Welcome! Log In Create A New Profile

Advanced

Nginx 403 Forbidden - reverse proxy not working on root

Posted by fotocodex 
Nginx 403 Forbidden - reverse proxy not working on root
July 23, 2009 06:57PM
I've been using nginx on our rails site for a few weeks now and I started seeing some crashes related to running a rails daemon.

I upgraded to nginx/0.8.6, built from source, in the hopes of stopping the crashes. Now whenever I access the root domain I receive a 403 forbidden error instead of the request being passed off to our thin servers. I can access anything relative to root w/o problems, i.e. for example mydomain.com fails with 403 but mydomain.com/home is passed off to the rails application just fine.

The only thing I changed in the config file was proxy_redirect false; to proxy_redirect off;

Any clues as to where or how to tackle this issue?

The error log shows: directory index of "/vol/www/mydomain.com/public/" is forbidden,

Obviously I don't want it to do a directory index but rather pass the request to our thin server.

I've verified permissions. nginx worker processes run as www-data which is the owner of the directory structure. nginx master runs as root.
Re: Nginx 403 Forbidden - reverse proxy not working on root
July 24, 2009 10:55AM
I switched back to nginx version: nginx/0.6.31 installed via apt-get install. Things are working fine now using the same nginx.conf and vhost conf files.

the nginx/0.8.6 causing the problem was built using the following configure specification:

./configure \
--sbin-path=/usr/sbin \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--without-mail_pop3_module \
--without-mail_smtp_module \
--without-mail_imap_module \
--without-http_ssi_module \
--without-http_userid_module \
--without-http_auth_basic_module \
--without-http_autoindex_module \
--without-http_browser_module

I'm trying to find out how the ubuntu hardy nginx package was built to see if perhaps my configure specification was the source of the problem.
Re: Nginx 403 Forbidden - reverse proxy not working on root
July 25, 2009 09:50AM
Do you have an index file explicitly stated in the config file?

index [i]your-index-filename[/i];

--
Jim Ohlstein
Re: Nginx 403 Forbidden - reverse proxy not working on root
July 25, 2009 12:51PM
Hello Jim,

I have tried it with an index index.html and w/o that directive. There is no index.html in the root folder. Currently the statement is in the vhost file.

I've reinstalled nginx/0.6.31 using apt-get install and things are back to working fine w/o any need to change the nginx config or the vhost. I've attached both btw.

I rebuilt version nginx-0.8.6 using the following ./configure specification which I believed was used to build the ubuntu nginx package:
[quote="./configure --conf-path=/etc/nginx/nginx.conf \\
--error-log-path=/var/log/nginx/error.log \\
--pid-path=/var/run/nginx.pid \\
--lock-path=/var/lock/nginx.lock \\
--http-log-path=/var/log/nginx/access.log \\
--http-client-body-temp-path=/var/lib/nginx/body \\
--http-proxy-temp-path=/var/lib/nginx/proxy \\
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \\
--with-debug --with-http_stub_status_module \\
--add-module=../nginx_upload_module-2.0.9 \\
--with-http_flv_module --with-http_ssl_module --with-http_dav_module \\
--with-http_realip_module --with-http_xslt_module \\
--with-sha1=/usr/include/openssl"]

[/quote]

Things seemed to work fine for a bit with the new version then suddenly I started to received the 403 error.

The environment I am testing this under is an EC2 instance of Ubuntu hardy.
Attachments:
open | download - fotocodex.co.uk (4.5 KB)
open | download - nginx.conf (1.9 KB)
Re: Nginx 403 Forbidden - reverse proxy not working on root
June 07, 2010 09:37AM
I have encountered the same error about 6 months ago and still don't know the ways how to solve this until now. I just ignored it and tried another one. It makes my head aches with this problem :(

"I can accept failure, everyone fails at something. But I can't accept not trying."
Editor @ [url=http://www.daily-reviews.com]Daily Reviews[/url]
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 66
Record Number of Users: 7 on March 06, 2014
Record Number of Guests: 229 on August 01, 2014
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready