SELinux sucks?! Safety always means inconvenient, right!
Just record what I made Nginx working with a project located in someone's HOME directory on a Linux machine with SELinux on.
- Nginx seems working normally, but it actually Didn't listen to a non-80 port at all. If it reports
ValueError: Port tcp/8081 already defined, replace
semanage port -a -t http_port_t -p tcp 8081
telnet localhost 8081works, but
telnet 192.168.168.168 8081from another machine not working!
firewall-cmd --permanent --add-port=8081/tcp
Everything seems working good, but when you visit your site, Nginx just gives you a 403! You should ensure Nginx can access your project directory, everyone knows that, but is not enough when SELinux is on.
setsebool -P httpd_enable_homedirs 1
systemctl restart nginx