3

I am trying to serve static cache files using nginx. There are index.html files under the rails_root/public/cache directory. I tried the following configuration first, which doesn't work:

root <%= current_path %>/public;
try_files /cache$uri/index.html /cache$uri.html @rails;

This give error:

[error] 4056#0: *13503414 directory index of "(...)current/public/" is forbidden, request: "GET / HTTP/1.1"

I then tried 

root <%= current_path %>/public/cache;
try_files $uri/index.html $uri.html @rails;

And to my surprise this works. Why is it that I can do the latter not the former( since they point to the same location)

Permissions of file system

The permissions of the folders are:

775 public
  755 cache
    644 index.html

Rails sits in the user ~ directory, so the folders and files are all belong to the user good. The user for nginx is root for master and http for each worker processors:

89:http      7865  0.1  0.0   8876  2624 ?        S    Jul10   0:51 nginx: worker process                        
112:root     24927  0.0  0.0   8532  1828 ?        Ss   Jun28   0:03 nginx: master process /usr/sbin/nginx -c /etc/nginx/conf/nginx.conf

My favicon is sitting under public/ is served correctly by the following:

# asset server
server {
  listen 80;
  server_name assets.<%= server_name %>;
  expires max;
  add_header Cache-Control public;
  charset utf-8;
  root   <%= current_path %>/public;
}

LOG

For my working setup: access log shows:

request:"GET / HTTP/1.1" 200 uri:"/index.html"
request:"GET /assets/gas/468x15_4.gif HTTP/1.1" 200 uri:"/assets/gas/468x15_4.gif"

If I add index nonexistent the same directory index forbidden error would appear with following access log:

request:"GET / HTTP/1.1" 403 uri:"/"

error log:

directory index of "RAILS_ROOT/current/public/cache/gas/" is forbidden, client: _IP_, server: example.com, request: "GET / HTTP/1.1", host: "gas.example.com"

UPDATE

Please see the full config file. Note that it is complete and the example given above are a bit simplified.

I am using Nginx 1.22

lulalala
  • 1,677
  • 2
  • 13
  • 12

2 Answers2

0

I think index should be processed before try_files near NGX_HTTP_ACCESS_PHASE for as the log suggests you are requesting directory.

The correct way would be hitting official mailing list with this question.

kworr
  • 1,055
  • 8
  • 14
  • For my working code, adding your line will cause the same directory index forbidden error. I'll post the access.log above. – lulalala Aug 03 '12 at 08:46
  • Just that by reading http://www.nginxguts.com/2011/01/phases/ try_files directive is executed before content phase (index directive), so I thought index directive would never ran in my setup. – lulalala Aug 03 '12 at 08:47
0

The problem lies in the if directives in location blocks. These were only shown in the full config files (sorry to those who tried to solve this problem without that). Once I moved those to server block level it works fine.

directory index of *** is forbidden is an indication that no content directives are available in the location block. In this case the location is a nested location block, created when if directive is used in a location block.

if directives under server block level doesn't have this problem. My ifs can be moved and still function properly, but I am not sure what ifs won't work if moved.

So in this case file permissions are probably not so relevant.

@Vbart is correct in saying that if is evil.

lulalala
  • 1,677
  • 2
  • 13
  • 12