I've installed nginx 1.1.19 on Ubuntu 12.04 on my local machine and kept the default /etc/nginx/nginx.conf except for changing the user directive.
/etc/nginx/nginx.conf
user nginx www-data;
worker_processes 4;
pid /var/run/nginx.pid;
...
I want to make a simple static site work with the web root in my user directory (Lets say my username is 'ubuntu'). Here's the configuration for my test site.
/etc/nginx/sites-available/test-site
server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
root /home;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
}
Now obviously puts all my files in the web root so I would NOT put this on a real server, but this illustrates my point. If I create a simple webpage at /home/index.html (not inside my ubuntu user folder), I can access the page at http://localhost/
This WORKS just fine. Now I want to simply put the web root INSIDE by user folder. So in /etc/nginx/sites-available/test-site I change the root directive to be `root /home/ubuntu;. I recreate the symlink to test-site, move /home/index.html to /home/ubuntu/index.html and stop and start the nginx server. Now I get the 403 Forbidden error.
My first suspicion was that this was a permissisons problem. However, when I run ls -al index.html I see
-rw-r--r-- 1 nginx www-data 183 Aug 12 13:13 index.html
which looks right to me? Even running chmod 777 /home/ubuntu/index.html so that the permissions are
-rwxrwxrwx 1 nginx www-data 183 Aug 12 13:13 index.html
does not help. /etc/init.d/nginx configtest does not produce any errors either and I'm sure the symlink in /etc/
So I've been at this for a few hours and I'm now wondering what is so special about my user directory that I cannot serve anything inside of it? Ubuntu encrypts home directories these days? Could that be the problem? I also have this issue on an EC2 Ubuntu 12.04 instance (don't know if user directories are encrypted there)
Answer
Default User Home Directory Permissions
So it seems that the default permissions on user home directories in Ubuntu 12.04 is 700. Nginx needs to have read permission the files that should be served AND have execute permission in each of the parent directories along the path from the root to the served files.
You can give your user directory these permissions by running
chmod 701 user_home
You may also use 755, which is the default permission setting on the home directory on many systems.
The directories/files in your web root can belong to the www-data user or your regular personal user as long as the user/group that nginx runs as (as defined in nginx.conf) has READ permission on all files to be served and execute permission on all web root directories.
I just set all directories in my web root to be owned by my user account and have permissions 755 and I set all files to be served from the web root to have permissions 664 since these were the defaults on my machine.
Note on Converting Permission numbers to String Rep.
Ex. drwxr-x--x becomes 751.
Ignore the first character (d for directory, - for file, etc). The remaining 9 characters form a binary triplet where any non-dash character is a 1 and a dash is a 0.
So drwxr-x--x becomes rwxr-x--x
becomes 111 101 001
which is converted to a decimal 751
I needed a refresher on this when I was dealing with permissions.
No comments:
Post a Comment