Nginx app entrence forbidden although DB and CMS synced and DR dir permissions set

March 6, 2018 93 views
Nginx Ubuntu 16.04

On Ubuntu 16.04 with Bash I've established LEMP and I can't access a WordPress app from browser although DB data is according (as I recall), and document root app dir has the right permissions (see below).

Nginx conf

WordPress app wp-config.php

This is the only part I changed in wp-config.php:

define('DB_NAME', '');
define('DB_USER', '');
define('DB_PASSWORD', 'example.password');

My resets before testing

chown -R www-data:www-data "$drt"/
chmod -R a-x,a=rX,u+w "$drt"/
systemctl restart nginx.service
/etc/init.d/php*-fpm restart

Current state

I get "entrance forbidden" when navigating to my domain in the browser.

No errors besides "entrance forbidden" appear in Nginx conf.

The DB user and the DB name are identical to one another and also identical to the app's dir name

Desired state

Entrance permitted.

My question

Why is the entrance forbidden, given the above data? What I miss?


  1. This problem is unique to the WordPress app. It doesn't happen with the non-HTTPS, PHPmyadmin app.
1 Answer

Hi @benqzq920eee9010102b3d3c63, good to hear that you were able to solve this! Copying this over from your stack overflow follow-up just in case someone else lands on this page :)

I was able to solve it with this conf:

server {
    root /var/www/html/;
    index index.php index.html index.htm;
    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|ttf|woff|pdf)$ {
        expires 365d;

 # managed by Certbot

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    return 404; # managed by Certbot

Have another answer? Share your knowledge.