I started using Nginx today for the first time, and I'm also new to command line so please be gentle.
I have a CentOS 7
server that hosts an index.html file that I would like to access from the internet. However I get a 403 Forbidden and Nginx seems to not have the permission to read and serve the file. I'm trying to figure out why.
The webpage is in the home folder at /home/Owner/web/apps/webapp/index.html
. Here is the error logged by Nginx when I try to access that file from the web:
[error] 9887#0: *6 "/home/Owner/web/apps/webapp/index.html" is forbidden (13: Permission denied), client: CLIENT_IP, server: my-domain.io, request: "GET / HTTP/1.1", host: "my-domain.io"
SELinux is enabled on the server. Here is the SELinux security context for the index.html file:
[[email protected] ~]# ls -lZ /home/Owner/web/apps/webapp/index.html
-rw-r--r--. Owner Owner unconfined_u:object_r:httpd_sys_content_t:s0 /home/Owner/web/apps/webapp/index.html
So the file is world-readable, what's the problem? Here is the SELinux security context for the nginx process:
[[email protected] ~]# ps -auxZ | grep nginx
system_u:system_r:httpd_t:s0 root 9886 0.0 0.0 121508 2132 ? Ss 19:50 0:00 nginx: master process /usr/sbin/ngin
system_u:system_r:httpd_t:s0 nginx 9887 0.0 0.0 121512 3604 ? S 19:50 0:00 nginx: worker process
system_u:system_r:httpd_t:s0 nginx 9888 0.0 0.0 121512 3604 ? S 19:50 0:00 nginx: worker process
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 9914 0.0 0.0 112712 960 pts/0 S+ 20:03 0:00 grep --color=auto nginx
I have set the following SELinux flags:
setsebool -P httpd_can_network_connect on
setsebool -P httpd_enable_homedirs on
Interestingly, setting SELinux to Permissive with setenforce 0
does not make the problem go away. I still get a 403 forbidden. I have tried rebooting the server to no avail.
Here is Nginx http configuration:
server {
listen 80;
listen [::]:80;
server_name my-domain.io;
root /home/Owner/web/apps/webapp;
location /api/ {
proxy_pass "http://localhost:3333";
}
}
Note the proxypass
directives for /api/
; that works just fine! I can hit those paths and query the Node service running on port 3333 from the browser. The files that node executes are in a sibling directory to index.html
parent directory.
What am I overlooking?
0 Answers