Access forbidden by rule, with nginx

Discussion in 'Installation/Configuration' started by llopht, Feb 12, 2023.

Tags:
  1. llopht

    llopht New Member

    Hi there,
    It's not the first time I install IspConfig but it's the first time with Ubuntu 20 (I'am a long date centos user).
    I have followed the perfect server tutorial for Ubuntu 20 and switched to the 18 version for nginx instead apache.
    Note : I need only bind, it's just for a secondary DNS server.

    Each time, I try to connect to ispconfig I got a 403 error :

    Code:
    2023/02/12 17:15:02 [error] 87900#87900: *6 access forbidden by rule, client: 127.0.0.1, server: my.fqdn.com, request: "GET / HTTP/1.1", host: "localhost"
    I have double checked all, but I don't understand why :
    • User in nginx.conf is www-data
    • In /etc/group, I have ispconfig:x:1003:www-data
    • In /etc/passwd, I have ispconfig:x:1002:1003::/usr/local/ispconfig:/bin/bash
    The phpfpm for ispconfig seem to be correct :

    Code:
    [ispconfig]
    listen = /var/lib/php7.4-fpm/ispconfig.sock
    listen.owner = ispconfig
    listen.group = ispconfig
    listen.mode = 0660
    user = ispconfig
    group = ispconfig
    pm = dynamic
    pm.max_children = 500
    pm.start_servers = 2
    pm.min_spare_servers = 1
    pm.max_spare_servers = 5
    chdir = /
    And the file exist :

    Code:
    [email protected]:/etc/nginx# stat /var/lib/php7.4-fpm/ispconfig.sock
      File: /var/lib/php7.4-fpm/ispconfig.sock
      Size: 0             Blocks: 0          IO Block: 4096   socket
    Device: 801h/2049d    Inode: 523853      Links: 1
    Access: (0660/srw-rw----)  Uid: ( 1002/ispconfig)   Gid: ( 1003/ispconfig)
    The nginx conf file is correct and use the previous sock :

    Code:
    # configuration file /etc/nginx/sites-enabled/000-ispconfig.vhost:
    server {
            listen 1.2.3.4:80;
            server_name _;
            root   /usr/local/ispconfig/interface/web/;
            client_max_body_size 20M;
            location / {
                   index index.php index.html;
            }
    
            location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
                   access_log        off;
            }
    
        location ~ \.php$ {
                   try_files $uri =404;
                   include /etc/nginx/fastcgi_params;
                   fastcgi_pass unix:/var/lib/php7.4-fpm/ispconfig.sock;
                   fastcgi_index index.php;
                   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                   #fastcgi_param PATH_INFO $fastcgi_script_name;
                   fastcgi_buffer_size 128k;
                   fastcgi_buffers 256 4k;
                   fastcgi_busy_buffers_size 256k;
                   fastcgi_temp_file_write_size 256k;
                   fastcgi_read_timeout 1200;
                               fastcgi_param HTTP_PROXY "";
            }
    
        location ~ /\. {
                   deny  all;
            }
    }
    The files exists and the right seem to be ok :

    Code:
    [email protected]:/usr/local/ispconfig/interface/web# ls -alh
    total 116K
    drwxr-x--- 19 ispconfig ispconfig 4.0K Feb 11 20:43 .
    drwxr-x---  9 ispconfig ispconfig 4.0K Feb 11 19:45 ..
    drwxr-x---  6 ispconfig ispconfig 4.0K Feb 11 19:45 admin
    -rwxr-x---  1 ispconfig ispconfig 2.9K Feb 11 19:45 capp.php
    drwxr-x---  6 ispconfig ispconfig 4.0K Feb 11 19:45 client
    -rwxr-x---  1 ispconfig ispconfig 2.1K Feb 11 19:45 common.php
    -rwxr-x---  1 ispconfig ispconfig 3.0K Feb 11 19:45 content.php
    So I don't understand where is the issue.

    Any help please.

    Jerome
     
  2. llopht

    llopht New Member

    I can't edit my post, I have a SPAM error. Please read "I have double checked all" and not "but I don't understand why", it's a global comment not specially for this sentence.
     

Share This Page