diff options
| author | Christian Cleberg <hello@cleberg.net> | 2023-12-02 11:23:08 -0600 |
|---|---|---|
| committer | Christian Cleberg <hello@cleberg.net> | 2023-12-02 11:23:08 -0600 |
| commit | caccd81c3eb7954662d20cab10cc3afeeabca615 (patch) | |
| tree | 567ed10350c1ee319c178952ab6aa48265977e58 /blog/2022-11-11-nginx-tmp-errors.org | |
| download | cleberg.net-caccd81c3eb7954662d20cab10cc3afeeabca615.tar.gz cleberg.net-caccd81c3eb7954662d20cab10cc3afeeabca615.tar.bz2 cleberg.net-caccd81c3eb7954662d20cab10cc3afeeabca615.zip | |
initial commit
Diffstat (limited to 'blog/2022-11-11-nginx-tmp-errors.org')
| -rw-r--r-- | blog/2022-11-11-nginx-tmp-errors.org | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/blog/2022-11-11-nginx-tmp-errors.org b/blog/2022-11-11-nginx-tmp-errors.org new file mode 100644 index 0000000..da00714 --- /dev/null +++ b/blog/2022-11-11-nginx-tmp-errors.org @@ -0,0 +1,76 @@ ++++ +date = 2022-11-11 +title = "Fixing Permission Errors in /var/lib/nginx" +description = "A quick fix for Nginx permission errors on the tmp directory." ++++ + +*This is a brief post so that I personally remember the solution as it has +occurred multiple times for me.* + +## The Problem + +After migrating to a new server OS, I started receiving quite a few permission +errors like the one below. These popped up for various different websites I'm +serving via Nginx on this server, but did not prevent the website from loading. + +I found the errors in the standard log file: + +```sh +cat /var/log/nginx/error.log +``` + +```sh +2022/11/11 11:30:34 [crit] 8970#8970: *10 open() "/var/lib/nginx/tmp/proxy/3/00/0000000003" failed (13: Permission denied) while reading upstream, client: 169.150.203.10, server: cyberchef.example.com, request: "GET /assets/main.css HTTP/2.0", upstream: "http://127.0.0.1:8111/assets/main.css", host: "cyberchef.example.com", referrer: "https://cyberchef.example.com/" +``` + +You can see that the error is `13: Permission denied` and it occurs in the +`/var/lib/nginx/tmp/` directory. In my case, I had thousands of errors where +Nginx was denied permission to read/write files in this directory. + +So how do I fix it? + +## The Solution + +In order to resolve the issue, I had to ensure the `/var/lib/nginx` +directory is owned by Nginx. Mine was owned by the `www` user and Nginx was not +able to read or write files within that directory. This prevented Nginx from +caching temporary files. + +```sh +# Alpine Linux +doas chown -R nginx:nginx /var/lib/nginx + +# Other Distros +sudo chown -R nginx:nginx /var/lib/nginx +``` + +You *may* also be able to change the `proxy_temp_path` in your Nginx config, but +I did not try this. Here's a suggestion I found online that may work if the +above solution does not: + +```sh +nano /etc/nginx/http.d/example.com.conf +``` + +```conf +server { + ... + + # Set the proxy_temp_path to your preference, make sure it's owned by the + # `nginx` user + proxy_temp_path /tmp; + + ... +} +``` + +Finally, restart Nginx and your server should be able to cache temporary files +again. + +```sh +# Alpine Linux (OpenRC) +doas rc-service nginx restart + +# Other Distros (systemd) +sudo systemctl restart nginx +``` |