Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Install Issue] 403 Forbidden #1381

Closed
imjoeyli opened this issue Nov 23, 2019 · 7 comments · Fixed by #1389
Closed

[Install Issue] 403 Forbidden #1381

imjoeyli opened this issue Nov 23, 2019 · 7 comments · Fixed by #1389
Assignees
@imjoeyli
Labels
documentation server support installation and configuration issues
Milestone
backlog to the fu...

Comments

@imjoeyli
Copy link

Hello, I followed the Manual to install Shaarli, and configure the Nginx, but when open the url (path to Shaali) in browser, I am seeing a "403 Forbidden" error message.

I have no idea how to fix it, please help me. Thanks!

My Install Steps:

$ wget https://github.com/shaarli/Shaarli/releases/download/v0.10.4/shaarli-v0.10.4-full.zip
$ unzip shaarli-v0.10.4-full.zip
$ mv Shaarli /var/www/shaarli/
$ chown -R www-data:www-data /var/www/shaarli
$ chmod 755 /var/www/shaarli

Nginx Configure:

user www-data;

…

http {

	server {
		listen 80;
		server_name sharrli.foo.bar;
		rewrite ^(.*) https://$host$1 permanent;
		}


	server {
		listen 443 ssl;
		server_name sharrli.foo.bar;
		server_name_in_redirect off;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/sharrli.foo.bar/fullchain.pem;
		ssl_certificate_key  /etc/letsencrypt/live/sharrli.foo.bar/privkey.pem;
                ssl_trusted_certificate /etc/letsencrypt/live/foo.bar/chain.pem;

		root  /var/www/shaarli/;
		}
}
@FinalTek
Copy link

Exact same problem here.
Shaarli 0.10.4
Apache 2.4.41
PHP 7.3.12

@nodiscc
Copy link
Member

nodiscc commented Nov 27, 2019

@imjoeyli

  • Can you give the output of ls -l /var/www/shaarli ?
  • Contents of you nginx error log?
  • Enable debugging in error logs by adding the debug option to the error_log directive

@FinalTek you should take similar steps (LogLevel debug in your apache conf), but please report this as a separate issue as the cause/troubleshooting steps will be different.

@nodiscc nodiscc added server support installation and configuration issues labels Nov 27, 2019
@imjoeyli
Copy link
Author 

root@ubuntu:~# ls -l /var/www/shaarli

total 548
drwxr-xr-x  6 www-data www-data   4096 Apr 16  2019 application
drwxr-xr-x  5 www-data www-data   4096 Apr 16  2019 assets
-rw-r--r--  1 www-data www-data   2829 Apr 16  2019 AUTHORS
drwxr-xr-x  2 www-data www-data   4096 Apr 16  2019 cache
-rw-r--r--  1 www-data www-data  48332 Apr 16  2019 CHANGELOG.md
-rw-r--r--  1 www-data www-data   1411 Apr 16  2019 composer.json
-rw-r--r--  1 www-data www-data  90224 Apr 16  2019 composer.lock
-rw-r--r--  1 www-data www-data   5163 Apr 16  2019 CONTRIBUTING.md
-rw-r--r--  1 www-data www-data  64866 Apr 16  2019 COPYING
drwxr-xr-x  2 www-data www-data   4096 Apr 16  2019 data
drwxr-xr-x  5 www-data www-data   4096 Apr 16  2019 doc
drwxr-xr-x  3 www-data www-data   4096 Apr 16  2019 inc
-rw-r--r--  1 www-data www-data  76069 Apr 16  2019 index.php
-rw-r--r--  1 www-data www-data    916 Apr 16  2019 package.json
drwxr-xr-x  2 www-data www-data   4096 Apr 16  2019 pagecache
-rw-r--r--  1 www-data www-data    370 Apr 16  2019 phpcs.xml
drwxr-xr-x 12 www-data www-data   4096 Apr 16  2019 plugins
-rw-r--r--  1 www-data www-data   1969 Apr 16  2019 README.md
-rw-r--r--  1 www-data www-data     22 Apr 16  2019 shaarli_version.php
drwxr-xr-x  2 www-data www-data   4096 Apr 16  2019 tmp
drwxr-xr-x  4 www-data www-data   4096 Feb 23  2019 tpl
drwxr-xr-x 16 www-data www-data   4096 Apr 16  2019 vendor
-rw-r--r--  1 www-data www-data   3807 Apr 16  2019 webpack.config.js
-rw-r--r--  1 www-data www-data 174121 Apr 16  2019 yarn.lock

nginx's error_log:

2019/11/30 23:22:14 [debug] 24875#24875: accept on 0.0.0.0:443, ready: 0
2019/11/30 23:22:14 [debug] 24875#24875: posix_memalign: 000055F8F6417D80:512 @16
2019/11/30 23:22:14 [debug] 24875#24875: *170 accept: 104.243.16.224:42482 fd:13
2019/11/30 23:22:14 [debug] 24875#24875: *170 event timer add: 13: 60000:397810085
2019/11/30 23:22:14 [debug] 24875#24875: *170 reusable connection: 1
2019/11/30 23:22:14 [debug] 24875#24875: *170 epoll add event: fd:13 op:1 ev:80002001
2019/11/30 23:22:14 [debug] 24875#24875: *170 http check ssl handshake
2019/11/30 23:22:14 [debug] 24875#24875: *170 http recv(): 1
2019/11/30 23:22:14 [debug] 24875#24875: *170 https ssl handshake: 0x16
2019/11/30 23:22:14 [debug] 24875#24875: *170 tcp_nodelay
2019/11/30 23:22:14 [debug] 24875#24875: *170 SSL server name: "shaarli.foo.bar"
2019/11/30 23:22:14 [debug] 24875#24875: *170 SSL ALPN supported by client: h2
2019/11/30 23:22:14 [debug] 24875#24875: *170 SSL ALPN supported by client: http/1.1
2019/11/30 23:22:14 [debug] 24875#24875: *170 SSL ALPN selected: http/1.1
2019/11/30 23:22:14 [debug] 24875#24875: *170 SSL_do_handshake: -1
2019/11/30 23:22:14 [debug] 24875#24875: *170 SSL_get_error: 2
2019/11/30 23:22:14 [debug] 24875#24875: *170 reusable connection: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL handshake handler: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL_do_handshake: 1
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"
2019/11/30 23:22:16 [debug] 24875#24875: *170 reusable connection: 1
2019/11/30 23:22:16 [debug] 24875#24875: *170 http wait request handler
2019/11/30 23:22:16 [debug] 24875#24875: *170 malloc: 000055F8F64E4950:1024
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL_read: -1
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL_get_error: 2
2019/11/30 23:22:16 [debug] 24875#24875: *170 free: 000055F8F64E4950
2019/11/30 23:22:16 [debug] 24875#24875: *170 http wait request handler
2019/11/30 23:22:16 [debug] 24875#24875: *170 malloc: 000055F8F64E4950:1024
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL_read: 332
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL_read: -1
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL_get_error: 2
2019/11/30 23:22:16 [debug] 24875#24875: *170 reusable connection: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 posix_memalign: 000055F8F664C920:4096 @16
2019/11/30 23:22:16 [debug] 24875#24875: *170 http process request line
2019/11/30 23:22:16 [debug] 24875#24875: *170 http request line: "GET / HTTP/1.1"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http uri: "/"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http args: ""
2019/11/30 23:22:16 [debug] 24875#24875: *170 http exten: ""
2019/11/30 23:22:16 [debug] 24875#24875: *170 posix_memalign: 000055F8F66297A0:4096 @16
2019/11/30 23:22:16 [debug] 24875#24875: *170 http process request header line
2019/11/30 23:22:16 [debug] 24875#24875: *170 http header: "Host: shaarli.foo.bar"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http header: "Accept-Language: en-us"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http header: "Connection: keep-alive"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http header: "Accept-Encoding: br, gzip, deflate"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http header done
