Plesk, forbidden 403 when loading css and js (nginx)

Navigation
2

I have a server with PLESK mounted, in which I have a subdomain app.mysite.com created and running with nginx. In this subdomain, I have uploaded my website that is developed in codeigniter.

This is the structure of the project:

When I try to load my styles or try to access the css by url (app.mysite.com/css/bootstrap/css/bootstrap.min.css), I get error forbidden 403:

These are the "additional directives for HTTP":

And you are for HTTPS:

The subdomain, automatically redirects from HTTP to HTTPS.

Finally, when I add PLESK at the end of the configuration, this code:

When entering app.mysite.com, I directly skip the error forbidden 403 without even loading the index.php. But if I add this code:

I load the index.php codeigniter but when I try to load the styles and js, instead of forbidden 403, I get a 404 error:

Why codeigniter is trying to load the route in this way controller / function /...

I do not know how to solve this problem, I do not know if I can do that when the url is css / that I do not try to load any controller or change anything in nginx ...

To finish here I leave my nginx configuration: 

    #ATTENTION!
    #
    #DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
    #SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

    server {
            listen 206.189.5.184:443 ssl http2;

            server_name app.mysite.com;
            server_name www.app.mysite.com;
            server_name ipv4.app.mysite.com;

            ssl_certificate             /opt/psa/var/certificates/scfMQnEev;
            ssl_certificate_key         /opt/psa/var/certificates/scfMQnEev;
            ssl_client_certificate      /opt/psa/var/certificates/scfcJsJQ3;

            client_max_body_size 128m;

            root "/var/www/vhosts/mysite.com/app.mysite.com";
            access_log "/var/www/vhosts/system/app.mysite.com/logs/proxy_access_ssl_log";
            error_log "/var/www/vhosts/system/app.mysite.com/logs/proxy_error_log";

            location / {
                    proxy_pass https://206.189.5.184:7081;
                    proxy_set_header Host             $host;
                    proxy_set_header X-Real-IP        $remote_addr;
                    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                    access_log off;

            }

            location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
                    proxy_pass https://206.189.5.184:7081;
                    proxy_set_header Host             $host;
                    proxy_set_header X-Real-IP        $remote_addr;
                    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                    access_log off;

            }
            location @fallback {
                    proxy_pass https://206.189.5.184:7081;
                    proxy_set_header Host             $host;
                    proxy_set_header X-Real-IP        $remote_addr;
                    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                    access_log off;

            }

            location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|ra$
                    try_files $uri @fallback;
            }

            location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
                    alias /var/www/vhosts/mysite.com/web_users/$1/$2;
                    fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
                    fastcgi_param PATH_INFO $fastcgi_path_info;
                    fastcgi_pass "unix:///var/www/vhosts/system/app.mysite.com/php-fpm.sock";
                    include /etc/nginx/fastcgi.conf;

            }

            location ~ ^/~(.+?)(/.*)?$ {
                    proxy_pass https://206.189.5.184:7081;
                    proxy_set_header Host             $host;
                    proxy_set_header X-Real-IP        $remote_addr;
                    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                    access_log off;

            }

            location ~ \.php(/.*)?$ {
                    fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
                    fastcgi_param PATH_INFO $fastcgi_path_info;
                    fastcgi_pass "unix:///var/www/vhosts/system/app.mysite.com/php-fpm.sock";
                    include /etc/nginx/fastcgi.conf;

            }
            location ~ /$ {
                    index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
            }

            add_header X-Powered-By PleskLin;

            include "/var/www/vhosts/system/app.mysite.com/conf/vhost_nginx.conf";
    }

    server {
            listen 206.189.5.184:80;

            server_name app.mysite.com;
            server_name www.app.mysite.com;
            server_name ipv4.app.mysite.com;

            client_max_body_size 128m;

            return 301 https://$host$request_uri;
    }

// EDIT

These are the permissions of the files: 

