Fixing 403 Forbidden When Deploying Next.js on Nginx: Permissions & SELinux Guide

The author built a Next.js static site and attempted to serve it directly with Nginx 1.26 on a Linux server. After removing previous configurations, a simple server block was added:

server {
    listen 80;
    server_name xxx.com;
    access_log /var/log/nginx/host.access.log main;
    root /xxx/xxx;
    index index.html index.htm;
}

After restarting Nginx with systemctl restart nginx, the browser returned a 403 Forbidden error.

Checking the Nginx error log revealed a "Permission denied" message. The directory containing the Next.js build was created by the root user, while the Nginx service runs under the nginx user, causing the access denial.

Fixing the ownership and permissions solved the basic file‑access issue:

sudo chown -R nginx:nginx /xxx/xxx
sudo chmod -R 755 /xxx/xxx

Running ls -l /xxx/xxx confirmed the correct permissions (e.g., -rw-r--r-- 1 root root 4096 Nov 25 14:00 index.html), which are sufficient for read access by other users.

SELinux Was the Hidden Culprit

SELinux (Security‑Enhanced Linux) is a mandatory access control mechanism that assigns security contexts to files, processes, and network resources, strictly limiting what each process can access.

Running getenforce showed the system was in Enforcing mode, meaning SELinux policies were actively restricting Nginx despite the file permissions.

Two remediation paths exist:

Disable SELinux by editing /etc/selinux/config and setting SELINUX=disabled, then reboot.

Keep SELinux enabled and grant Nginx the required context.

The preferred approach is to adjust the SELinux context of the static files so the web server can read them: chcon -R -t httpd_sys_content_t /xxx/xxx After applying the new context and restarting Nginx, the site loads correctly without the 403 error.

Conclusion

The issue illustrates that serving static content with Nginx may fail not only due to Unix file permissions but also because of SELinux policies. Properly setting ownership, permissions, and SELinux contexts ensures reliable deployment of Next.js builds on Nginx.