Welcome! Log In Create A New Profile

Advanced

Nginx can't read my www directory

Posted by Neovote_G 
Nginx can't read my www directory
January 13, 2012 11:52AM
Hello,

I don't know what happened to my configuration, but now Nginx cannot read the home directory. I get :

*1 directory index of "/home/www/" is forbidden, client: (my ip), server: (my server's name), request "GET / HTTP/1.1", host: (my server's name)

I checked the following already :
- Nginx runs as a user with a specific name, let's say 'nguser'. nguser is the owner of the /home/www/ folder and all files inside, he's also the owner of /home/.
- /home/, /home/www, and all files and folders inside /home/www/ have 0755 file permissions
- I rebooted the server (nginx, and the VPS too) to no avail
- I have the following index directive : "index index.php5 index.php index.htm index.html;", and /home/www/index.php5 exists.
- Moreover, this used to work before I edited the configuration, but I only changed fastCGI buffer size to 256 kb and added a "error_page 502 = /b502.html;" directive. Commenting them, or reverting the file to the previous version, doesn't help. I also added an upstream block for PHP, but that doesn't seem to be the problem either because PhpMyAdmin (see below) is able to use it correctly.
- I run phpMyAdmin on the same server on port 60, and it works correctly (its files are placed at /home/phpmyadmin/).

So the problem seems to lie with the /home/www/ folder itself...

Does anyone have some idea I haven't thought of so I could try something ? This is really frustrating (not to mention my server is down because it serves HTTP 403 for any request)...
Thanks in advance.
Re: Nginx can't read my www directory
January 16, 2012 04:41AM
It looks like there is a problem with the fastCGI interface, as if fastCGI couldn't be accessed or something, because it only happens on PHP files. However, PHP-FPM runs under the same username, always did, and there was no problem before...
Re: Nginx can't read my www directory
January 16, 2012 05:23AM
Ok...

So it was the update to PHP FPM 5.3.9 and its new directive : security.limit_extensions. By default it only accepts .php, but my scripts, for compatibiliy reasons with non-VPS servers that use SuPHP, are all .php5, so FPM denied them.

security.limit_extensions = .php .php5 in the FPM pool definition solved it.

This should be better documented in PHP, I had to search each point of the changelog to get it.
Re: Nginx can't read my www directory
February 13, 2012 04:33PM
Neovote_G Wrote:
-------------------------------------------------------
> security.limit_extensions = .php .php5 in the FPM
> pool definition solved it.
>
> This should be better documented in PHP, I had to
> search each point of the changelog to get it.

Neovote_G,
I'm having a similar problem with PHP inside HTML files, but I can't seem to solve it (forum.nginx.org/read.php?11,222313). What file did you add "security.limit_extensions = .php .php5 " to?


TIA,
MSJ
Re: Nginx can't read my www directory
February 14, 2012 03:11AM
Hello MainStreetJames,

I added the file to the www.conf (in my case, in /etc/php5/fpm/pool.d/) file, which is the server pool definition file for PHP-FPM. The pool.d directory was, in my case, in the same directory as the php-fpm.conf file.
It is the file that contains the number of child processes, the user that the daemon will run as, etc.

Hope this helps,
Re: Nginx can't read my www directory
February 14, 2012 09:24AM
Neovote_G,
Thanks for the quick reply. I've added it to the www.conf file as well (in my case /etc/php-fpm.d/www.conf) but it hasn't made a difference.

Could it be a version issue? I'm using the latest version (5.3.10) with nginx ver 1.0.12 ... maybe I'll try to install an older version of php-fpm (before they added the security.limit_extensions directive).

Thanks again,
MSJ
Re: Nginx can't read my www directory
February 15, 2012 03:14AM
MainStreetJames,

You're welcome. I'm sorry it didn't solve your problem. You seem to have added the correct extension in the line(for instance, if your files are .htm, you'd have to add .htm at the end of the security.limit_extensions line), from what I see in your other topic.

Did you also check that the PHP-FPM user had read/write access to the files ? I don't remember if execution privilege is needed.

For reference, here is my proxy configuration inside Nginx :

location ~ \.(php|php5)$ {
fastcgi_pass PHPBackend;
fastcgi_index index.php5;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_client_abort on;
}

with PHPBackend defined as follows

upstream PHPBackend {
server unix:/tmp/php-fpm.sock;
}

(I use an upstream because in some configurations I use EY-Balancer to limit connections, and its directive needs to be placed in an upstream block. I use a UNIX socket to avoid making TCP connections inside localhost)

You can try reverting to PHP 5.3.8, which is the last version that doesn't use the security limit extension. If it's correctly defined, though, I'd look at a file permissions problem first. Check the user PHP FPM runs as, and the that the files that you try accessing have the correct permissions (you could try temporarily setting them to 0777).
You could also just rename them to .php, and make a rewrite rule that would redirect the now missing html files to php files, so as not to break all your hyperlinks.

Hope this helps,
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 146
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready