Nginx displaying failed (13: Permission denied) when trying to access new site

linux nginx web-server centos

I am trying to set up my own web server to learn a bit more about server admin.

I have decided that I want to serve each sites files from a public_html folder inside the users /home directory.

I have installed Nginx, edited the nginx.conf and changed the username / group to nginx.

I have added a new user for the new site and changed the vhosts file to look like so;

server {
    listen         80;
    listen         [::]:80;
    server_name    website.com www.website.com;
    root           /home/website/public_html;
    index          index.html index.htm index.php;

    location / {
      try_files $uri $uri/ =404;
    }

    location ~* \.php$ {
    fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

But when I try and get to the site, it returns a 404 Not Found.

When I check the error log, I am seeing the following errors;

2019/01/02 19:49:45 [crit] 18248#0: *1 stat() "/home/website/public_html/" failed (13: Permission denied)

Any chance someone has come across this before and could tell me how to handle it?

I have had a look around and saw some posts about getenforce, but when i run it, it says Disabled.

I am using CentOS7 if that makes any difference.

Cheers,


Following the guide from this website did it for me (as root):

setsebool -P httpd_enable_homedirs 1
setenforce 0
systemctl restart nginx
systemctl daemon-reload

It is your home directory permission that is denying access to nginx.

Try:

ls -ld /home/website

then

setfacl -R -m u:nginx:rwx /home/website

Or 

chown -R nginx:nginx /home/website
chmod 655 /home/website

The solution for me was to set the /home/user/public_html permissions to 755. By default, it was being created with 751 permissions. This was blocking the nginx user from being able to 'read' it. Certain web hosting panels like VestaCP, CPanel, and others may inadvertently do this when adding a new site through their interface.

Solution: sudo chmod 755 ~/public_html (adjust path to your public_html folder)

Related

Importing Solr Cores from one old Solr to another
Wildcard certificate causes warning on Google Chrome only
Reset IPMI IP on Supermicro server with videocard died
Can I replace my Windows Server file/folder share service with a Raspberry Pi? [closed]
Optimal ARC and L2ARC settings for purpose specific storage application
Listing all zones loaded in BIND
How to prevent/firewall calls to AWS EC2 Instance Metadata API?
Unzip File With Powershell in Server 2012 Core
Symbolic link and filezilla over sftp
In CentOS 6.x, how can I upgrade to Kernel 3.4?
Why does Google recommend removing SSH keys from GCE for security?
CRITICAL STRUCTURE CORRUPTION on Windows Server 2012 R2