SELinux sucks?! Safety always means inconvenient, right! | Scribbles for my bad memory

SELinux sucks?! Safety always means inconvenient, right!

Just record what I made Nginx working with a project located in someone's HOME directory on a Linux machine with SELinux on.

Nginx seems working normally, but it actually Didn't listen to a non-80 port at all. If it reports ValueError: Port tcp/8081 already defined, replace -a with -m.

semanage port -a -t http_port_t -p tcp 8081

Reference1 Reference2

telnet localhost 8081 works, but telnet 192.168.168.168 8081 from another machine not working!

firewall-cmd _permanentadd-port=8081/tcp

firewall-cmd --reload

Everything seems working good, but when you visit your site, Nginx just gives you a 403! You should ensure Nginx can access your project directory, everyone knows that, but is not enough when SELinux is on.

setsebool -P httpd_enable_homedirs 1

setenforce 0
systemctl restart nginx
systemctl daemon-reload

Comments

Your name Your email Your website How much is 7 + 4 ? Your comment Markdown is allowed. HTML tags allowed: <strong>, <em>, <blockquote>, <code>, <pre>, <a>.