Nginx is throwing an 403 Forbidden on Static Files
Question:
I have a django app, python 2.7 with gunicorn and nginx.
Nginx is throwing a 403 Forbidden Error, if I try to view anything in my static folder @:
/home/ubuntu/virtualenv/myapp/myapp/homelaunch/static
nginx config(/etc/nginx/sites-enabled/myapp) contains:
server {
listen 80;
server_name *.myapp.com;
access_log /home/ubuntu/virtualenv/myapp/error/access.log;
error_log /home/ubuntu/virtualenv/myapp/error/error.log warn;
connection_pool_size 2048;
fastcgi_buffer_size 4K;
fastcgi_buffers 64 4k;
root /home/ubuntu/virtualenv/myapp/myapp/homelaunch/;
location /static/ {
alias /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
}
}
error.log contains:
2013/11/24 23:00:16 [error] 18243#0: *277 open() "/home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/img/templated/home/img.png" failed (13: Permission denied), client: xx.xx.xxx.xxx, server: *.myapp.com, request: "GET /static/img/templated/home/img2.png HTTP/1.1", host: "myapp.com", referrer: "http://myapp.com/"
access.log contains
xx.xx.xx.xxx - - [24/Nov/2013:23:02:02 +0000] "GET /static/img/templated/base/animg.png HTTP/1.1" 403 141 "http://myapp.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:25.0) Gecko/20100101 Firefox/25.0"
xx.xx.xx.xxx - - [24/Nov/2013:23:02:07 +0000] "-" 400 0 "-" "-"
I tried just viewing say a .css file in /static/ and it throws an error like this in source:
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.1.19</center>
</body>
</html>
Answers:
It appears the user nginx is running as (nginx?) is missing privileges to read the local file /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/img/templated/home/img.png. You probably wanna check file permissions as well as permissions on the directories in the hierarchy.
Try specifying a user at the top of your nginx.conf, above the server section.
user www-data;
After hours upon hours following so many articles, I ran across :
http://nicholasorr.com/blog/2008/07/22/nginx-engine-x-what-a-pain-in-the-bum/
which had a comment to chmod the whole django app dir, so I did:
sudo chmod -R myapp
This fixed it. Unbelievable!
Thanks to those who offered solutions to fix this.
The minimum fix that worked for me is:
sudo chmod -R 664 /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/
sudo chmod -R a+X /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/
(BTW, in my case the static folder is called collected_static)
MacOs El Capitan: At the top of nginx.conf write user username group_name
My user name is Kamil so i write:
user Kamil staff;
(word ‘staff’ is very important in macOS). This do the trick. After that you don’t need to change any permission in your project folder and files.
It seems the web server user doesn’t have read permissions to the static files.
You can solve this in 2 ways:
-
(easiest, safer) run the nginx as you app user instead of default nginx user. To do this, add the following in nginx.conf
user your_app_user
Replace your_app_user with appropriate unix username for your app. In this case the your_app_user already has necessary permissions to the static content.
-
Another way would be to to grant permissions for the web server user to the static dir.
I had the same issue no long ago. It might be a combination of factors. I found how to fix 403 access denied by replacing the user in the nginx.conf file.
- I deployed my website on an ubuntu server using Digital Ocean.
- I created a new user on my new ubuntu server and give admin priviliges
adduser newuser
usermod -aG sudo newuser
- I updated my new server and installed few packages
sudo apt update
sudo apt install python3-pip python3-dev libpq-dev postgresql postgresql-contrib nginx curl
- I followed all this beautiful instruction on how to deploy your site on Digital Ocean
- Since I changed the user and I ssh into my new server using this new user, I need to replace the user on the
nginx.conf. By default nginx.conf user is www-data:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
Then I replaced with my sudo user and solved my problem.
user newuser;
worker_processes auto;
pid /run/nginx.pid;
- Then I restart nginx, gunicorn and postgresql(even if the last one it is not really necessary)
sudo systemctl restart nginx
sudo systemctl restart gunicorn
sudo systemctl restart postgresql
And tada.. 🙂 no more issue.
The best solution in that case would be to add www-data to username group:
gpasswd -a www-data username
For your changes to work, restart nginx
nginx -s reload
Fix 403 error with Django static files on Ubuntu server.
-
Run this -> gpasswd -a www-data your_proj_username
-
Reload nginx -> nginx -s reload
-
Check chmod for your dirs: /home, /home/proj_dir, /home/proj_dir/static
- Run this –
stat --format '%a' /home . Result must be 755
- Run this –
stat --format '%a' /home/your_proj_dir/static . Result must be 755
- Run this –
stat --format '%a' /home/your_proj_dir . Result must be 750
- If you have different values you can try to change this:
sudo chmod 755 /homesudo chmod 755 /home/your_proj_dir/staticsudo chmod 750 /home/your_proj_dir
- Reload you project-server. This solve all permission errors
I have a django app, python 2.7 with gunicorn and nginx.
