403 forbidden error right after install

Hi, I just installed Mastodon using the official guide here: Installing from source - Mastodon documentation

After that I first got a “to many redirects” error. After hours of troubleshooting I decided to run the installer (gem thingy) again: fixed that.

But now I am getting the exact same error as this unfortunate fellow:

I used the exact install guidelines, step by step on a Ubuntu 20.04 LTS installation. Nginx is version 1.18.0.
The problem is easily reproducible when you follow the install guide above.

EDIT: some extra info. When I add sw.js after the server url I get the actual text contents of that file, so that is accessible. Dunno if this helps.

Any help would be appreciated!

EDIT, nginx log:

2021/09/17 08:09:11 [error] 496246#496246: *595 directory index of "/home/mastodon/live/public/" is forbidden, client: 123.45.678.910, server: hostname.net, request: "GET / HTTP/2.0", host: "hostname.net"
2021/09/17 08:11:32 [error] 496246#496246: *595 open() "/home/mastodon/live/public/about" failed (2: No such file or directory), client: 123.45.678.910, server: hostname.net, request: "GET /about HTTP/2.0", host: "hostname.net"
2021/09/17 08:11:36 [error] 496246#496246: *595 open() "/home/mastodon/live/public/about.php" failed (2: No such file or directory), client: 123.45.678.910, server: hostname.net, request: "GET /about.php HTTP/2.0", host: "hostname.net"
2021/09/17 08:11:42 [error] 496246#496246: *595 open() "/home/mastodon/live/public/about.js" failed (2: No such file or directory), client: 123.45.678.910, server: hostname.net, request: "GET /about.js HTTP/2.0", host: "hostname.net"
2021/09/17 08:11:48 [error] 496246#496246: *595 open() "/home/mastodon/live/public/about.html" failed (2: No such file or directory), client: 123.45.678.910, server: hostname.net, request: "GET /about.html HTTP/2.0", host: "hostname.net"
2021/09/17 08:12:51 [error] 496246#496246: *595 open() "/home/mastodon/live/public/about.html" failed (2: No such file or directory), client: 123.45.678.910, server: hostname.net, request: "GET /about.html HTTP/2.0", host: "hostname.net"
2021/09/17 08:14:45 [error] 496246#496246: *595 open() "/home/mastodon/live/public/index.html" failed (2: No such file or directory), client: 123.45.678.910, server: hostname.net, request: "GET /index.html HTTP/2.0", host: "hostname.net"
2021/09/17 08:14:49 [error] 496246#496246: *595 open() "/home/mastodon/live/public/index.htm" failed (2: No such file or directory), client: 123.45.678.910, server: hostname.net, request: "GET /index.htm HTTP/2.0", host: "hostname.net"
2021/09/17 08:14:52 [error] 496246#496246: *595 open() "/home/mastodon/live/public/index" failed (2: No such file or directory), client: 123.45.678.910, server: hostname.net, request: "GET /index HTTP/2.0", host: "hostname.net"
2021/09/17 08:14:58 [error] 496246#496246: *595 directory index of "/home/mastodon/live/public/" is forbidden, client: 123.45.678.910, server: hostname.net, request: "GET / HTTP/2.0", host: "hostname.net"

No one? I mean there must be a bug in the installer or the instructions since I was able to replicate it and another users reported the exact same issue?

I would really like to get my instance up and running ;(

Have you made any edit to /etc/nginx/sites-enabled/mastodon? Can you paste its contents? Is there more to nginx’s logs? It seems it’s not even trying to reach Mastodon, which is weird.

Yes I have.

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}
upstream backend {
    server 127.0.0.1:3000 fail_timeout=0;
}

upstream streaming {
    server 127.0.0.1:4000 fail_timeout=0;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name hostname.net;
	root /home/mastodon/live/public;

	# SSL
	ssl_certificate /etc/letsencrypt/live/hostname.net/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/hostname.net/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/hostname.net/chain.pem;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	
	keepalive_timeout    70;
	sendfile             on;
	client_max_body_size 80m;
	
	gzip on;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        add_header Strict-Transport-Security "max-age=31536000";
}

# subdomains redirect
server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name *.hostname.net;

	# SSL
	ssl_certificate /etc/letsencrypt/live/hostname.net/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/hostname.net/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/hostname.net/chain.pem;

	return 301 https://hostname.net$request_uri;
  
  location / {
    try_files $uri @proxy;
  }

  location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
    add_header Cache-Control "public, max-age=31536000, immutable";
    add_header Strict-Transport-Security "max-age=31536000";
    try_files $uri @proxy;
  }

  location /sw.js {
    add_header Cache-Control "public, max-age=0";
    add_header Strict-Transport-Security "max-age=31536000";
    try_files $uri @proxy;
  }

  location @proxy {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Proxy "";
    proxy_pass_header Server;

    proxy_pass http://backend;
    proxy_buffering on;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    proxy_cache CACHE;
    proxy_cache_valid 200 7d;
    proxy_cache_valid 410 24h;
    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
    add_header X-Cached $upstream_cache_status;
    add_header Strict-Transport-Security "max-age=31536000";

    tcp_nodelay on;
  }

  location /api/v1/streaming {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Proxy "";

    proxy_pass http://streaming;
    proxy_buffering off;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    tcp_nodelay on;
  }

  error_page 500 501 502 503 504 /500.html;
}

# HTTP redirect
server {
	listen 80;
	listen [::]:80;

	server_name .hostname.net;

	location / {
		return 301 https://hostname.net$request_uri;
	}
}

Now that I think of it: that is because I kept getting the incorrect referal error I think. Not quite sure that was fixed by the reinstall now…

Yeah, your nginx config is not correct. I am not sure what you were intending on doing, but your server block for hostname.net misses everything that is needed for Mastodon, while your server block for subdomains is closer to what it should be, but also immediately redirects to the parent domain.

I was just trying to get it to work and suck at those nginx config files.

You did get me thinking though: I just copied the original nginx.conf from /live/dist/ and edited only the lines to the let’s encrypt cert: works!

I think where it went wrong every time is certbot --nginx -d for some reason that command threw the whole mastodon config off. And my limited skills would not get it to work after that. It does now!

No idea if certbot will still auto-renew now, but I’ll look in to that once the cert expires.

Thanks for the hint! :slight_smile:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.