aboutsummaryrefslogtreecommitdiff
path: root/content/blog/2022-11-11-nginx-tmp-errors.org
blob: 99832ca978f3e7c60bc1187e5753398e9e54ba02 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

#+date: <2022-11-11>
#+title: Fixing Permission Errors in /var/lib/nginx
#+description: 
#+slug: nginx-tmp-errors

/This is a brief post so that I personally remember the solution as it
has occurred multiple times for me./

* The Problem

After migrating to a new server OS, I started receiving quite a few
permission errors like the one below. These popped up for various
different websites I'm serving via Nginx on this server, but did not
prevent the website from loading.

I found the errors in the standard log file:

#+begin_src sh
cat /var/log/nginx/error.log
#+end_src

#+begin_src sh
2022/11/11 11:30:34 [crit] 8970#8970: *10 open() "/var/lib/nginx/tmp/proxy/3/00/0000000003" failed (13: Permission denied) while reading upstream, client: 169.150.203.10, server: cyberchef.example.com, request: "GET /assets/main.css HTTP/2.0", upstream: "http://127.0.0.1:8111/assets/main.css", host: "cyberchef.example.com", referrer: "https://cyberchef.example.com/"
#+end_src

You can see that the error is =13: Permission denied= and it occurs in
the =/var/lib/nginx/tmp/= directory. In my case, I had thousands of
errors where Nginx was denied permission to read/write files in this
directory.

So how do I fix it?

* The Solution

In order to resolve the issue, I had to ensure the =/var/lib/nginx=
directory is owned by Nginx. Mine was owned by the =www= user and Nginx
was not able to read or write files within that directory. This
prevented Nginx from caching temporary files.

#+begin_src sh
# Alpine Linux
doas chown -R nginx:nginx /var/lib/nginx

# Other Distros
sudo chown -R nginx:nginx /var/lib/nginx
#+end_src

You /may/ also be able to change the =proxy_temp_path= in your Nginx
config, but I did not try this. Here's a suggestion I found online that
may work if the above solution does not:

#+begin_src sh
nano /etc/nginx/http.d/example.com.conf
#+end_src

#+begin_src conf
server {
  ...

  # Set the proxy_temp_path to your preference, make sure it's owned by the
  # `nginx` user
  proxy_temp_path /tmp;

  ...
}
#+end_src

Finally, restart Nginx and your server should be able to cache temporary
files again.

#+begin_src sh
# Alpine Linux (OpenRC)
doas rc-service nginx restart

# Other Distros (systemd)
sudo systemctl restart nginx
#+end_src
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-15 14:13:33 +0000