First off, apologies: I know the 403 Forbidden question is a common one for Rails/Nginx installs, but none of the answers I've read so far have solved it for me.

Disclaimer: This is my first time deploying a Rails app somewhere that isn't Heroku. Please be gentle. ;)

Situation: I have a Rails app running on an Ubuntu 12.04 server, running Nginx (installed with Passenger).

I've deployed my app to my server correctly, but when I attempt to access the site, I receive a 403 Forbidden error.

Checking my error logs, I see:

2013/10/23 22:47:01 [error] 27954#0: *105 directory index of "/var/www/colepeters.com/current/public/" is forbidden, client: 50.3…server: colepeters.com, request: "GET / HTTP/1.1", host: "colepeters.com"
2013/10/23 22:47:10 [error] 27954#0: *106 directory index of "/var/www/colepeters.com/current/public/" is forbidden, client: 184…server: colepeters.com, request: "GET / HTTP/1.1", host: "colepeters.com"
2013/10/23 22:47:12 [error] 27954#0: *107 directory index of "/var/www/colepeters.com/current/public/" is forbidden, client: 151…server: colepeters.com, request: "GET / HTTP/1.1", host: "colepeters.com"

However, when checking permissions on this directory, I see that the user I have setup to use Nginx had both read and execute permissions on it.

Here's the relevant info from my nginx.conf:

user  XXXX;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    passenger_root /home/cole/.rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.21;
    passenger_ruby /home/cole/.rvm/wrappers/ruby-2.0.0-p247/ruby;

    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
       listen       80;
        server_name  colepeters.com www.colepeters.com;
        passenger_enabled on;
        root /var/www/colepeters.com/current/public/;
        rails_env production;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
          root   /var/www/colepeters.com/current/public;
          index  index.html index.htm;
          # autoindex on;
        }

I would greatly appreciate any help on resolving this. Thanks!

UPDATE I have since corrected the erroneus passenger_ruby path, but the 403 Forbidden is persisting, even after restarting Nginx.

You can check the path of your passenger installation with

passenger-config --root

and the path of your ruby installation with

which ruby

then compare with the inserted in nginx.conf.

I got the same error. In my case, I fixed it by removing the location / {} entry. - or make sure that your user have permission to your rails project

...
server {
    listen       80;
    server_name  127.0.0.1;
    passenger_enabled on;
    rails_env production;
    root /www/kalender/public ;

    #charset koi8-r;

    access_log  /var/log/nginx/host.access.log;

    #location / {
       #root   html;
        #index  index.html index.htm;
    #}

Adding passenger_enabled on; to the server directive worked for me.

I was running a similar setup to yours and having the same problem with my nginx.conf file. Stumbling across the Nginx pitfalls page helped me solve it.

Your file looks similar to mine, so I'll share two things you may want to try that worked for me:

1. first, you have the root path in both the server {} block AND the location {} block. While not necessarily a problem, according to the docs linked above "If you add a root to every location block then a location block that isn't matched will have no root." I got rid of the roots in the location blocks but kept it in the server block.

2. move the 'index' directives (index index.html index.htm;) out of the location block up to within the http {} block. The location blocks will inherit from this.

doing those two things and restarting the server worked for me.

The problem lies in the location / {...} section: the passenger_enabled on doesn't propagate from the server {...} into the location / {...}.

If you either remove location / {...}, or add passenger_enabled on to it, it should work.

The key things are: Remove the location block for the / section, assuming that the Rails application is accessible at /

Ensure the passenger_ruby is pointing to the rvm wrapper script for the selected ruby version

Add execute permissions to user, group and others to all the directories reaching to

/var/www/rails_app/public folder 
/var
/var/www
/var/www/rails_app
/var/www/rails_app/public_foler 

you also have config-file for passenger called passenger.conf by default in /etc/nginx/conf.d/passenger.conf there you have to put correct roots. you can check the roots with these two commands

passenger-config --root

and

which ruby

so when you get these roots you have to compare them with such in your passenger.conf file and it can be e.g. smth like this

#passenger-config --root
passenger_root /usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini;
#which ruby
passenger_ruby /usr/local/rvm/rubies/ruby-2.4.0/bin/ruby;
passenger_instance_registry_dir /var/run/passenger-instreg;

so if you use this way don't forget to make in http section of your nginx.conf

include /etc/nginx/conf.d/passenger.conf

as well as inserting in server section

passenger_enabled on;

You are declaring the root twice inside the server block and inside the /location block as well as directing nginx to use the index directive. Also remove the "/" after public folder

try doing this

user  XXXX;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    passenger_root /home/cole/.rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.21;
    passenger_ruby /home/cole/.rvm/wrappers/ruby-2.0.0-p247/ruby;

    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
       listen       80;
        server_name  colepeters.com www.colepeters.com;
        passenger_enabled on;
        root /var/www/colepeters.com/current/public;
        rails_env production;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

    }
}