I am deploying a wagtail site with nginx on rocky linux however, I cannot get the static files to be served by nginx.
My nginx site config is as follows:
server {
listen 80;
server_name 10.4.0.189;
root /home/wagtail/apps/my_site;
charset UTF-8;
error_log /home/wagtail/apps/my_site/nginx-error.log;
location = /favicon.ico {access_log off; log_not_found off;}
location static/ {
root /home/wagtail/apps/my_site/;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
I have tried multiple block location configurations including alias.
I have checked read/write permissions to the directory where the application resides:
drwxrwxr-x. 6 wagtail nginx 4096 Nov 7 08:27 .
drwxrwxr-x. 4 wagtail nginx 4096 Nov 6 14:41 ..
-rwxrwxr-x. 1 wagtail nginx 2029 Nov 6 14:41 Dockerfile
-rwxrwxr-x. 1 wagtail nginx 376 Nov 6 14:41 .dockerignore
drwxrwxr-x. 6 wagtail nginx 4096 Nov 6 14:44 home
drwxrwxr-x. 6 wagtail nginx 4096 Nov 7 08:34 my_site
-rwxrwxr-x. 1 wagtail nginx 256 Nov 6 14:41 manage.py
-rwxrwxr-x. 1 wagtail nginx 56199 Nov 7 13:31 nginx-error.log
-rwxrwxr-x. 1 wagtail nginx 35 Nov 6 14:41 requirements.txt
drwxrwxr-x. 4 wagtail nginx 4096 Nov 6 14:44 search
drwxrwxr-x. 11 wagtail nginx 4096 Nov 7 13:07 static
wagtail : wagtail nginx
Nginx is the group owner and I have also made the wagtail user a part of the nginx group.
I have gone through a few selinux modifications using the command:
journalctl -t setroubleshoot
That seemed to get rid of all selinux errors but the static content is still showing up as 403 forbidden.
Checking the nginx-error.log I see that it is still a permissions related issue:
2024/11/07 13:30:11 [error] 3142#3142: *9 open() "/home/wagtail/apps/my_site/static/js/my_site.d41d8cd98f00.js" failed (13: Permission denied), client: 10.20.0.22, server: 10.4.0.189, request: "GET /static/js/my_site.d41d8cd98f00.js HTTP/1.1", host: "10.4.0.189", referrer: "http://10.4.0.189/"
2024/11/07 13:30:11 [error] 3142#3142: *8 open() "/home/wagtail/apps/my_site/static/css/welcome_page.85e6f9d19e42.css" failed (13: Permission denied), client: 10.20.0.22, server: 10.4.0.189, request: "GET /static/css/welcome_page.85e6f9d19e42.css HTTP/1.1", host: "10.4.0.189", referrer: "http://10.4.0.189/"
2024/11/07 13:30:11 [error] 3142#3142: *6 open() "/home/wagtail/apps/my_site/favicon.ico" failed (13: Permission denied), client: 10.20.0.22, server: 10.4.0.189, request: "GET /favicon.ico HTTP/1.1", host: "10.4.0.189", referrer: "http://10.4.0.189/"
2024/11/07 13:31:00 [error] 3176#3176: *1 open() "/home/wagtail/apps/my_site/favicon.ico" failed (13: Permission denied), client: 10.20.0.22, server: 10.4.0.189, request: "GET /favicon.ico HTTP/1.1", host: "10.4.0.189", referrer: "http://10.4.0.189/"
The reason for the unauthorized error is because nginx uses a user called www-data.
It is also possible to add permissions without changing the user name, but There is also an easy way to change the user name used by nginx.
How to change nginx username:
$ sudo nano /etc/nginx/nginx.conf
# change user www-data to ubuntu
$ sudo systemctl restart nginx
Since adding only permissions is complicated, it is replaced with a link.