2019/11/30 23:22:16 [debug] 24875#24875: *170 event timer del: 13: 397810085
2019/11/30 23:22:16 [debug] 24875#24875: *170 generic phase: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 rewrite phase: 1
2019/11/30 23:22:16 [debug] 24875#24875: *170 test location: "/"
2019/11/30 23:22:16 [debug] 24875#24875: *170 using configuration "/"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http cl:-1 max:1048576
2019/11/30 23:22:16 [debug] 24875#24875: *170 rewrite phase: 3
2019/11/30 23:22:16 [debug] 24875#24875: *170 rewrite phase: 4
2019/11/30 23:22:16 [debug] 24875#24875: *170 post rewrite phase: 5
2019/11/30 23:22:16 [debug] 24875#24875: *170 generic phase: 6
2019/11/30 23:22:16 [debug] 24875#24875: *170 generic phase: 7
2019/11/30 23:22:16 [debug] 24875#24875: *170 generic phase: 8
2019/11/30 23:22:16 [debug] 24875#24875: *170 access phase: 9
2019/11/30 23:22:16 [debug] 24875#24875: *170 access phase: 10
2019/11/30 23:22:16 [debug] 24875#24875: *170 access phase: 11
2019/11/30 23:22:16 [debug] 24875#24875: *170 access phase: 12
2019/11/30 23:22:16 [debug] 24875#24875: *170 post access phase: 13
2019/11/30 23:22:16 [debug] 24875#24875: *170 generic phase: 14
2019/11/30 23:22:16 [debug] 24875#24875: *170 generic phase: 15
2019/11/30 23:22:16 [debug] 24875#24875: *170 content phase: 16
2019/11/30 23:22:16 [debug] 24875#24875: *170 content phase: 17
2019/11/30 23:22:16 [debug] 24875#24875: *170 content phase: 18
2019/11/30 23:22:16 [debug] 24875#24875: *170 open index "/var/www/shaarli/index.html"
2019/11/30 23:22:16 [debug] 24875#24875: *170 stat() "/var/www/shaarli/index.html" failed (2: No such file or directory)
2019/11/30 23:22:16 [debug] 24875#24875: *170 http index check dir: "/var/www/shaarli"
2019/11/30 23:22:16 [debug] 24875#24875: *170 content phase: 19
2019/11/30 23:22:16 [debug] 24875#24875: *170 content phase: 20
2019/11/30 23:22:16 [debug] 24875#24875: *170 content phase: 21
2019/11/30 23:22:16 [debug] 24875#24875: *170 content phase: 22
2019/11/30 23:22:16 [debug] 24875#24875: *170 content phase: 23
2019/11/30 23:22:16 [error] 24875#24875: *170 directory index of "/var/www/shaarli/" is forbidden, client: 104.243.16.224, server: shaarli.foo.bar, request: "GET / HTTP/1.1", host: "shaarli.foo.bar"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http finalize request: 403, "/?" a:1, c:1
2019/11/30 23:22:16 [debug] 24875#24875: *170 http special response: 403, "/?"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http set discard body
2019/11/30 23:22:16 [debug] 24875#24875: *170 uploadprogress error-tracker error: 403
2019/11/30 23:22:16 [debug] 24875#24875: *170 uploadprogress error-tracker not tracking in this location
2019/11/30 23:22:16 [debug] 24875#24875: *170 xslt filter header
2019/11/30 23:22:16 [debug] 24875#24875: *170 HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 30 Nov 2019 15:22:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

