1

I recently switched my CentOS 7 machine from Apache to nginx, and I am running into some issues getting my machine properly functioning. I recently installed a new server block into the system with the following configuration:

server {
    listen       80;
    server_name  example.com;
    root         /usr/share/nginx/example.com/public_html;

    access_log   example.com/logs/example.com_access.log;
    error_log    example.com/logs/example.com_error.log crit;

    location / {
        index  index.html index.htm;
    }
}

However, whenever I go to the homepage (e.g. example.com), I am given a 403 error on the page. Additionally, I've noted that I get the same result whenever I add anything to one of my already existing server blocks that I imported from Apache virtual hosts. The files I imported originally work as expected, but whenever I write new content, I also get a 403 error on those pages.

The owner and group of the public web directory is myuser:nginx (I want to edit files as part of the group nginx, but that's already in another question). The public web root has had chmod -R 755 run on it as well.

I am confused about where to proceed or how to debug this further. What could be causing the issue?

Community
  • 1
J.W.F.
  • 328
  • 2
  • 4
  • 15
  • First look at the error log. – Michael Hampton Nov 05 '15 at 03:47
  • Yes, please confirm the error log entries as well as your main nginx.conf config setup, specifically the part where the user and group are defined. – JayMcTee Nov 05 '15 at 10:23
  • @MichaelHampton @JayMcTee My error log that I defined in the above server block is empty; the access log only contains specific information about my browser. The contents of my `nginx.conf` file can be found [here](http://paste.fedoraproject.org/287235/28789144/). – J.W.F. Nov 05 '15 at 13:07
  • You set the error log severity to `crit`. That suppresses all the normal messages that would tell you what is going on here. Fix that and try again. – Michael Hampton Nov 05 '15 at 18:03
  • @MichaelHampton Silly mistake on my part, should have paid more attention. Set it to error logging and as expected got the info I needed. `2015/11/06 15:45:35 [error] 26467#0: *1 open() "/usr/share/nginx/example.com/public_html/index.html" failed (13: Permission denied), client: XXX.XX.XX.XXX, server: example.com, request: "GET / HTTP/1.1", host: "example.com"` So now why would the nginx web server not have permission to open the file? The file is owned by my user and the group is set to `nginx`. – J.W.F. Nov 06 '15 at 20:48
  • 1
    It's not a directory recognized by SELinux as holding web documents. Try using subdirectories of `/srv/www` instead. – Michael Hampton Nov 06 '15 at 21:27
  • @MichaelHampton Ahhhhh, I see. I had tried to create a custom policy for SELinux for nginx that seemed to get it working, but my guess is that I would have had to update it everytime I add new content... ouch. Moving it all to `/var/www/` seems to have solved everything. If you want to convert that to an answer, I will accept! – J.W.F. Nov 06 '15 at 22:37

0 Answers0