Nginx throws 403 Forbidden nginx/1.11.8 errors despite using all answers from serverfault

user7342807 asked:

I have CentOs 7.3 and Nginx 1.11.8 and PHP-FPM 7.0

This is a clean install, and everytime I get the above error page if I change the root for the nginx dir from /usr/share/nginx/html to anything.

This time I changed it to /var/www/html.

Now I am getting the error.

I have given the html dir chmod 775 and then 777 to no avail.
I have also made chown -R nginx:nginx html/

These don’t work. BUT, if I disabled SELinux as setenforce 0 everything works.

I don’t want to disable selinux entirely due to this issue, but it’s driving me nuts.

chmoding with www-data gives me this error.

[simon@localhost www]$ chown -R www-data:www-data html
chown: invalid user: âwww-data:www-dataâ

Which I think is fair, since I have no user named www-data. Nginx is running under nginx user.

tail /var/log/nginx/error.log gives me this:

2017/01/07 22:37:03 [error] 3336#3336: *1 open() "/var/www/html/nginx.html" failed (13: Permission denied), client: 10.0.2.2, server: localhost, request: "GET /nginx.html HTTP/1.1", host: "localhost"
2017/01/07 22:37:06 [error] 3336#3336: *1 "/var/www/html/index.php" is forbidden (13: Permission denied), client: 10.0.2.2, server: localhost, request: "GET / HTTP/1.1", host: "localhost"

So, it is still a permission issue, probably tied to SELinux VLC thing.. I’m not sure.

Here is my ls -lZ output.

[simon@localhost html]$ ls -lZ
-rwxrwxrwx. root root system_u:object_r:vmblock_t:s0   index.php
-rwxrwxrwx. root root system_u:object_r:vmblock_t:s0   nginx.html

My answer:


How on earth did you get those bizarre SELinux contexts? Those are not the default contexts.

Anyway, you should use restorecon to change the SELinux contexts back to the defaults, on all of your web content. For example:

restorecon -r -v /var/www/html

You also should never chmod 777 anything, not even for “testing”.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.