403 Forbidden β [nginx](/blog/nginx-config-generator/)Nginx canβt read the files itβs trying to serve.
Why this happens
Nginx runs as a specific system user (usually www-data or nginx) and needs read access to every directory in the path to your files. If any directory in the chain has restrictive permissions, or if SELinux is enforcing access policies, Nginx will return a 403. This also occurs when no index file exists and directory listing is disabled.
Fix 1: Check file permissions
ls -la /var/www/html/
chmod -R 755 /var/www/html/Fix 2: Check Nginx user
# See which user Nginx runs as
grep user /etc/nginx/nginx.conf
# Usually: user www-data;
# Make sure that user can read the files
chown -R www-data:www-data /var/www/html/Fix 3: SELinux (CentOS/RHEL)
# Check if SELinux is blocking
getenforce
# Fix
sudo chcon -R -t httpd_sys_content_t /var/www/html/Fix 4: Missing index file
location / {
index index.html index.htm;
autoindex on; # Or add this to list directory contents
}Alternative solution: Check parent directory permissions
Every directory from / to your web root needs at least execute (x) permission for the Nginx user:
namei -l /var/www/html/index.html
# Look for any directory missing 'x' for others
chmod o+x /var /var/www /var/www/htmlPrevention
- Set up a deployment script that automatically applies correct ownership and permissions after each deploy.
- Use
nginx -tbefore reloading config to catch misconfigurations early.
Related: Nginx Cheat Sheet Β· 502 Bad Gateway How To Fix Β· Linux Disk Space Full Fix Β· chmod Cheat Sheet