Setting up nginx with mongrel_cluster: 403 Forbidden

lalena · March 24, 2008, 1:25pm

Hi,

I’m trying to deploy a Rails application on FreeBSD 7.0 with
mongrel_cluster and nginx/0.5.35.

On ports 8000 and 8001 the application runs fine. But on port 80 nginx
returns “403 Forbidden”. The according line from the logfile:

2008/03/24 11:44:54 [error] 2898#0: *4 directory index of
“/var/www/apps/myapp/current/public/” is forbidden, client:
91.41.111.73, server: myapp.net, request: “GET / HTTP/1.1”, host:
“myapp.net”

The whole deployment directory belongs to user deploy and is read- and
writable.

If someone could point me in a direction of what I might have missed,
this would be great!

Lena

my nginx.conf :

user deploy deploy;
worker_processes 2;

pid /var/run/nginx.pid;
error_log /var/log/nginx/default.error.log debug;

events {
worker_connections 1024;
}

http {
include conf/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local]

$request ’
'“$status” $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

sendfile        on;
tcp_nopush     on;
tcp_nodelay on;


gzip  on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/html text/css application/x-javascript

text/xml application/xml application/xml+rss text/javascript;

access_log /var/log/nginx.default.access.log main;
error_log /var/log/nginx.default.error.log info;

upstream myapp {
server 127.0.0.1:8000;
server 127.0.0.1:8001;
}

server {

port to listen on. Can also be set to an IP:PORT

listen 80 default;

Set the max size for file uploads to 50Mb

client_max_body_size 50M;

sets the domain[s] that this vhost server requests for

server_name myapp.net;

doc root

root /var/www/apps/myapp/current/public;

vhost specific logs

access_log /var/www/apps/myapp/shared/log/myapp.access.log main;
error_log /var/www/apps/myapp/shared/log/myapp.error.log notice;

if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}

Block access to paths containing .svn

location ~* ^..svn.$ {
internal;
}
location / {
index index.html index.htm;
# Forward the user’s IP address to Rails
proxy_set_header X-Real-IP $remote_addr;
# needed for HTTPS
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
proxy_max_temp_file_size 0;
location ~ ^/(images|javascripts|stylesheets)/ {
expires 10y;
}
if (-f $request_filename) {
break;
}
if (-f $request_filename/index.html) {
rewrite (.) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.) $1.html break;
}

uncommented cause the “!” causes an error

if (! -f $request_filename) {

proxy_pass http://myapp;

break;

}

}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /var/www/apps/myapp/current/public;
}
}

lalena · March 24, 2008, 10:15pm

On Mon, 2008-03-24 at 13:25 +0100, Lena Herrmann wrote:

If someone could point me in a direction of what I might have missed,
this would be great!

proxy_max_temp_file_size  0;
  rewrite (.*) $1.html break;

}
}

Where is your proxy_pass directive? It looks like you had one and then
commented it out.

As an aside, I suggest you put your proxy directives into a separate
file and then include it (that is, everything except the proxy_pass
directive). If your config was a little less cluttered, you’d certainly
have caught this omission yourself.

Cliff