# Nginx Permission Pitfall — Prevention Checklist The #1 recurring bug in ShopProQuote development. Every new file created by agents or build tools defaults to owner-only permissions (600). Nginx runs as `www-data` and returns 403 Forbidden. When a JS module returns 403, every file that imports it silently fails — no console error, just dead features. ## After creating ANY new file in the project ```bash # Fix all 600-permission files in one command find /mnt/seagate8tb/Websites/ShopProQuote -name "*.js" -perm 600 -exec chmod 644 {} \; find /mnt/seagate8tb/Websites/ShopProQuote -name "*.css" -perm 600 -exec chmod 644 {} \; ``` ## Diagnostic when pages are broken but HTML loads fine ```bash # Check all JS files are accessible for f in shared/debug.js shared/skeleton.js api.js dashboard.js repair-orders.js; do curl -sk -o /dev/null -w "%{http_code} " https://localhost/$f && echo "$f" done # Check nginx error log for permission denied tail -50 /var/log/nginx/error.log | grep -i "permission denied" ``` ## Files that have been broken by this bug (historical) | File | Symptom when 403 | |------|-----------------| | `shared/debug.js` | ALL modules that import it silently fail. Entire app dead. | | `shared/skeleton.js` | Skeleton loading functions unavailable, graceful fallback to text | | `dist/custom.css` | No custom styling — site looks completely unstyled | | `dist/tailwind.css` | No Tailwind — site looks like plain HTML | ## Worker/agent file creation checklist After `write_file`, `patch`, or terminal commands that create files: 1. `ls -la ` — check permissions 2. If `-rw-------` (600), `chmod 644 ` 3. `curl -sk -o /dev/null -w "%{http_code}" https://localhost/` — verify accessible