Nginx 403 Forbidden – How To Fix

If you’re trying to install Nginx on Ubuntu or any other Linux distro and getting the nginx 403 Forbidden error while accessing the domain name of your website, then you are at the same place where we were earlier.

In this tutorial, we will learn how to fix the nginx 403 forbidden error.

How To Fix - nginx 403 forbidden

We were trying to set up a WordPress website using the LEMP stack i.e. Linux, Nginx, MariaDB (MySQL), and PHP and after doing everything, the website was not accessible and got an error that looks similar to the below one

2023/02/09 22:14:38 [error] 14586#14586: *3 directory index of "/var/www/html/" is forbidden, client:, server:, 
request: "GET / HTTP/1.1", host: ""

How To Fix Nginx 403 Forbidden

There are a few things that you will have to check to resolve the issue.

Method 1: Check for Permission

The most common reason for this problem is that the directory where your website resides doesn’t have proper permissions or the user with which nginx is running does not have access to the directory.

To fix this simply check the permission of the directory which will also show who is the owner of the directory.

For example: If your WordPress website or any other website files are in the directory “/var/www/html/”, then run the following command: `ls -ld /var/www/html/`

$ ls -ld /var/www/html/
ubuntu@st-ubuntu:/etc/nginx$ ls -ld /var/www/html/ 
drwxr-xr-x 3 www-data www-data 4096 

If the directory permission is not correct or the owner of the command is not correct, use the chmod or chown command to fix it.

$ sudo chown -R www-data:www-data /var/www/html/
$ sudo chown -R www-data:www-data /var/www/html/
$ sudo chmod -R 755 /var/www/html/

Method 2: Check index in server block

This error can also occur if your configuration file is not correct and the “index” is missing from it. So make sure to check that the below line is included in the server block of your website configuration.

index index.php index.html;

Method 3: Check SSL configuration

3. This is unique to us and we found that while installing SSl certificate through certbot, the SSL configuration for the website got copied to the default file and not the website config file.

So you can try to remove certbot certificate, delete or rename the default file present at /etc/nginx/sites-available and then install the SSL certificate again or you can just copy the relevant content from that file and put it into your website configuration file.

Below is the part of the config that we copied and pasted into our WordPress website config and restarted the Nginx server.

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 ;
        listen [::]:80 ;
    return 404; # managed by Certbot

Once you add this don’t forget to run the “nginx -t” command to verify the nginx configuration and restart or reload the nginx server.

ubuntu@st-ubuntu:/etc/nginx$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

ubuntu@st-ubuntu:/etc/nginx$ sudo systemctl restart nginx

We hope that this tutorial will help you fix the “nginx 403 forbidden” error and you will be able to run your website without any issues. If still you are not able to solve the issue or solved this error by any other method, please leave a comment below and we will try to help you.

Buy me a coffeeBuy me a coffee

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.