Nginx is throwing a 403 Forbidden Error, if I try to view anything in my static folder @:
/home/ubuntu/virtualenv/myapp/myapp/homelaunch/static
nginx config(/etc/nginx/sites-enabled/myapp) contains:
server {
listen 80;
server_name *.myapp.com;
access_log /home/ubuntu/virtualenv/myapp/error/access.log;
error_log /home/ubuntu/virtualenv/myapp/error/error.log warn;
connection_pool_size 2048;
fastcgi_buffer_size 4K;
fastcgi_buffers 64 4k;
root /home/ubuntu/virtualenv/myapp/myapp/homelaunch/;
location /static/ {
alias /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
}
}
error.log contains:
2013/11/24 23:00:16 [error] 18243#0: *277 open() "/home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/img/templated/home/img.png" failed (13: Permission denied), client: xx.xx.xxx.xxx, server: *.myapp.com, request: "GET /static/img/templated/home/img2.png HTTP/1.1", host: "myapp.com", referrer: "http://myapp.com/"
access.log contains
xx.xx.xx.xxx - - [24/Nov/2013:23:02:02 +0000] "GET /static/img/templated/base/animg.png HTTP/1.1" 403 141 "http://myapp.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:25.0) Gecko/20100101 Firefox/25.0"
xx.xx.xx.xxx - - [24/Nov/2013:23:02:07 +0000] "-" 400 0 "-" "-"
I tried just viewing say a .css file in /static/ and it throws an error like this in source:
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.1.19</center>
</body>
</html>
It appears the user nginx is running as (nginx?) is missing privileges to read the local file /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/img/templated/home/img.png. You probably wanna check file permissions as well as permissions on the directories in the hierarchy.
Try specifying a user at the top of your nginx.conf, above the server section.
user www-data;
After hours upon hours following so many articles, I ran across :
http://nicholasorr.com/blog/2008/07/22/nginx-engine-x-what-a-pain-in-the-bum/
which had a comment to chmod the whole django app dir, so I did:
sudo chmod -R myapp
This fixed it. Unbelievable!
Thanks to those who offered solutions to fix this.
The minimum fix that worked for me is:
sudo chmod -R 664 /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/
sudo chmod -R a+X /home/ubuntu/virtualenv/myapp/myapp/homelaunch/static/
(BTW, in my case the static folder is called collected_static)
MacOs El Capitan: At the top of nginx.conf write user username group_name
My user name is Kamil so i write:
user Kamil staff;
(word ‘staff’ is very important in macOS). This do the trick. After that you don’t need to change any permission in your project folder and files.
It seems the web server user doesn’t have read permissions to the static files.
You can solve this in 2 ways:
-
(easiest, safer) run the nginx as you app user instead of default
nginxuser. To do this, add the following in nginx.confuser your_app_userReplace
your_app_userwith appropriate unix username for your app. In this case theyour_app_useralready has necessary permissions to the static content. -
Another way would be to to grant permissions for the web server user to the static dir.
I had the same issue no long ago. It might be a combination of factors. I found how to fix 403 access denied by replacing the user in the nginx.conf file.
- I deployed my website on an ubuntu server using Digital Ocean.
- I created a new user on my new ubuntu server and give admin priviliges
adduser newuser
usermod -aG sudo newuser
- I updated my new server and installed few packages
sudo apt update
sudo apt install python3-pip python3-dev libpq-dev postgresql postgresql-contrib nginx curl
- I followed all this beautiful instruction on how to deploy your site on Digital Ocean
- Since I changed the user and I ssh into my new server using this new user, I need to replace the user on the
nginx.conf. By defaultnginx.confuser iswww-data:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
Then I replaced with my sudo user and solved my problem.
user newuser;
worker_processes auto;
pid /run/nginx.pid;
- Then I restart nginx, gunicorn and postgresql(even if the last one it is not really necessary)
sudo systemctl restart nginx
sudo systemctl restart gunicorn
sudo systemctl restart postgresql
And tada.. 🙂 no more issue.
The best solution in that case would be to add www-data to username group:
gpasswd -a www-data username
For your changes to work, restart nginx
nginx -s reload
Fix 403 error with Django static files on Ubuntu server.
-
Run this ->
gpasswd -a www-data your_proj_username -
Reload nginx ->
nginx -s reload -
Check chmod for your dirs:
/home,/home/proj_dir,/home/proj_dir/static
- Run this –
stat --format '%a' /home. Result must be 755 - Run this –
stat --format '%a' /home/your_proj_dir/static. Result must be 755 - Run this –
stat --format '%a' /home/your_proj_dir. Result must be 750
- If you have different values you can try to change this:
sudo chmod 755 /homesudo chmod 755 /home/your_proj_dir/staticsudo chmod 750 /home/your_proj_dir
- Reload you project-server. This solve all permission errors