1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#+date: <2022-11-11 Fri 00:00:00>
#+title: Troubleshooting and Fixing Nginx Permission Denied Errors on /var/lib/nginx
#+description: Step-by-step remediation for addressing permission denied errors encountered by Nginx in the /var/lib/nginx directory to restore temporary file caching functionality.
#+slug: nginx-tmp-errors
#+filetags: :nginx:permissions:errors:
/This is a brief post so that I personally remember the solution as it
has occurred multiple times for me./
* The Problem
After migrating to a new server OS, I started receiving quite a few
permission errors like the one below. These popped up for various
different websites I'm serving via Nginx on this server, but did not
prevent the website from loading.
I found the errors in the standard log file:
#+begin_src sh
cat /var/log/nginx/error.log
#+end_src
#+begin_src sh
2022/11/11 11:30:34 [crit] 8970#8970: *10 open() "/var/lib/nginx/tmp/proxy/3/00/0000000003" failed (13: Permission denied) while reading upstream, client: 169.150.203.10, server: cyberchef.example.com, request: "GET /assets/main.css HTTP/2.0", upstream: "http://127.0.0.1:8111/assets/main.css", host: "cyberchef.example.com", referrer: "https://cyberchef.example.com/"
#+end_src
You can see that the error is =13: Permission denied= and it occurs in
the =/var/lib/nginx/tmp/= directory. In my case, I had thousands of
errors where Nginx was denied permission to read/write files in this
directory.
So how do I fix it?
* The Solution
In order to resolve the issue, I had to ensure the =/var/lib/nginx=
directory is owned by Nginx. Mine was owned by the =www= user and Nginx
was not able to read or write files within that directory. This
prevented Nginx from caching temporary files.
#+begin_src sh
# Alpine Linux
doas chown -R nginx:nginx /var/lib/nginx
# Other Distros
sudo chown -R nginx:nginx /var/lib/nginx
#+end_src
You /may/ also be able to change the =proxy_temp_path= in your Nginx
config, but I did not try this. Here's a suggestion I found online that
may work if the above solution does not:
#+begin_src sh
nano /etc/nginx/http.d/example.com.conf
#+end_src
#+begin_src conf
server {
...
# Set the proxy_temp_path to your preference, make sure it's owned by the
# `nginx` user
proxy_temp_path /tmp;
...
}
#+end_src
Finally, restart Nginx and your server should be able to cache temporary
files again.
#+begin_src sh
# Alpine Linux (OpenRC)
doas rc-service nginx restart
# Other Distros (systemd)
sudo systemctl restart nginx
#+end_src
|
