Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Forbidden location when using alias in nginx for relative urls

I am trying to set up roundcube / phpldapadmin / ... with Nginx on relative urls, e.g.:

example.com/roundcube
example.com/phpldapadmin

The source are in the following folders:

/var/www/roundcube
/usr/share/phpldapadmin

Everything was working fine with Apache 2.4 but I am new to Nginx. I have the following location for roundcube:

location /roundcube/ {
    root /var/www;
    index index.php;

    location ~ \.php$ {
        try_files $uri =404;
        include /etc/nginx/fastcgi_params;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Which works fine, but the following for phpldapadmin does not work:

location /phpldapadmin/ {
    alias  /usr/share/phpldapadmin/htdocs;
    index  index.php index.html index.htm;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

I get a 403 forbidden, with the following logs:

2016/02/07 21:43:33 [error] 23047#0: *1 directory index of "/usr/share/phpldapadmin/htdocs" is forbidden, client: xxx.xxx.xxx.xxx, server: , request: "GET /phpldapadmin/ HTTP/1.1", host: ""

I checked the permission:

$ namei -om /usr/share/phpldapadmin/htdocs
f: /usr/share/phpldapadmin/htdocs
 drwxr-xr-x root root     /
 drwxr-xr-x root root     usr
 drwxr-xr-x root root     share
 drwxr-xr-x root root     phpldapadmin
 drwxr-xr-x root www-data htdocs
$ ls -l /usr/share/phpldapadmin/htdocs/index.php
-rw-r--r-- 1 root root 20036 Oct 28 17:32 /usr/share/phpldapadmin/htdocs/index.php

I tried changing the owner to :www-data but it did not work. When I tried the following for roundcube it did not work:

location /roundcube/ {
    alias /var/www/roundcube;
    ...
}

I am thinking that this is probably a problem with a trailing /, or something similar, but I am really new to nginx so I can't find it...

Basically, I have the inverse problem of: https://stackoverflow.com/questions/31820362/nginx-403-directory-is-forbidden-when-using-root-location

like image 216
Holt Avatar asked Feb 07 '16 20:02

Holt


People also ask

What is alias in location Nginx?

NGINX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The NGINX alias directive defines a replacement for the specified location.

What is try_ files in nginx?

The try_files directive exists for an amazing reason: It tries files in a specific order. NGINX can first try to serve the static content, and if it can't, it moves on. This means PHP doesn't get involved at all.


2 Answers

The location and alias should both have a trailing / or neither have a trailing /. But in your case, you should be using root instead of alias for both location blocks.

location /roundcube {
    root /var/www;
    index index.php;

    location ~ \.php$ {
        try_files $uri =404;

        fastcgi_pass unix:/var/run/php5-fpm.sock;

        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

location /phpmyadmin {
    root  /usr/share;
    index  index.php index.html index.htm;

    location ~ \.php$ {
        try_files $uri =404;

        fastcgi_pass unix:/var/run/php5-fpm.sock;

        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

The fastcgi_index will not do anything in a location that only matches .php (see this document).

The SCRIPT_FILENAME parameter is needed in both blocks (or neither if it is already in /etc/nginx/fastcgi_params).

like image 183
Richard Smith Avatar answered Oct 23 '22 01:10

Richard Smith


Alternatively you can try to write at the top of nginx.conf >> user username

Since I am using AWS Linux EC2 instance I wrote

user ec2-user;

instead of

user nginx;

This solves the problem by giving all the required permissions

like image 29
rahulthakur319 Avatar answered Oct 23 '22 02:10

rahulthakur319