How to Fix Nginx Permission Denied on DigitalOcean Droplet

The Root Cause

Nginx processes, typically running as the www-data user on DigitalOcean’s Ubuntu/Debian-based Droplets, are denied access to static files, logs, or cache directories. This usually happens when website content is deployed with incorrect file ownership (e.g., root) or restrictive permissions that prevent the Nginx user from reading or writing the necessary files.

Quick Fix (CLI)

# 1. Identify your Nginx webroot directory (e.g., /var/www/html or /var/www/yourdomain.com)
#    Replace '/var/www/html' with your actual webroot path
WEB_ROOT="/var/www/html"

# 2. Identify the Nginx user (commonly 'www-data' on Debian/Ubuntu-based systems)
NGINX_USER="www-data"

# 3. Change ownership of your webroot to the Nginx user and group
sudo chown -R $NGINX_USER:$NGINX_USER $WEB_ROOT

# 4. Set appropriate permissions for directories (rwx for owner, rx for group/others)
sudo find $WEB_ROOT -type d -exec chmod 755 {} \;

# 5. Set appropriate permissions for files (rw for owner, r for group/others)
sudo find $WEB_ROOT -type f -exec chmod 644 {} \;

# Optional: If Nginx needs to write to a specific cache or log directory (e.g., /var/cache/nginx)
# and it's experiencing permission issues in a non-default location:
# sudo chown -R $NGINX_USER:$NGINX_USER /var/cache/nginx

Configuration Check

  • File to check: /etc/nginx/nginx.conf
  • Lines to verify:
    • Ensure the user directive at the top of the file matches the user you’ve granted permissions to (e.g., user www-data;). If this line is commented out or missing, Nginx typically defaults to www-data on Debian/Ubuntu.
  • File to check: /etc/nginx/sites-available/your_site.conf (or similar site-specific config)
  • Line to verify:
    • Confirm the root directive within your server block points to the correct directory (e.g., root /var/www/html;) that you’ve just adjusted permissions for.

Verification

# Test Nginx configuration for syntax errors
sudo nginx -t

# Restart Nginx to apply changes
sudo systemctl restart nginx

# Check Nginx service status
sudo systemctl status nginx

After restarting, attempt to access your website in a web browser to confirm the “Permission Denied” error is resolved.

⚡ Related Troubleshooting Guides