Menu
I'm having an application listening on port 8081 and Nginx running on port 8080. The proxy pass statement looks like:
$ cat /var/etc/opt/lj/output/services/abc.servicemanager.conf
location /api/abc.servicemanager/1.0 { proxy_pass http://localhost:8081;}
In nginx.conf, I include this file as:
include /etc/nginx/conf.d/services/*.conf;
The /etc/nginx/conf.d/service is a symlink:
# ll /etc/nginx/conf.d/
lrwxrwxrwx. 1 root root 39 Dec 10 00:19 services -> ../../../var/etc/opt/lj/output/services
This is a CentOS 7.0 SELinux Enabled system. If I setenforce 0, and make it Permissive, I don't see any issues. So the file is in right place and no issues with paths. If SELinux is enforcing, I see the following in audit log:
type=AVC msg=audit(1418348761.372:100930): avc: denied { getattr } for pid=3936 comm="nginx" path="/var/etc/opt/lj/output/services/abc.servicemanager.conf" dev="xvda1" ino=11063393 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
I want to know how to enable Nginx to find the conf file without having to disable SELinux.
811
Forward Proxy Server Forward proxies are configured to either 'allow' or 'deny' the user's request to pass through the firewall to access content on the Internet. If the proxy allows the user's request, it forwards it to the web server through the firewall. The web server sends its response to the proxy.
To check the status of Nginx, run systemctl status nginx . This command generates some useful information. As this screenshot shows, Nginx is in active (running) status, and the process ID of the Nginx instance is 8539.
Worth noting for beginners in SELinux that if your proxied service is running on 8080, you can use the command below without compiling a policy.
$ sudo setsebool httpd_can_network_connect 1 -P
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
