Add a comment
dmitrybaranchuk
By:
dmitrybaranchuk
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
kyroskoh December 5, 2016

It is better to use the root directive instead of alias.

location /media/ {
    root /var/www/annotator/;
}

If you are using alias, I recommend you to use $1 for the endpoint such as this:

location /media/ {
    alias /var/www/annotator/media/$1;
}
Reply Report
dmitrybaranchuk January 1, 2017

The issue is solved. The mistake was pretty stupid: when nginx got url ’/media/dmitrybaranchuk/filename’ it sent the request to location /media/. However I supposed to direct it to location /.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help