Solve an NGINX "403 Forbidden" Error

Leave your reply

Introduction

The "403 Forbidden" browser error is the most common error encountered when working with NGINX. Learn more about what causes this NGINX error, how to locate the source of the error, and how to correct the underlying problem.

About the Error

"403 Forbidden" is an all-purpose NGINX error which indicates that you have asked for something that NGINX - for a variety of potential reasons - cannot deliver. "403" is actually an HTTP status code that means that the web server has received and understood your request, but that it cannot take any further action.

Locating the NGINX Configuration File

By default the NGINX configuration files are located in /etc/nginx. If you check this directory, you will find a number of configuration files for NGINX's various modules.

The main configuration file is /etc/nginx/nginx.conf. This is the file with all of the main directives for NGINX, similar to Apache's main httpd.conf file.

To edit this file, use the command:

CentOS 7:

sudo nano /etc/nginx/conf.d/test.example.com.conf

Ubuntu 16.04:

sudo nano /etc/nginx/sites-available/test.example.com.conf

Incorrect Index File

One of the most common causes of the "403 Forbidden" error is not having a correctly set up index file.

The NGINX configuration file specifies which index files to load, and in which order. For example, this line tells NGINX to look for index.html, then index.htm, then index.php:

index index.html index.htm index.php;

If none of those three files are found in the directory, NGINX returns a "403 Forbidden" error.

Note: These file names are case-sensitive. If the NGINX configuration file specifies index.html but the file is named Index.html, this will cause a "403 Forbidden" error.

If you wish to use an index file name which your NGINX web server does not recognize, edit the NGINX configuration file as described above and add the file name to the index configuration line.

For example, to add index.py to the list of recognized index files, edit this line to read:

index index.html index.htm index.php index.py;

Save and exit the file, then restart NGINX with the command:

sudo nginx -s reload

Autoindex

An alternative solution is to allow directory index. Directory index means that if no index file is found, the server will list all of the contents of the directory.

For security reasons, directory index is turned off by default in NGINX.

If you would like to show the directory index in situations where NGINX is not able to find (or identify) an index file, edit the NGINX configuration file as described above and add the following two configurations:

    autoindex on;
    autoindex_exact_size off;

These configurations must be added to a location block. You can either add them to the existing location / block, or add a new one. The final result will look like:

location / {
  [pre-existing configurations, if applicable]
  autoindex on;
  autoindex_exact_size off;
  }

You can also activate the directory indexing on in a specific directory, if you do not want it to be available site-wide:

location /myfiles {
  autoindex on;
  autoindex_exact_size off;
  }

Save and exit the file, then restart NGINX with the command:

sudo nginx -s reload

File Permissions

Incorrect file permissions are another cause of the "403 Forbidden" error. The standard setting of 755 for directories and 644 for files is recommended for use with NGINX. The NGINX user also needs to be the owner of the files.

Identify the NGINX User

To begin, you will need to determine what user NGINX is running as. To do this, use the command:

ps -ef | grep nginx

Check the first column, for any of the NGINX worker processes:

In this example, the NGINX worker process is running as the user nginx.

Set File Ownership

Go to the directory above the website's document root. For example, if your website's document root is /usr/share/nginx/example.com go to /usr/share/nginx with the command:

cd /usr/share/nginx

Change the ownership of all the files from this point down to the nginx user with the command:

sudo chown -R nginx:nginx *

Set Permissions

Set the permissions of each directory at this location to 755 with the command:

sudo chmod 755 [directory name]

For example, to set the permissions of the example.com directory, the command is:

sudo chmod 755 example.com

Then go to the web document root directory:

cd example.com

Change the permissions of all the files in this directory with the command:

sudo chmod 644 *

Leave your reply