Assets not loading in production for rails app

Question

The current app I am running is working just fine in production on its ubuntu server. But now I've had to configure a Red Hat Enterprise Linux 5.5 server to deploy the app to and I am running into some issues. First of all some specs:

• rails version: 3.2.11
• ruby: 1.9.3-p194
• http server nginx + unicorn
• managing ruby environment with rbenv
• deploy method: capistrano

My nginx.conf and unicorn config file are based on Ryan Bate's videos. So I managed to get almost everything configured. I can deploy, connect to the database, etc.. However, when I visit my app's page, all of the assets fail to load. And when I go into my console it says they failed because of a 403 Forbidden error. I checked and the assets are in the correct place: apps/my_app/shared/assets. But I keep getting this 403 error.

What I've tried so far:

• checked the permissions to parent folders and the actual asset files. They all had at least read permissions for everyone
• changed config.assets.compile to true
• Followed instructions here rails deployment using nginx & unicorn: 403 forbidden error, which recommends removing the default files in conf.d and symlinking my custom nginx config file to /etc/nginx/conf.d as opposed to .../sites-enabled

Any thoughts or ideas why I am getting a 403?

Edit 1: add /etc/nginx/nginx.conf file

Not sure if this helps but this is what the nginx.conf file (under /etc/nginx) looks like (not my custom nginx file):

events {
  worker_connections  1024;
}


#----------------------------------------------------------------------
# HTTP Core Module
#
#   http://wiki.nginx.org/NginxHttpCoreModule 
#
#----------------------------------------------------------------------

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;

#
# The default server
#
server {
    listen       80;
    server_name  _;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;

}

Also, I noticed that under /etc/nginx there are nginx.conf and nginx.conf.default files, does anyone know the difference? Maybe the issue could be there?

Edit 2: Add entry from nginx log file

So I found this in the nginx log file. So maybe it is a permissions issue that could be fixed with a chmod?

2013/03/24 20:50:53 [error] 10851#0: *5 open() "/home/webapp/apps/my_app/current/public/assets/application-db22bc3811b126e586f5e82e794e7ee4.css" failed (13: Permission denied)

Edit 3: Update /etc/nginx/nginx.conf

user  nginx;
worker_processes  2;

# error_log  logs/error.log;
# error_log  logs/error.log  notice;
# error_log  logs/error.log  info;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
  worker_connections  1024;
}

http {
  include       mime.types;
  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log;

  sendfile        on;
  #tcp_nopush     on;

  keepalive_timeout  60;

  gzip  on;

  include /etc/nginx/conf.d/*.conf;

  # INSIDE THE /etc/ngin/conf.d/*.conf FILE #

  server {
    listen 80 default deferred;
    # server_name example.com;
    root /home/webapp/apps/my_app/current/public;

    location ^~ /assets/ {
      gzip_static on;
      expires max;
      add_header Cache-Control public;
    }

    try_files $uri/index.html $uri @unicorn;
    location @unicorn {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_redirect off;
      proxy_pass http://unicorn;
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;
  }

}

Answer 1

So I managed to fix this. In part to advice in this article http://nginxlibrary.com/403-forbidden-error/

for all the directories leading up to all the asset files, I set the directory permissions to chmod 775. And then for all the assets (application.js, etc...) inside apps/my_app/shared/assets I gave the files this permission chmod 775.

And that did the trick. In the article I linked to, the author mentions the need for the asset files to have both read and execute permissions, not just read.