/var/lib/nginx/ Permission Denied about nginx HOT 23 CLOSED

SOLVED:
chown -R www-data:www-data /var/lib/nginx

from nginx.

@carlalexander After some reading it's not an issue with docker, but with nginx and maybe because in my case it's running under supervisord. I just added client_body_temp_path /var/www/tmp 1 2; in sites-available/default.conf and solved the issue.

More on this here https://wincent.com/wiki/Fixing_nginx_client_body_temp_permission_denied_errors

from nginx.

Note: if you don't deal with uploaded files, you can just set a higher client_body_buffer_size.

Setting a high client_body_buffer_size also reduces file I/O, which is kinda good if you don't have a fast filesystem (virtual environments):

To sum it up, you need to just customize this bit of your config:

http {
    # ...

    client_body_temp_path /tmp 1 2;
    client_body_buffer_size 256k;
    client_body_in_file_only off;

    # ...
}

from nginx.

For anyone landing here having this problem in uwsgi or similar: if you use an include like include /etc/nginx/uwsgi_params;, you need to change the temp file location for that specific handler, i.e.:

# Override temp file locations
client_body_temp_path /var/lib/nginx-tmp/client_body;
proxy_temp_path /var/lib/nginx-tmp/proxy;
fastcgi_temp_path /var/lib/nginx-tmp/fastcgi 1 2;
uwsgi_temp_path /var/lib/nginx-tmp/uwsgi;
scgi_temp_path /var/lib/nginx-tmp/scgi;

from nginx.

In some versions of nginx docker images the nginx runs as user "nginx" instead of "www-data". This is why the chown -R www-data:www-data /var/lib/nginx worked for some people and not others. Changing the location to /tmp works because /tmp is writable for all users. The buffer_size fix might only work if you have small files.

from nginx.

I am in macOs Mojave. Solved by

ps aux | grep "nginx: worker process"
sudo chown -R your_current_nginx_user:admin /usr/local/var/run/nginx/proxy_temp/
sudo nginx -s reload

from nginx.

I am having the same issue, although I did chown -R www-data:www-data /var/lib/nginx .
Also seems to trigger only when uploading files larger then 4kb.

from nginx.

SOLVED:
chown -R www-data:www-data /var/lib/nginx

The heroes live among us!

from nginx.

I used /tmp instead of /var/www/tmp. Worked like a charm. Thanks!

from nginx.

@pilwon I am still getting errors:

2014/05/14 20:53:24 [crit] 10#0: *19 open() "/var/lib/nginx/proxy/3/00/0000000003" failed (13: Permission denied) while reading upstream, client: 10.9.4.52, server: , request: "GET /assets/backbone/plugins/emoticons.js?body=1 HTTP/1.1", upstream: "http://172.17.0.4:3000/assets/backbone/plugins/emoticons.js?body=1", host: "kandan:8080", referrer: "http://kandan:8080/users/sign_in"

It appears that the permissions are appropriate though:

$ cat /var/log/nginx/kandan_vnext_error.log
2014/05/14 20:59:20 [crit] 11#0: *214 open() "/var/lib/nginx/proxy/6/00/0000000006" failed (13: Permission denied) while reading upstream, client: 10.9.4.52, server: , request: "GET /assets/backbone/plugins/emoticons.js?body=1 HTTP/1.1", upstream: "http://172.17.0.4:3000/assets/backbone/plugins/emoticons.js?body=1", host: "kandan:8080", referrer: "http://kandan:8080/users/sign_in"

[ root@cc668cb100dc:/var/lib/nginx ]$ ls -l
total 20K
drwx------ 2 www-data root 4.0K May 14 20:53 body/
drwx------ 2 www-data root 4.0K May 14 20:53 fastcgi/
drwx------ 2 www-data root 4.0K May 14 20:53 proxy/
drwx------ 2 www-data root 4.0K May 14 20:53 scgi/
drwx------ 2 www-data root 4.0K May 14 20:53 uwsgi/

Any thoughts? Perhaps the temp buffering dirs still being created as root. There's nothing in /var/lib/nginx/proxy/ when I check.

from nginx.

@johnjelinek Check the permission of /var/lib/nginx/proxy/6/00/0000000006

from nginx.

It doesn't exist. The response is buffered to that directory for a very short period ... so it's hard to see anything that shows up here.

[ root@b5be22863378:/var/lib/nginx/proxy ]$ ls -l
total 0
[ root@b5be22863378:/var/lib/nginx/proxy ]$ cd 6
bash: cd: 6: No such file or directory

from nginx.

I am also getting this when I try to upload files.

2014/05/14 21:14:30 [crit] 12#0: *189 open() "/var/lib/nginx/body/0000000003" failed (13: Permission denied), client: 10.9.4.52, server: , request: "POST /channels/1/attachments.json HTTP/1.1", host: "kandan:8080", referrer: "http://kandan:8080/"

[ root@afd05def8f17:/var/lib/nginx ]$ ls -l -R
.:
total 20K
drwx------ 2 www-data root 4.0K May 14 21:10 body/
drwx------ 2 www-data root 4.0K May 14 21:10 fastcgi/
drwx------ 2 www-data root 4.0K May 14 21:10 proxy/
drwx------ 2 www-data root 4.0K May 14 21:10 scgi/
drwx------ 2 www-data root 4.0K May 14 21:10 uwsgi/

./body:
total 0

./fastcgi:
total 0

./proxy:
total 0

./scgi:
total 0

./uwsgi:
total 0

from nginx.

How about the OS? Ubuntu has Apparmor which can prevent nginx accessing files that are not defined in nginx' apparmor profile file. Check the syslog for lines that both contain nginx and DENIED. Just a hint.

from nginx.

I am having this same issue. I mounted a system directory there too, still failing.

from nginx.

I'm also running into the same issue as @adrian7 (works for files under 4kb). It's not consistent though. It only happens when I switch the user id of www-data to workaround a known boot2docker issue.

from nginx.

BTW /var/www/ is a shared volume

from nginx.

Thanks @adrian7, will look at that!

from nginx.

@johnjelinek is your issue resolved?
I'm getting exactly same issue.
Please help!!

from nginx.

from nginx.

For anyone landing here having this problem in uwsgi or similar: if you use an include like include /etc/nginx/uwsgi_params;, you need to change the temp file location for that specific handler, i.e.:

# Override temp file locations
client_body_temp_path /var/lib/nginx-tmp/client_body;
proxy_temp_path /var/lib/nginx-tmp/proxy;
fastcgi_temp_path /var/lib/nginx-tmp/fastcgi 1 2;
uwsgi_temp_path /var/lib/nginx-tmp/uwsgi;
scgi_temp_path /var/lib/nginx-tmp/scgi;

This fix worked! Thank you.

from nginx.

Note: if you don't deal with uploaded files, you can just set a higher client_body_buffer_size.

Setting a high client_body_buffer_size also reduces file I/O, which is kinda good if you don't have a fast filesystem (virtual environments):

To sum it up, you need to just customize this bit of your config:

http {
    # ...

    client_body_temp_path /tmp 1 2;
    client_body_buffer_size 256k;
    client_body_in_file_only off;

    # ...
}

this worked for me, thanks!

client_body_temp_path /tmp 1 2;

from nginx.

The 'closed' solution doesn't work if you mount /var/lib/nginx/tmp as a tmpfs, since you can't change the user for a mount.

from nginx.