NGINX 403 ACCESS DENIED

Question

I have this problem in nginx, it is a Laravel application. but it is in a user's folder /home/user/projects, I already tried with 777 nginx owner of the folders but it still shows the error

 FastCGI sent in stderr: "PHP message: PHP Warning: PHP Request Startup: Failed to open stream: Permission denied in Unknown on line 0; Unable to open primary script: /home/pablo/Laravel-blade/public/index.php (Permission denied)" while reading response header from upstream, client: ......., server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "13......" 

with error Access denied. I have my permissions this way.

drwxr-xr-x. 3 nginx nginx 25 Mar 2 03:53 /home/ drwxr-xr-x. 6 nginx nginx 157 Mar 2 03:55 /home/pablo/ drwxrwxrwx. 15 nginx nginx 4096 Mar 2 03:55 /home/pablo/Laravel-blade/ drwxrwxrwx. 2 nginx nginx 77 Mar 2 03:55 /home/pablo/Laravel-blade/public/ -rwxrwxrwx+ 1 nginx nginx 1710 Mar 2 03:55 /home/pablo/Laravel-blade/public/index.php 

mi www.conf

user = nginx group = nginx listen = /run/php-fpm/www.sock listen.owner = nginx listen.group = nginx listen.mode = 0660 ;listen.acl_users = apache,nginx 

mi /etc/nginx/conf.d/laravel.conf

server { listen 80; listen [::]:80; # server_name example.com; root /home/nginx-pablo/Laravel-blade/public; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; index index.php; charset utf-8; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \.php$ { try_files $uri =404; root /home/nginx-pablo/Laravel-blade/public; fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; #fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi.conf; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } } 

/etc/nginx/nginx.conf

user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80; listen [::]:80; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } 

Answer 1

As you have SELinux enabled you need to put your files into /var/www/html as this directory has httpd_sys_content_t context which allows read access to files for the php-fpm. Otherwise, you need to set the appropriate context yourself.