Nginx 403 on autoindex directory

Question

I am receiving a 403 error when trying to access an autoindexed directory on my Nginx server.

/var/log/nginx/error.log

022/12/02 09:45:05 [error] 36637#36637: *18 directory index of "/var/www/html/paluzone.ddns.net/SUSC/" is forbidden, client: [REMOVED], server: paluzone.ddns.net, request: "GET /SUSC/ HTTP/1.1", host: "paluzone.ddns.net"

/etc/nginx/sites-available/paluzone.ddns.net

server {

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html/paluzone.ddns.net;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
        server_name paluzone.ddns.net; # managed by Certbot


        location /SUSC {
                autoindex on;
                autoindex_exact_size off;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}



    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/paluzone.ddns.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/paluzone.ddns.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = paluzone.ddns.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 ;
        listen [::]:80 ;
    server_name paluzone.ddns.net;
    return 404; # managed by Certbot
}

I am able to restart the nginx service without error.

dietpi@DietPi:~$ sudo ls -la /var/www/html/paluzone.ddns.net/
total 16
drwxr-xr-x 3 www-data www-data 4096 Dec  2 09:44 .
drwxr-xr-x 5 www-data www-data 4096 Dec  2 09:01 ..
drwxr-xr-x 2 www-data www-data 4096 Dec  2 09:40 SUSC
-rwxr-xr-x 1 www-data www-data    0 Dec  2 09:44 favicon.ico
-rwxr-xr-x 1 www-data www-data  612 Dec  2 09:01 index.nginx-debian.html
lrwxrwxrwx 1 root     root       36 Dec  2 09:07 susc -> /var/www/html/paluzone.ddns.net/SUSC
dietpi@DietPi:~$ sudo ls -la /var/www/html/paluzone.ddns.net/SUSC/
total 16688
drwxr-xr-x 2 www-data www-data     4096 Dec  2 09:40 .
drwxr-xr-x 3 www-data www-data     4096 Dec  2 09:44 ..
-rw-r--r-- 1 www-data www-data 17076996 Dec  2 09:19 susc_rulebook.pdf
dietpi@DietPi:~$

dietpi@DietPi:~$ sudo -H -u www-data namei /var/www/html/paluzone.ddns.net/SUSC/
f: /var/www/html/paluzone.ddns.net/SUSC/
 d /
 d var
 d www
 d html
 d paluzone.ddns.net
 d SUSC
dietpi@DietPi:~$

If I add autoindex on; to the http directive at /etc/nginx/nginx.conf I am allowed to autoindex directories, but then this is allowed for EVERY location directive in my server, and not just locations that have autoindex on; (SUSC directory). Is the appropriate method to create an index file for every directory I don't wish to be autoindexed?