2019/11/30 23:22:16 [debug] 24875#24875: *170 write new buf t:1 f:0 000055F8F6629CD8, pos 000055F8F6629CD8, size: 179 file: 0, size: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 http write filter: l:0 f:0 s:179
2019/11/30 23:22:16 [debug] 24875#24875: *170 http output filter "/?"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http copy filter: "/?"
2019/11/30 23:22:16 [debug] 24875#24875: *170 image filter
2019/11/30 23:22:16 [debug] 24875#24875: *170 xslt filter body
2019/11/30 23:22:16 [debug] 24875#24875: *170 http postpone filter "/?" 000055F8F6629EA8
2019/11/30 23:22:16 [debug] 24875#24875: *170 http gzip filter
2019/11/30 23:22:16 [debug] 24875#24875: *170 malloc: 000055F8F648E240:12288
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip alloc: n:1 s:5952 a:8192 p:000055F8F648E240
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip alloc: n:512 s:2 a:1024 p:000055F8F6490240
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip alloc: n:512 s:2 a:1024 p:000055F8F6490640
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip alloc: n:512 s:2 a:1024 p:000055F8F6490A40
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip alloc: n:256 s:4 a:1024 p:000055F8F6490E40
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip in: 000055F8F6629ED8
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip in_buf:000055F8F6629D90 ni:000055F8F48ED900 ai:116
2019/11/30 23:22:16 [debug] 24875#24875: *170 malloc: 000055F8F6610350:4096
2019/11/30 23:22:16 [debug] 24875#24875: *170 deflate in: ni:000055F8F48ED900 no:000055F8F6610350 ai:116 ao:4096 fl:0 redo:0
2019/11/30 23:22:16 [debug] 24875#24875: *170 deflate out: ni:000055F8F48ED974 no:000055F8F6610350 ai:0 ao:4096 rc:0
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip in_buf:000055F8F6629D90 pos:000055F8F48ED900
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip in: 000055F8F6629EE8
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip in_buf:000055F8F6629DE0 ni:000055F8F48EE020 ai:46
2019/11/30 23:22:16 [debug] 24875#24875: *170 deflate in: ni:000055F8F48EE020 no:000055F8F6610350 ai:46 ao:4096 fl:4 redo:0
2019/11/30 23:22:16 [debug] 24875#24875: *170 deflate out: ni:000055F8F48EE04E no:000055F8F66103BA ai:0 ao:3990 rc:1
2019/11/30 23:22:16 [debug] 24875#24875: *170 gzip in_buf:000055F8F6629DE0 pos:000055F8F48EE020
2019/11/30 23:22:16 [debug] 24875#24875: *170 free: 000055F8F648E240
2019/11/30 23:22:16 [debug] 24875#24875: *170 http chunk: 10
2019/11/30 23:22:16 [debug] 24875#24875: *170 http chunk: 114
2019/11/30 23:22:16 [debug] 24875#24875: *170 write old buf t:1 f:0 000055F8F6629CD8, pos 000055F8F6629CD8, size: 179 file: 0, size: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 write new buf t:1 f:0 000055F8F662A028, pos 000055F8F662A028, size: 4 file: 0, size: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 write new buf t:0 f:0 0000000000000000, pos 000055F8F48F11A0, size: 10 file: 0, size: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 write new buf t:1 f:0 000055F8F6610350, pos 000055F8F6610350, size: 114 file: 0, size: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 write new buf t:0 f:0 0000000000000000, pos 000055F8F46C2DF5, size: 7 file: 0, size: 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 http write filter: l:1 f:1 s:314
2019/11/30 23:22:16 [debug] 24875#24875: *170 http write filter limit 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 posix_memalign: 000055F8F6398910:512 @16
2019/11/30 23:22:16 [debug] 24875#24875: *170 malloc: 000055F8F678AD00:16384
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL buf copy: 179
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL buf copy: 4
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL buf copy: 10
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL buf copy: 114
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL buf copy: 7
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL to write: 314
2019/11/30 23:22:16 [debug] 24875#24875: *170 SSL_write: 314
2019/11/30 23:22:16 [debug] 24875#24875: *170 http write filter 0000000000000000
2019/11/30 23:22:16 [debug] 24875#24875: *170 http copy filter: 0 "/?"
2019/11/30 23:22:16 [debug] 24875#24875: *170 http finalize request: 0, "/?" a:1, c:1
2019/11/30 23:22:16 [debug] 24875#24875: *170 set http keepalive handler
2019/11/30 23:22:16 [debug] 24875#24875: *170 http close request
2019/11/30 23:22:16 [debug] 24875#24875: *170 http log handler
2019/11/30 23:22:16 [debug] 24875#24875: *170 free: 000055F8F6610350
2019/11/30 23:22:16 [debug] 24875#24875: *170 free: 0000000000000000
2019/11/30 23:22:16 [debug] 24875#24875: *170 free: 000055F8F664C920, unused: 8
2019/11/30 23:22:16 [debug] 24875#24875: *170 free: 000055F8F66297A0, unused: 1495
2019/11/30 23:22:16 [debug] 24875#24875: *170 free: 000055F8F64E4950
2019/11/30 23:22:16 [debug] 2487foo.bar5#24875: *170 hc free: 0000000000000000
2019/11/30 23:22:16 [debug] 24875#24875: *170 hc busy: 0000000000000000 0
2019/11/30 23:22:16 [debug] 24875#24875: *170 free: 000055F8F678AD00
2019/11/30 23:22:16 [debug] 24875#24875: *170 reusable connection: 1
2019/11/30 23:22:16 [debug] 24875#24875: *170 event timer add: 13: 65000:397816937

