{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 三岁会撩人 的问题《Nginx serve static file and got 403 forbidden》','https://www.manongdao.com/q-184589.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Just want to help somebody out. yes ,you just want to serve static file using nginx, and you got everything right in nginx.conf:
location /static {
autoindex on;
#root /root/downloads/boxes/;
alias /root/downloads/boxes/;
}
But , in the end , you failed. You got "403 forbidden" from browser...
----------------------------------------The Answer Below:----------------------------------------
The Solution is very Simple:
Way 1 : Run nginx as the user as the '/root/downloads/boxes/' owner
In nginx.conf :
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
YES, in the first line "#user noboy;" , just delete "#" , and change "nobody" to your own username in Linux/OS X, i.e change to "root" for test. The restart nginx.
Attention , You'd better not run nginx as root! Here just for testing, it's dangerous for the Hacker.
For more reference , see nginx (engine X) – What a Pain in the BUM! [13: Permission denied]
Way 2 : Change '/root/downloads/boxes/' owner to 'www-data' or 'nobody'
In Terminal:
ps aux | grep nginx
Get the username of running nginx . It should be 'www-data' or 'nobody' determined by the version of nginx. Then hit in Terminal(use 'www-data' for example):
chown -R www-data:www-data /root/downloads/boxes/
------------------------------One More Important Thing Is:------------------------------
These parent directories "/", "/root", "/root/downloads" should give the execute(x) permission to 'www-data' or 'nobody'. i.e.
ls -al /root
chmod o+x /root
chmod o+x /root/downloads
For more reference , see Resolving "403 Forbidden" error and Nginx 403 forbidden for all files
for accepted answer
for changing group owner of all files in that folder
You should give nginx permissions to read the file. That means you should give the user that runs the nginx process permissions to read the file.
This user that runs the nginx process is configurable with the
userdirective in the nginx config, usually located somewhere on the top ofnginx.conf:http://wiki.nginx.org/CoreModule#user
The second argument you give to
useris the group, but if you don't specify it, it uses the same one as the user, so in my example the user and the group both arewww-data.Now the files you want to serve with nginx should have the correct permissions. Nginx should have permissions to read the files. You can give the group
www-dataread permissions to a file like this:http://linux.die.net/man/1/chown
with
chownyou can change the user and group owner of a file. In this command I only change the group, if you would change the user too you would specify the username BEFORE the colon, likechown www-data:www-data my-file.html. But setting the group permissions correct should be enough for nginx to be able to read the file.Since Nginx is handling the static files directly, it needs access to the appropriate directories. We need to give it executable permissions for our home directory.
The safest way to do this is to add the Nginx user to our own user group. We can then add the executable permission to the group owners of our home directory, giving just enough access for Nginx to serve the files:
After digging into very useful answers decided to collect everything related to permissions as a recipe. Specifically, the simplest solution with maximal security (=minimal permissions).
admin, that is, she owns site dir and everything within. We do not want to run nginx as this user (too many permissions). It's OK for testing, not for prod.nginx, that is, config contains lineuser nginxnginxis in the group with the same name:nginx.nginxwithout changing file ownership. This seems to be the most secure of naive options.In order to serve static files, the minimal required permissions in the folders hierarchy (see the group permissions) should be like this (use the command
namei -l /home/admin/WebProject/site/static/hmenu.css):dr-xr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--- admin nginx admin
drwx--x--- admin nginx WebProject
drwx--x--- admin nginx site
drwx--x--- admin nginx static
-rwxr----- admin nginx hmenu.css
Next, how to get this beautiful picture? To change group ownership for dirs, we first apply
sudo chown :nginx /home/admin/WebProject/site/staticand then repeat the command stripping dirs from the right one-by-one.To change permissions for dirs, we apply
sudo chmod g+x /home/admin/WebProject/site/staticand again strip dirs.Change group for the files in the /static dir:
sudo chown -R :nginx /home/admin/WebProject/site/staticFinally, change permissions for the files in the /static dir:
sudo chmod g+r /home/admin/WebProject/site/static/*(Of course one can create a dedicated group and change the user name, but this would obscure the narration with unimportant details.)