0

I've just set up my application and deployed it to /srv/my_app_name using Capistrano. However, when I try to access my app, I receive 403 Forbidden nginx/1.6.2 error. My Nginx runs under www-data user, but now I'm trying to understand what access rights should be granted to Nginx for my application folder. In my /var/log/nginx/error.log file I have this:

015/03/01 09:42:16 [error] 19451#0: *1 directory index of "/srv/my_app_name/current/public" is forbidden, client ...

This is the result of ls -l command for /srv folder:

drwxrwxr-x   3 root deploy  4096 Feb 28 16:04 srv

Resulf of namei -lm /srv/my_app_name/current/public/ command:

# namei -lm /srv/my_app_name/current/public/
f: /srv/my_app_name/current/public/
drwxr-xr-x root   root   /
drwxrwxr-x root   deploy srv
drwxrwxr-x deploy deploy my_app_name
lrwxrwxrwx deploy deploy current -> /srv/my_app_name/releases/20150301140926
drwxr-xr-x root   root     /
drwxrwxr-x root   deploy   srv
drwxrwxr-x deploy deploy   my_app_name
drwxrwxr-x deploy deploy   releases
drwxrwxr-x deploy deploy   20150301140926
drwxrwxr-x deploy deploy public

My app Nginx config:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    passenger_enabled on;
    rails_env production;
    # root /srv/my_app_name/;
    root /srv/my_app_name/current/public;

    # Make site accessible from http://localhost/
    server_name localhost staging.my_app_name.de www.staging.my_app_name.de;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
            # Uncomment to enable naxsi on this location
            # include /etc/nginx/naxsi.rules
    }
}

My previous application was deployed to /var/www and worked perfectly, but I've read that it is not the best place for application used as a service, so decided to place this one in more appropriate folder, but now I'm stuck with file permissions.

Question:

  1. should I add some rights for www-data only to public folder (/srv/my_app_name/current/public), or to the whole app folder (/srv/my_app_name)?

  2. What are the proper rights? I currentcly use deploy user for deploy, that is added to deploy group.

  3. How to add those rights (I mean commands, cause I'm not very good in Linux file permissions)?

kovpack
  • 4,905
  • 8
  • 38
  • 55
  • 1
    Could you please provide output of `namei -lm /srv/my_app_name/shared/public` command? – Maxim Mar 01 '15 at 15:08
  • 1
    + Use should use `/srv/my_app_name/current/public` instead of `/srv/my_app_name/shared/public` – Maxim Mar 01 '15 at 15:09
  • Added `namei -lm` result to question. – kovpack Mar 01 '15 at 15:12
  • @maxd yes, I've changed config and restarted nginx, but result is the same – kovpack Mar 01 '15 at 15:15
  • I've changed `namei -lm` command for appropriate folder. Updated question. – kovpack Mar 01 '15 at 15:21
  • 1
    Seems like you have all `o+r` permissions for all directories. Is it mean that your problem doesn't related to directory permissions. Look at this [post](http://stackoverflow.com/questions/8131806/rails-3-1-nginx-passenger-directory-index-forbidden). Maybe you have a problem described in this post. – Maxim Mar 01 '15 at 15:25
  • Yes, this really now seems to be not related to file permissions. But I've got passenger_root and passenger_ruby in my config. I've added for testing purposes `autoindex on;` to my config and server listed directory, so it seems to be incorrect Nginx configuration – kovpack Mar 01 '15 at 16:08

1 Answers1

0

It turned out that my nginx config was incorrect. For some reason this one worked perfectly:

server {
    listen 80 default_server;
    passenger_enabled on;
    passenger_app_env staging;
    root /srv/my_app_name/current/public;
    server_name localhost other_hosts;
}
kovpack
  • 4,905
  • 8
  • 38
  • 55