@nodiscc
Copy link
Member

nodiscc commented Nov 30, 2019

2019/11/30 23:22:16 [error] 24875#24875: *170 directory index of "/var/www/shaarli/" is forbidden, client: 104.243.16.224, server: shaarli.foo.bar, request: "GET / HTTP/1.1", host: "shaarli.foo.bar"

If you access https://shaarli.foo.bar/index.php it should work. Your nginx config seems to be missing an index or try_files directive telling it to use index.php as the index. Check https://shaarli.readthedocs.io/en/master/Server-configuration/#nginx

@imjoeyli
Copy link
Author

imjoeyli commented Dec 1, 2019

2019/11/30 23:22:16 [error] 24875#24875: *170 directory index of "/var/www/shaarli/" is forbidden, client: 104.243.16.224, server: shaarli.foo.bar, request: "GET / HTTP/1.1", host: "shaarli.foo.bar"

If you access https://shaarli.foo.bar/index.php it should work. Your nginx config seems to be missing an index or try_files directive telling it to use index.php as the index. Check https://shaarli.readthedocs.io/en/master/Server-configuration/#nginx

No, I accessed https://shaarli.foo.bar/index.php, it seems just downloading the index.php file named shaarli.foo.bar.

@nodiscc
Copy link
Member

nodiscc commented Dec 12, 2019

I accessed https://shaarli.foo.bar/index.php, it seems just downloading the index.php file named shaarli.foo.bar.

Then nginx is not properly configured to use the PHP interpreter. Please see the location ~ (index)\.php$ { blocks in https://shaarli.readthedocs.io/en/master/Server-configuration/#nginx - I agree the server setup documentation should be simplified, it's been on my plate for a while.

Please confirm that the recommended configuration works for you, you can try to adapt it to your full setup but I would start with something simple. You can always paste your whole nginx configuration here. If so please include the nginx version/operating system details.

@nodiscc nodiscc self-assigned this Dec 12, 2019
@nodiscc nodiscc mentioned this issue Jan 3, 2020
Merged
@nodiscc nodiscc added this to the backlog to the future milestone May 1, 2020
@nodiscc
Copy link
Member

nodiscc commented May 1, 2020

@imjoeyli do you still have this problem? You can try the revised nginx configuration procedure at https://shaarli.readthedocs.io/en/doc-rework-setup/Server-configuration/#nginx. In particular ensure that nginx and php-fmp are setup properly. Please let us know the results

@nodiscc nodiscc assigned imjoeyli and unassigned nodiscc May 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@imjoeyli imjoeyli

Labels
documentation server support installation and configuration issues
Projects
None yet
Milestone
backlog to the future
Development

Successfully merging a pull request may close this issue.

doc: rework installation/setup guides, general refactoring shaarli/Shaarli
3 participants
@nodiscc @imjoeyli @FinalTek