Slim causing 403 forbidden error on nginx

1

All this while I have been running normal folder nginx with php files in it works fine. Today what I did I added the composer into /var/www/html. Then I just ran this composer create-project slim/slim-skeleton app.

So I have then run the permission

chown -R nginx:nginx app/
chmod 755 app
then I cd into app
then I run this command 
chmod 644 *

Then next I updated my nginx.conf file with this part of the codes

location ~ ^/app {
try_files $uri $uri/ /app/public/index.php$is_args$args;
}
into my nginx config file

Below is my full nginx.conf file.

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

load_module modules/ngx_http_modsecurity_module.so;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/blockuseragents.rules;
    limit_conn_zone $binary_remote_addr zone=addr:5m;



    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        root /var/www/html;
        limit_conn addr 5;
        server_tokens off;
        add_header X-XSS-Protection "1; mode=block";
  modsecurity on;
        modsecurity_rules_file /etc/nginx/modsec_includes.conf;
         modsecurity_rules '
          SecRuleRemoveById 949110
        ';



        if ($request_method !~ ^(GET|HEAD|POST)$ )
        {
                return 405;
        }
        # Load configuration files for the default server block.
        #include /etc/nginx/default.d/*.conf;

        location ~ ^/app {
          try_files $uri $uri/ /app/public/index.php$is_args$args;
        }

        location / {

          # modsecurity_rules_fil_file modsec_includes.conf;
        }
        location = /robots.txt {
                deny all;
                return 403;
        }
        if ($request ~* ^[A-Z]+\ http ) {
                return 404;
        }
        error_page 404 /404.html;
        location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_index index.php;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }


       }
}

The issue when I tried to access the app folder I get the 403 forbidden message and when I check the log I can see this

2019/07/25 23:17:30 [error] 29956#29956: 14 directory index of “/var/www/html/app/” is forbidden, client: ...*, server: _, request: “GET /app/ HTTP/1.1”, host: