#+date:        <2022-11-11 Fri 00:00:00>
#+title:       Resolution of Permission Denied Errors in /var/lib/nginx Directory
#+description: Step-by-step remediation for addressing permission denied errors encountered by Nginx in the /var/lib/nginx directory to restore temporary file caching functionality.
#+slug:        nginx-tmp-errors
#+filetags:    :nginx:permissions:errors:

/This is a brief post so that I personally remember the solution as it
has occurred multiple times for me./

* The Problem

After migrating to a new server OS, I started receiving quite a few
permission errors like the one below. These popped up for various
different websites I'm serving via Nginx on this server, but did not
prevent the website from loading.

I found the errors in the standard log file:

#+begin_src sh
cat /var/log/nginx/error.log
#+end_src

#+begin_src sh
2022/11/11 11:30:34 [crit] 8970#8970: *10 open() "/var/lib/nginx/tmp/proxy/3/00/0000000003" failed (13: Permission denied) while reading upstream, client: 169.150.203.10, server: cyberchef.example.com, request: "GET /assets/main.css HTTP/2.0", upstream: "http://127.0.0.1:8111/assets/main.css", host: "cyberchef.example.com", referrer: "https://cyberchef.example.com/"
#+end_src

You can see that the error is =13: Permission denied= and it occurs in
the =/var/lib/nginx/tmp/= directory. In my case, I had thousands of
errors where Nginx was denied permission to read/write files in this
directory.

So how do I fix it?

* The Solution

In order to resolve the issue, I had to ensure the =/var/lib/nginx=
directory is owned by Nginx. Mine was owned by the =www= user and Nginx
was not able to read or write files within that directory. This
prevented Nginx from caching temporary files.

#+begin_src sh
# Alpine Linux
doas chown -R nginx:nginx /var/lib/nginx

# Other Distros
sudo chown -R nginx:nginx /var/lib/nginx
#+end_src

You /may/ also be able to change the =proxy_temp_path= in your Nginx
config, but I did not try this. Here's a suggestion I found online that
may work if the above solution does not:

#+begin_src sh
nano /etc/nginx/http.d/example.com.conf
#+end_src

#+begin_src conf
server {
  ...

  # Set the proxy_temp_path to your preference, make sure it's owned by the
  # `nginx` user
  proxy_temp_path /tmp;

  ...
}
#+end_src

Finally, restart Nginx and your server should be able to cache temporary
files again.

#+begin_src sh
# Alpine Linux (OpenRC)
doas rc-service nginx restart

# Other Distros (systemd)
sudo systemctl restart nginx
#+end_src