1

Upgrading passenger to 5.1.11 makes all my requests fail with HTTP status code 403, downgrading to 5.1.10 works. I run nginx as root and all my rails applications reside in my non-root user's home directory. passenger and nginx-extras were installed from passenger apt repos as decribed here. There is no error in nginx or rails application logs other than the 403 status in access logs.

I have verified that all the rails application directories and their parent directories have read and executable permissions enabled for all users in the system.

I think this has something to do with https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/. What should I do to fix it?

OS: Ubuntu 17.04
Nginx: 1.10.3

Chandra Sekar
  • 10,683
  • 3
  • 39
  • 54
  • Can you provide the following information as well? - How did you install Passenger? Via gem, tarball, APT? - What error messages do you find in the Nginx error log? – Hongli Oct 20 '17 at 08:00
  • @Hongli Edited to add those details. – Chandra Sekar Oct 20 '17 at 08:25
  • You say that there is nothing in your Nginx "access logs", but I need to know what's in your Nginx *error* logs. Also, make sure that you look in the *right* error log file. See https://www.phusionpassenger.com/library/admin/nginx/log_file/#location-of-the-log-file – Hongli Oct 20 '17 at 12:28
  • Yes error log is completely quiet. The only indication of any failure is in the access log. – Chandra Sekar Oct 20 '17 at 13:38
  • 1
    See the note at https://www.phusionpassenger.com/library/install/nginx/install/oss/zesty/#step-1:-install-passenger-packages you need to uninstall nginx-extras and install the system nginx to use the recent passenger packages. – Camden Narzt Oct 20 '17 at 17:06
  • @CamdenNarzt I had installed passenger before July. Using the module fixed my issue! Can you please provide this as an answer for me to accept it? – Chandra Sekar Oct 23 '17 at 09:02
  • OnyxSO updated his answer to include the correct info you can just accept that. – Camden Narzt Oct 23 '17 at 14:23

1 Answers1

2

Edit: you mentioned your OS is 17.04 and not 17.10. Phusion's instructions for 17.04 tell you to remove nginx-extras, not to install it (as you say you've done).

So, for 17.04, try removing nginx-extras, then installing nginx and libnginx-mod-http-passenger.

--

You list your OS as Ubuntu 17.10 Artful, but the instructions you linked are for Ubuntu 17.04 Zesty, so that's not going to work.

Ubuntu 17.10 was released yesterday, there are no Passenger packages for it yet (usually available when the next Passenger version is released).

You can either wait for those packages or install Passenger via gem or tarball (Option Other: www.phusionpassenger.com/library/install/nginx/install/oss/).

OnixSO
  • 136
  • 2
  • Oops! Sorry, I was reading up about 17.10 changes and mis-typed the actual version. :) I have edited the question to correct it. – Chandra Sekar Oct 20 '17 at 09:33