Skip to main content

Getting a 403 on Ubuntu + Nginx

Servers • Asked by Peter Boomsma

My error log outputs the following,

[ 2014-11-02 04:18:12.0511 23504/7f64e6a36780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '23503', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-11-02 04:18:12.0628 23507/7f544fe55780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.23503/generation-0/request
[ 2014-11-02 04:18:12.1029 23512/7fd0a6b6b7c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.23503/generation-0/logging
[ 2014-11-02 04:18:12.1035 23504/7f64e6a36780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[ 2014-11-02 04:18:12.1191 23512/7fd0a6b6b7c0 agents/LoggingAgent/Main.cpp:289 ]: Caught signal, exiting...
[ 2014-11-02 04:18:13.1537 23534/7f9940e05780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '23533', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-11-02 04:18:13.1632 23537/7fa7dc711780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.23533/generation-0/request
[ 2014-11-02 04:18:13.1788 23542/7fd3b4c307c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.23533/generation-0/logging
[ 2014-11-02 04:18:13.1792 23534/7f9940e05780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[ 2014-11-02 04:40:54.6081 25129/7fd334fd9780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '25128', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-11-02 04:40:54.6228 25132/7fe9a63c6780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.25128/generation-0/request
[ 2014-11-02 04:40:54.6460 25137/7f157336b7c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.25128/generation-0/logging
[ 2014-11-02 04:40:54.6464 25129/7fd334fd9780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
2014/11/02 04:40:55 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:40:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:41:57 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:41:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:41:59 [error] 25150#0: *1 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:10 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:11 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"
2014/11/02 04:43:12 [error] 25150#0: *2 directory index of "/home/deploy/movieseat/current/public/" is forbidden, client: 82.73.170.71, server: localhost, request: "GET / HTTP/1.1", host: "178.62.204.53"

Update #1

I've added a index.html file to my public folder and deployed again, now when I visit the ip adres the website shows that index.html file. So it looks like nginx wasn't able to find a index.html file in my public folder. Which is to be expected since Rails doesn't work that way. How would I direct "this" to my Rails app?


So if it doesn't find the file, Nginx will hand it off to Passenger to try the Rails app. One thing that could be a problem is if your movieseat directory is owned by root or another user that doesn't have access to the directory. That would cause that error.

What's the output of:

ls -la /home/deploy/movieseat/current/

[email protected]:~$ ls -la /home/deploy/movieseat/current/
total 92
drwxrwxr-x 11 deploy deploy 4096 Nov  2 08:33 .
drwxrwxr-x  7 deploy deploy 4096 Nov  2 08:33 ..
drwxrwxr-x  2 deploy deploy 4096 Nov  2 08:33 .bundle
-rw-rw-r--  1 deploy deploy  466 Nov  2 08:29 .gitignore
-rw-rw-r--  1 deploy deploy    6 Nov  2 08:29 .ruby-version
-rw-rw-r--  1 deploy deploy  982 Nov  2 08:29 Capfile
-rw-rw-r--  1 deploy deploy 2376 Nov  2 08:29 Gemfile
-rw-rw-r--  1 deploy deploy 5099 Nov  2 08:29 Gemfile.lock
-rw-rw-r--  1 deploy deploy    0 Nov  2 08:29 README.md
-rw-rw-r--  1 deploy deploy  478 Nov  2 08:29 README.rdoc
-rw-rw-r--  1 deploy deploy  249 Nov  2 08:29 Rakefile
drwxrwxr-x  9 deploy deploy 4096 Nov  2 08:29 app
-rw-rw-r--  1 deploy deploy 5534 Nov  2 08:33 assets_manifest_backup
lrwxrwxrwx  1 deploy deploy   33 Nov  2 08:33 bin -> /home/deploy/movieseat/shared/bin
drwxrwxr-x  6 deploy deploy 4096 Nov  2 08:33 config
-rw-rw-r--  1 deploy deploy  553 Nov  2 08:29 config.database.yml.sqlite3
-rw-rw-r--  1 deploy deploy  154 Nov  2 08:29 config.ru
drwxrwxr-x  3 deploy deploy 4096 Nov  2 08:50 db
drwxrwxr-x  4 deploy deploy 4096 Nov  2 08:29 lib
lrwxrwxrwx  1 deploy deploy   33 Nov  2 08:33 log -> /home/deploy/movieseat/shared/log
drwxrwxr-x  3 deploy deploy 4096 Nov  2 08:33 public
drwxrwxr-x  8 deploy deploy 4096 Nov  2 08:29 test
drwxrwxr-x  2 deploy deploy 4096 Nov  2 08:33 tmp
drwxrwxr-x  3 deploy deploy 4096 Nov  2 08:33 vendor
[email protected]:~$ 

I've found someone else who has the same problem > http://stackoverflow.com/questions/26348436/rails-4-2-nginx-application-root-wont-load

I'm running RAILS_ENV=production rails s on my local machine and I got the same error now.

Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml`

I've created a secret by using rake:secret, but when I add to it my secrets.yml like this:

production:
  secret_key_base: 9c9fc2f9a0a212bb2bc5be64ec3bb722fc5ae01d79c1ed181f1b3a8e858c25f076e7845b67f75ab658947557d81c7fc08ba5bddf20860ec5d681b701be05***

I get a

We're sorry, but something went wrong.
If you are the application owner check the logs for more information.

But the log is empty. So I'm trying to fix this problem first, so I can run development locally.


Your issue is coming because nginx is trying to search for index.html file into /home/deploy/apps/mll/current/public which is not present there.
In order to fix, you will need to add passenger with your nginx. 

Instructions to follow.
      
    sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
    sudo apt-get install -y apt-transport-https ca-certificates

Add Passenger APT repository

    sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main > /etc/apt/sources.list.d/passenger.list'
    sudo apt-get update

Install passenger and nginx

    sudo apt-get install -y nginx-extras passenger

Now start nginx webserver.

    sudo service nginx start

Next, we need to update the Nginx configuration to point Passenger to the version of Ruby that we're using.

    sudo vim /etc/nginx/nginx.conf

And add or uncomment

    include /etc/nginx/passenger.conf;

Save and close nginx.conf. Then open ```/etc/nginx/passenger.conf```

    sudo vim /etc/nginx/passenger.conf

If you are using .rbenv, then

    passenger_ruby /home/deploy/.rbenv/shims/ruby;

Or if you are using rvm, then

    passenger_ruby /home/deploy/.rvm/wrappers/ruby-2.5.0/ruby;

Or if you are using system ruby, then

    passenger_ruby /usr/bin/ruby;

Next, restart nginx server

    sudo service nginx restart

Add ```passenger_enabled on;``` into your site-enabled/centers or site-enabled/nodeapp file.
    server {
            listen 80;
            listen [::]:80;
    
            root /home/deploy/apps/wiki11/current/public;
            index index.html index.htm;
    
            server_name wiki11.com www.wiki11.com;
            passenger_enabled on;
    
            location / {
                    # try_files $uri $uri/ =404;
            }
    }


Note: this configuration used for my application wiki11 which is deployed on https://www.wiki11.com and its working fine.

Restart nginx server again, 
sudo service nginx restart. 
Hopefully it should work.

For more details, follow,
https://www.phusionpassenger.com/library/install/nginx/install/oss/xenial/


Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 24,647+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.