no problem, btw, check out this post
https://www.nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/
br,
Aziz.
> On 21 Dec 2017, at 03:33, li...@lazygranch.com wrote:
>
> Well that was it. You can't believe how many hours I wasted on that.
> Thanks. Double thanks.
> I'm going to mention this in the Digital Ocean help pages.
>
> I disabled selinx, but I have a book laying around on how to set it up.
> Eh, it is on the list.
>
> On Wed, 20 Dec 2017 14:17:18 +0300
> Aziz Rozyev <aroz...@nginx.com> wrote:
>
>> Hi,
>>
>> have you checked this with disabled selinux ?
>>
>> br,
>> Aziz.
>>
>>
>>
>>
>>
>>> On 20 Dec 2017, at 11:07, li...@lazygranch.com wrote:
>>>
>>> I'm setting up a web server on a Centos 7 VPS. I'm relatively sure I
>>> have the firewalls set up properly since I can see my browser
>>> requests in the access and error log. That said, I have file
>>> permission problem.
>>>
>>> nginx 1.12.2
>>> Linux servername 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20
>>> 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>>
>>> nginx.conf (with comments removed for brevity and my domain name
>>> remove because google)
>>> -------
>>> user nginx;
>>> worker_processes auto;
>>> error_log /var/log/nginx/error.log;
>>> pid /run/nginx.pid;
>>>
>>> events {
>>> worker_connections 1024;
>>> }
>>>
>>> http {
>>> log_format main '$remote_addr - $remote_user [$time_local]
>>> "$request" ' '$status $body_bytes_sent "$http_referer" '
>>> '"$http_user_agent" "$http_x_forwarded_for"';
>>>
>>> access_log /var/log/nginx/access.log main;
>>>
>>> sendfile on;
>>> tcp_nopush on;
>>> tcp_nodelay on;
>>> keepalive_timeout 65;
>>> types_hash_max_size 2048;
>>>
>>> include /etc/nginx/mime.types;
>>> default_type application/octet-stream;
>>>
>>> server {
>>> listen 80;
>>> server_name mydomain.com www.mydomain.com;
>>>
>>> return 301 https://$host$request_uri;
>>> }
>>>
>>> server {
>>> listen 443 ssl http2;
>>> server_name mydomain.com www.mydomain.com;
>>> ssl_dhparam /etc/ssl/certs/dhparam.pem;
>>> root /usr/share/nginx/html/mydomain.com/public_html;
>>>
>>> ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; #
>>> managed by Certbot
>>> ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
>>> # managed by Certbot ssl_ciphers HIGH:!aNULL:!MD5;
>>> ssl_prefer_server_ciphers on;
>>>
>>> location / {
>>> root /usr/share/nginx/html/mydomain.com/public_html;
>>> index index.html index.htm;
>>> }
>>> #
>>> error_page 404 /404.html;
>>> location = /40x.html {
>>> }
>>> #
>>> error_page 500 502 503 504 /50x.html;
>>> location = /50x.html {
>>> }
>>> }
>>>
>>> }
>>>
>>> I have firefox set up with no cache and do not save history.
>>> -------------------------------------------------------------
>>> access log:
>>>
>>> mypi - - [20/Dec/2017:07:46:44 +0000] "GET /index.html HTTP/2.0"
>>> 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
>>> Firefox/52.0" "-"
>>>
>>> myip - - [20/Dec/2017:07:48:44 +0000] "GET /index.html
>>> HTTP/2.0" 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0)
>>> Gecko/20100101 Firefox/52.0" "-"
>>> -------------------------------
>>> error log:
>>>
>>> 2017/12/20 07:46:44 [error] 10146#0: *48 open()
>>> "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed
>>> (13: Permission denied), client: myip, server: mydomain.com,
>>> request: "GET /index.html HTTP/2.0", host: "mydomain.com"
>>> 2017/12/20 07:48:44 [error] 10146#0: *48 open()
>>> "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed
>>> (13: Permission denied), client: myip, server: mydomain.com,
>>> request: "GET /index.html HTTP/2.0", host: "mydomain.com"
>>>
>>>
>>> Directory permissions:
>>> For now, I made eveything 755 with ownership nginx:nginx I did chmod
>>> and chown with the -R option
>>>
>>> /etc/nginx:
>>> drwxr-xr-x. 4 nginx nginx 4096 Dec 20 07:39 nginx
>>>
>>> /usr/share/nginx:
>>> drwxr-xr-x. 4 nginx nginx 33 Dec 15 08:47 nginx
>>>
>>> /var/log:
>>> drwx------. 2 nginx nginx 4096 Dec 20 07:51 nginx
>>> --------------------------------------------------------------
>>> systemctl status nginx
>>> ● nginx.service - The nginx HTTP and reverse proxy server
>>> Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled;
>>> vendor preset: disabled) Active: active (running) since Wed
>>> 2017-12-20 04:21:37 UTC; 3h 37min ago Process: 10145
>>> ExecReload=/bin/kill -s HUP $MAINPID (code=exited,
>>> status=0/SUCCESS) Main PID: 9620 (nginx)
>>> CGroup: /system.slice/nginx.service ├─ 9620 nginx: master
>>> process /usr/sbin/nginx └─10146 nginx: worker process
>>>
>>>
>>> Dec 20 07:18:33 servername systemd[1]: Reloaded The nginx HTTP and
>>> reverse proxy server.
>>> --------------------------------------------------------------
>>>
>>> ps aux | grep nginx
>>> root 9620 0.0 0.3 71504 3848 ? Ss 04:21 0:00
>>> nginx: master process /usr/sbin/nginx nginx 10146 0.0 0.4
>>> 72004 4216 ? S 07:18 0:00 nginx: worker process
>>> root 10235 0.0 0.0 112660 952 pts/1 S+ 08:01 0:00
>>> grep ngin
>>>
>>> -----------------------------------
>>> firewall-cmd --zone=public --list-all
>>> public (active)
>>> target: default
>>> icmp-block-inversion: no
>>> interfaces: eth0
>>> sources:
>>> services: ssh dhcpv6-client http https
>>> ports:
>>> protocols:
>>> masquerade: no
>>> forward-ports:
>>> source-ports:
>>> icmp-blocks:
>>> rich rules:
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
