SELinux sucks?! Safety always means inconvenient, right!

Just record what I made Nginx working with a project located in someone's HOME directory on a Linux machine with SELinux on.

  1. Nginx seems working normally, but it actually Didn't listen to a non-80 port at all. If it reports ValueError: Port tcp/8081 already defined, replace -a with -m.

    semanage port -a -t http_port_t -p tcp 8081

Reference1 Reference2

  1. telnet localhost 8081 works, but telnet 8081 from another machine not working!

    firewall-cmd permanent add-port=8081/tcp
    firewall-cmd --reload

  2. Everything seems working good, but when you visit your site, Nginx just gives you a 403! You should ensure Nginx can access your project directory, everyone knows that, but is not enough when SELinux is on.

    setsebool -P httpd_enable_homedirs 1
    setenforce 0
    systemctl restart nginx
    systemctl daemon-reload