How to Fix an Nginx 403 Forbidden
A 403 Forbidden from nginx almost always means the nginx worker process can't read the files it's trying to serve - a permissions problem, a missing index file, or directory listing turned off. Here's how to find which.
What a 403 means here
Nginx found the request and the path, but refused to serve it. For static files the cause is nearly always one of: the worker can't traverse the directory, can't read the file, there's no index file to serve, or directory listing is off.
Step 1: read the error log - it names the cause
tail -n 20 /var/log/nginx/error.log
The two classic lines:
"/var/www/site/index.html" is forbidden (13: Permission denied)
directory index of "/var/www/site/" is forbidden
The first = a permissions problem. The second = no index file (and autoindex off).
Step 2: fix file + directory permissions
The nginx worker runs as www-data (not root). It needs execute on every directory
in the path (to traverse it) and read on the files:
# directories need 755 (r-x), files need 644 (r--)
chmod 755 /var/www/site
chmod 644 /var/www/site/index.html
# or recursively:
find /var/www/site -type d -exec chmod 755 {} \;
find /var/www/site -type f -exec chmod 644 {} \;
A directory without the x bit can't be entered - that alone causes a 403 even if the
file itself is readable.
The other common 403 causes
- No index file - the URL is a directory and there's no
index.html. Add one, or enableautoindex on;if a listing is intended. - Wrong
root/indexdirective - nginx is looking in the wrong place. - Ownership - files owned by a user nginx can't read (fix with
chownor world-read644). - SELinux - on RHEL/CentOS, files need the right SELinux context (
restorecon -Rv /var/www/site).
Verify
curl -i http://localhost/ # expect 200, not 403
Want to try it hands-on? HeyDevJob gives you this exact setup in a live cloud workspace in your browser - edit it, run it, and see it work. Free, nothing to install.
Try it in a workspace →What you'll practice
- Reading the nginx error log to tell permissions from a missing index
- Setting 755 on directories and 644 on files
- Verifying the fix with curl
FAQ
What causes a 403 Forbidden in nginx?
The nginx worker can't read what it's serving - usually wrong file/directory permissions (directories need execute, files need read), a missing index file with autoindex off, bad ownership, or SELinux context.
What permissions does nginx need for static files?
Directories 755 (so the worker can traverse them) and files 644 (so it can read them). A directory missing the execute bit causes a 403 on its own.
Why does nginx 403 on a directory URL?
There's no index file to serve and directory listing is off. Add an index.html, point the index directive at the right file, or enable autoindex on; if a listing is intended.
How do you fix a 403 Forbidden error in nginx?
Check the nginx error log for the cause: usually the worker user cannot read the file (fix directory and file permissions and ownership), a missing index file, or autoindex off. Fix the permission or add the index, then reload nginx.
Keep learning
Learn it by doing. Open this in a live cloud workspace, make the change yourself, and keep a record of the work you can share.
Open the workspace →