Installation
OS: CentOS 7.4
Server: Nginx 1.12.2
Question: My nginx installation serves files without problem from the default directory, /usr/share/nginx/html
. Unfortunately I get a 403 error when I use a new folder that I created, /www/html
. What should I look for?
My permissions are identical for both folders although the owner is different.
Original default folder
drwxr-xr-x. 13 root root 155 Jan 8 09:25 usr
New default folder
drwxr-xr-x. 3 first first 18 Jan 15 10:45 www
I am using the stripped down nginx.conf
file below and it works correctly.
events {}
http {
server {
listen 80;
server_name mydomain.com;
root /usr/share/nginx/html;
}
}
However when I change nginx.conf
to use this directory /www/html
I get a 403 error.
Thanks for any help in advance! I'm a noob and not even sure where to look beyond file permissions.
UPDATE
SELinux is enabled in enforcing mode.
[first@centos-2gb-sfo1-01 log]$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
2nd UPDATE
I updated nginx.conf
to include an error log.
events {}
http {
server {
listen 80;
server_name projournal.com;
root /www/html;
error_log /var/log/nginx.error.log;
}
}
nginx.error.log
was created in the correct directory but after several 403 errors it was still blank.
Best Answer
With SELinux enforcing, httpd will be denied access to /www/html as files will not have the correct context.
If you really want to use /www/html then you can add an appropriate path context to the database
There are though a number of default locations that can be used that already have the correct context already defined e.g. /var/www/html, /srv/www etc.
As you created /srv/www, you need to initially set it's SELinux context after which (normally) any new files and directories will have the correct context.
Will 'fix' /srv/www. You have though already populated /srv/www so you will need to set the file contexts for the whole tree