drwxrwx--- 15 mysite psacln  4.0K May 25 23:42 .
drwx--x--- 18 mysite psaserv 4.0K May 25 14:51 ..
-rw-r--r--  1 mysite psacln  110K May 25 18:55 abierto.png
-rw-r--r--  1 mysite psacln  2.1K May 25 18:55 app.js
-rw-r--r--  1 mysite psacln  7.5K May 25 18:55 apple-touch-icon2.png
-rw-r--r--  1 mysite psacln  6.8K May 25 18:55 apple-touch-icon.png
drwxr-xr-x 15 mysite psacln  4.0K May 25 19:53 application
-rw-r--r--  1 mysite psacln   62M May 25 18:56 core
drwxrwxr-x  9 mysite psacln  4.0K May 25 23:40 css
-rw-rw-r--  1 mysite psacln   816 May 25 18:55 dot_info.gif
-rw-rw-r--  1 mysite psacln   58K May 25 18:55 error_log
-rw-r--r--  1 mysite psacln     0 May 26 14:36 .htaccess
drwxrwxr-x 34 mysite psacln  4.0K May 25 15:37 img
-rw-rw-r--  1 mysite psacln  6.3K May 25 18:55 index.php
drwxrwxr-x  8 mysite psacln  4.0K May 25 16:01 js
drwxrwxr-x  2 mysite psacln  4.0K May 25 16:04 json
-rw-rw-r--  1 mysite psacln  2.5K May 25 18:55 license.txt
drwxrwxr-x  8 mysite psacln  4.0K May 25 16:04 node_modules
-rw-rw-r--  1 mysite psacln   703 May 25 18:55 npm-debug.log
drwxrwxr-x  8 mysite psacln  4.0K May 25 16:11 pdf
drwxrwxr-x  2 mysite psacln  4.0K May 25 15:20 rrs
-rw-rw-r--  1 mysite psacln   12K May 25 18:55 server.js
-rw-rw-r--  1 mysite psacln   966 May 25 18:55 sitemap.xml
drwxrwxr-x 74 mysite psacln  4.0K May 25 15:24 sound
drwxr-xr-x  2 mysite psacln  4.0K May 25 23:42 src
drwxrwxr-x  8 mysite psacln  4.0K May 25 15:24 system
drwxrwxr-x  2 mysite psacln   16K May 25 15:25 uploads
drwxrwxr-x  3 mysite psacln  4.0K May 25 14:52 .well-known

/ CSS 

drwxrwxr-x  9 mysite psacln 4.0K May 25 23:40 .
drwxrwx--- 15 mysite psacln 4.0K May 25 23:42 ..
drwxr-xr-x 15 mysite psacln 4.0K May 25 18:56 admin
drwxrwxr-x  5 mysite psacln 4.0K May 25 15:25 bootstrap
drwxrwxr-x  2 mysite psacln 4.0K May 25 15:25 fullcalendar
-rwxr-xr-x  1 mysite psacln   97 May 25 23:40 .htaccess
drwxrwxr-x  4 mysite psacln 4.0K May 25 18:55 IonIcons
drwxrwxr-x 12 mysite psacln 4.0K May 25 15:25 irakasle
drwxrwxr-x 23 mysite psacln 4.0K May 25 15:26 plataforma
drwxrwxr-x  3 mysite psacln 4.0K May 25 15:26 png

// EDIT

If I remove the code from the "additional nginx directives": 

if (!-f $request_filename) {
    rewrite ^/(.*)$ /index.php last;
}

I get the error: 

[Sun May 27 11:36:01.789169 2018] [core:crit] [pid 23845] (13)Permission denied: [client 80.103.137.14:55870] AH00529: /var/www/vhosts/mysite.com/app.mysite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/mysite.com/app.mysite.com/' is executable

But, it does not give me any error in error_log

When I run "groups mysite" 

mysite : psacln

I can not add the guidelines 

location  /  {
    autoindex  on;
}

in additional nginx directives 

Invalid nginx configuration: nginx: [emerg] duplicate location "/" in /var/www/vhosts/system/app.mysite.com/conf/vhost_nginx.conf:1 nginx: configuration file /etc/nginx/nginx.conf test failed
    
asked by Argoitz 27.05.2018 в 12:38
source

2 answers

1

It's a problem of permissions, I usually stick to a 755(o rwxr-xr-x) in my web root, but in your case I do not think this is, you have to follow these steps:

  • Look at the web logs (here you can find the solution, but continue following the other steps) What does the log show?:

    /var/www/vhosts/system/example.com/logs/error_log

  • Check that the user who has access to the files is in the Apache group

    groups user should return the groups to which the user is user , among them it should be apache ( httpd | apache )

  • Activate the directory indexing for nginx

    • location / { autoindex on; }

  • If there is no index file in the directory, you will still receive the same error. The most common index file is index.html. This default value can be edited in your configuration, using something like:

    • location / { index index.php; }

    Add the code in the same location / if you already have one do the following: 

    location  /  {
  index index.php;
  autoindex  on;
  //tu código actual
}

    Try adding your user to the apache group: 

    sudo adduser mysite apache

    Documentation

        
    answered by 27.05.2018 в 13:22
    0

    I added the OP response in Community Wiki mode, because included it in your question .

    I have done the installation of the updates I had pending at PLESK and after that, I went to webservices & domains - > Mysite - > Apache & nginx settings and I have enabled the check "Serve static files directly by nginx". I do not know why it suddenly works since I've put this check and removed several times.

        
    answered by 04.07.2018 в 10:26
    Would you return an argument where you should return two in django's views? Error with SQL server Compound keys