方坤
December 21, 2017 02:52AM
I generally disable SELinux after installing CentOS, once and for all, and
I guess I am not the only guy who repeat this.

SELinux was likely to be designed not for regular use.

On Thu, Dec 21, 2017 at 3:06 PM, Aziz Rozyev <arozyev@nginx.com> wrote:
> no problem, btw, check out this post
>
> https://www.nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/
>
>
> br,
> Aziz.
>
>
>
>
>
>> On 21 Dec 2017, at 03:33, lists@lazygranch.com wrote:
>>
>> Well that was it. You can't believe how many hours I wasted on that.
>> Thanks. Double thanks.
>> I'm going to mention this in the Digital Ocean help pages.
>>
>> I disabled selinx, but I have a book laying around on how to set it up.
>> Eh, it is on the list.
>>
>> On Wed, 20 Dec 2017 14:17:18 +0300
>> Aziz Rozyev <arozyev@nginx.com> wrote:
>>
>>> Hi,
>>>
>>> have you checked this with disabled selinux ?
>>>
>>> br,
>>> Aziz.
>>>
>>>
>>>
>>>
>>>
>>>> On 20 Dec 2017, at 11:07, lists@lazygranch.com wrote:
>>>>
>>>> I'm setting up a web server on a Centos 7 VPS. I'm relatively sure I
>>>> have the firewalls set up properly since I can see my browser
>>>> requests in the access and error log. That said, I have file
>>>> permission problem.
>>>>
>>>> nginx 1.12.2
>>>> Linux servername 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20
>>>> 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>>>
>>>>
>>>> nginx.conf (with comments removed for brevity and my domain name
>>>> remove because google)
>>>> -------
>>>> user nginx;
>>>> worker_processes auto;
>>>> error_log /var/log/nginx/error.log;
>>>> pid /run/nginx.pid;
>>>>
>>>> events {
>>>> worker_connections 1024;
>>>> }
>>>>
>>>> http {
>>>> log_format main '$remote_addr - $remote_user [$time_local]
>>>> "$request" ' '$status $body_bytes_sent "$http_referer" '
>>>> '"$http_user_agent" "$http_x_forwarded_for"';
>>>>
>>>> access_log /var/log/nginx/access.log main;
>>>>
>>>> sendfile on;
>>>> tcp_nopush on;
>>>> tcp_nodelay on;
>>>> keepalive_timeout 65;
>>>> types_hash_max_size 2048;
>>>>
>>>> include /etc/nginx/mime.types;
>>>> default_type application/octet-stream;
>>>>
>>>> server {
>>>> listen 80;
>>>> server_name mydomain.com www.mydomain.com;
>>>>
>>>> return 301 https://$host$request_uri;
>>>> }
>>>>
>>>> server {
>>>> listen 443 ssl http2;
>>>> server_name mydomain.com www.mydomain.com;
>>>> ssl_dhparam /etc/ssl/certs/dhparam.pem;
>>>> root /usr/share/nginx/html/mydomain.com/public_html;
>>>>
>>>> ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; #
>>>> managed by Certbot
>>>> ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
>>>> # managed by Certbot ssl_ciphers HIGH:!aNULL:!MD5;
>>>> ssl_prefer_server_ciphers on;
>>>>
>>>> location / {
>>>> root /usr/share/nginx/html/mydomain.com/public_html;
>>>> index index.html index.htm;
>>>> }
>>>> #
>>>> error_page 404 /404.html;
>>>> location = /40x.html {
>>>> }
>>>> #
>>>> error_page 500 502 503 504 /50x.html;
>>>> location = /50x.html {
>>>> }
>>>> }
>>>>
>>>> }
>>>>
>>>> I have firefox set up with no cache and do not save history.
>>>> -------------------------------------------------------------
>>>> access log:
>>>>
>>>> mypi - - [20/Dec/2017:07:46:44 +0000] "GET /index.html HTTP/2.0"
>>>> 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
>>>> Firefox/52.0" "-"
>>>>
>>>> myip - - [20/Dec/2017:07:48:44 +0000] "GET /index.html
>>>> HTTP/2.0" 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0)
>>>> Gecko/20100101 Firefox/52.0" "-"
>>>> -------------------------------
>>>> error log:
>>>>
>>>> 2017/12/20 07:46:44 [error] 10146#0: *48 open()
>>>> "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed
>>>> (13: Permission denied), client: myip, server: mydomain.com,
>>>> request: "GET /index.html HTTP/2.0", host: "mydomain.com"
>>>> 2017/12/20 07:48:44 [error] 10146#0: *48 open()
>>>> "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed
>>>> (13: Permission denied), client: myip, server: mydomain.com,
>>>> request: "GET /index.html HTTP/2.0", host: "mydomain.com"
>>>>
>>>>
>>>> Directory permissions:
>>>> For now, I made eveything 755 with ownership nginx:nginx I did chmod
>>>> and chown with the -R option
>>>>
>>>> /etc/nginx:
>>>> drwxr-xr-x. 4 nginx nginx 4096 Dec 20 07:39 nginx
>>>>
>>>> /usr/share/nginx:
>>>> drwxr-xr-x. 4 nginx nginx 33 Dec 15 08:47 nginx
>>>>
>>>> /var/log:
>>>> drwx------. 2 nginx nginx 4096 Dec 20 07:51 nginx
>>>> --------------------------------------------------------------
>>>> systemctl status nginx
>>>> ● nginx.service - The nginx HTTP and reverse proxy server
>>>> Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled;
>>>> vendor preset: disabled) Active: active (running) since Wed
>>>> 2017-12-20 04:21:37 UTC; 3h 37min ago Process: 10145
>>>> ExecReload=/bin/kill -s HUP $MAINPID (code=exited,
>>>> status=0/SUCCESS) Main PID: 9620 (nginx)
>>>> CGroup: /system.slice/nginx.service ├─ 9620 nginx: master
>>>> process /usr/sbin/nginx └─10146 nginx: worker process
>>>>
>>>>
>>>> Dec 20 07:18:33 servername systemd[1]: Reloaded The nginx HTTP and
>>>> reverse proxy server.
>>>> --------------------------------------------------------------
>>>>
>>>> ps aux | grep nginx
>>>> root 9620 0.0 0.3 71504 3848 ? Ss 04:21 0:00
>>>> nginx: master process /usr/sbin/nginx nginx 10146 0.0 0.4
>>>> 72004 4216 ? S 07:18 0:00 nginx: worker process
>>>> root 10235 0.0 0.0 112660 952 pts/1 S+ 08:01 0:00
>>>> grep ngin
>>>>
>>>> -----------------------------------
>>>> firewall-cmd --zone=public --list-all
>>>> public (active)
>>>> target: default
>>>> icmp-block-inversion: no
>>>> interfaces: eth0
>>>> sources:
>>>> services: ssh dhcpv6-client http https
>>>> ports:
>>>> protocols:
>>>> masquerade: no
>>>> forward-ports:
>>>> source-ports:
>>>> icmp-blocks:
>>>> rich rules:
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx@nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Centos 7 file permission problem

gariac December 20, 2017 03:08AM

Re: Centos 7 file permission problem

Aziz Rozyev December 20, 2017 06:18AM

Re: Centos 7 file permission problem

gariac December 20, 2017 07:34PM

Re: Centos 7 file permission problem

方坤 December 21, 2017 12:22AM

Re: Centos 7 file permission problem

Aziz Rozyev December 21, 2017 02:08AM

Re: Centos 7 file permission problem

方坤 December 21, 2017 02:52AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 127
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready