Welcome to Centmin Mod Community
Become a Member

Xenforo I got 403 error in some files when switching website from cpanel to centminmod.

Discussion in 'Forum software usage' started by ducle.2020, Sep 4, 2020.

  1. ducle.2020

    ducle.2020 New Member

    2
    1
    3
    Jul 8, 2020
    Ratings:
    +1
    Local Time:
    7:29 PM
    1.19.0
    10
    Hello,
    I moved my website from cpanel to centminmod and got the 403 error with the files stored at / styles /*
    eg: mydomain.com/styles/default/xenforo/xenforo-logo2x.png
    I did chmod, chown -R, added .autoprotect-bypas, ... however things remained unchanged. Please help me fix it, thank you.
    Code:
    ls -lAh /home/nginx/domains/mydomain.com/public/
    total 259M
    -rw-r-----  1 nginx nginx 2.0K Jun  1 16:09 401.html
    -rw-r-----  1 nginx nginx 1.6K Aug 21  2015 403.html
    -rw-r-----  1 nginx nginx 1.6K Aug 21  2015 404.html
    -rw-r-----  1 nginx nginx 2.1K Aug 21  2015 500.html
    -rw-r-----  1 nginx nginx 2.1K Aug 21  2015 502.html
    -rw-r-----  1 nginx nginx 2.2K Aug 21  2015 503.html
    -rw-r-----  1 nginx nginx 7.6K Jun  1 16:09 503.jpg
    -rw-r-----  1 nginx nginx 2.1K Aug 21  2015 504.html
    -rw-r-----  1 nginx nginx 2.2K Aug 21  2015 50x.html
    -rw-r--r--  1 nginx nginx  302 Apr 23 17:24 admin.php
    drwxr-sr-x  2 nginx nginx 4.0K Nov 17  2019 cgi-bin
    -rw-r--r--  1 nginx nginx  324 Apr 23 17:24 cmd.php
    -rw-r--r--  1 nginx nginx 1.9K Apr 23 17:24 connected_account.php
    -rw-rw-r--  1 nginx nginx  472 Oct 29  2019 connected_discord.php
    -rw-r--r--  1 nginx nginx  813 Apr 23 17:24 css.php
    drwxrwsrwx 11 nginx nginx 4.0K Apr 20 06:44 data
    -rw----r--  1 nginx nginx 1.2K Nov  2  2016 deferred.php
    -rw-r--r--  1 nginx nginx 259M Aug 26 16:04 error_log
    -rw----r--  1 nginx nginx  535 Nov  2  2016 fb_channel.php
    drwxr-sr-x  9 nginx nginx 4.0K Jun  2 16:17 images
    -rw-r--r--  1 nginx nginx 1.4K Aug 21  2015 index.html
    -rw-r--r--  1 nginx nginx  377 Aug 21 08:35 index.php
    drwxr-sr-x  4 nginx nginx 4.0K Apr 23 19:42 install
    drwxrwsrwx 10 nginx nginx 4.0K Sep  3 14:58 internal_data
    -rw-r--r--  1 nginx nginx 1.4K Apr 23 17:24 job.php
    drwxr-sr-x 26 nginx nginx 4.0K Apr 20 06:45 js
    drwxr-sr-x 27 nginx nginx 4.0K Sep  3 14:57 library
    -rw-r--r--  1 nginx nginx 1.1K Sep 24  2018 lwHostsCheck.php
    -rw-r-----  1 nginx nginx 2.2K Aug 21  2015 maintenance.html
    -rw-r--r--  1 nginx nginx  863 Apr 23 17:24 oembed.php
    -rw-r--r--  1 nginx nginx 1.7K Apr 23 17:24 payment_callback.php
    -rw-r--r--  1 nginx nginx  983 Apr 23 17:24 proxy.php
    -rw----r--  1 nginx nginx 1.1K Nov  2  2016 rgba.php
    -rw----r--  1 nginx nginx  787 Aug 27 03:16 robots.txt
    -rw-r--r--  1 nginx nginx  376 Apr 23 17:24 sitemap.php
    drwxr-sr-x  6 nginx nginx 4.0K Sep  3 14:59 src
    drwxr-sr-x 12 nginx nginx 4.0K Sep  3 15:08 styles
    -rw-rw-r--  1 nginx nginx  412 Apr 23 20:31 uix_manifest.php
    -rw-r--r--  1 nginx nginx 1.6K Apr 23 17:24 unfurl.php
    
    Code:
    getfacl -L --absolute-names /home/nginx/domains/mydomains.com/public/styles/
    # file: /home/nginx/domains/mydomain.com/public/styles/
    # owner: nginx
    # group: nginx
    # flags: -s-
    user::rwx
    group::r-x
    other::r-x
    

     
  2. eva2000

    eva2000 Administrator Staff Member

    45,201
    10,280
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,934
    Local Time:
    10:29 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    in SSH session what does curl header check report output wise ?
    Code (Text):
    curl -Ik https://mydomain.com/styles/default/xenforo/xenforo-logo2x.png
    

    For posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)

    where did you add the file ?

    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community Your uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js