I've created a simple upload script in php that takes a file submitted from a form and puts it in the desired directory. The problem is that, for some reason, when you try to show this file in the browser, the server answers with a 403 - Forbidden message. In fact I modified the script so it first makes a copy of the file from the tmp folder and then moves it with a different name:
copy($_FILES['photo']['tmp_name'],$new_file_name);
move_uploaded_file($_FILES['photo']['tmp_name'], 'm_'.$new_file_name);
So if i.e. I upload file.jpg, it creates file.jpg (copied) and m_file.jpg (moved). On the server, both files are in the same folder and look identical, with the same permissions, user and group, except that domain.com/file.jpg shows the image and domain.com/m_file.jpg returns a 403 error.
If I disable nginx and make it work with apache, it all works fine, though. I revised nginx conf files but there's nothing strange (in fact is using the default config)
Update: strangely, seems that the problem only shows up in configurations where the PHP version is greater than 5.3 and is executed as "fpm application served by nginx". So, it works fine with 5.3.3 but does not work with php 5.5 or 7, unless you execute it as a "fastCGI app served by Apache"