Pages

Unixbhaskar's Blog

Wednesday, September 3, 2014

How to fix Nginx problem with SELinux

I was getting the below error while try to start nginx on the same box as httpd running...but it has got nothing to do with httpd ..
19:35:30_Mon Sep 01:/etc/nginx> sudo systemctl status nginx.service
nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: failed (Result: exit-code) since Mon 2014-09-01 19:33:13 IST; 2min 28s ago
Process: 8238 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)

Sep 01 19:33:13 LAP-02-1755 nginx[8238]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 01 19:33:13 LAP-02-1755 nginx[8238]: nginx: [emerg] bind() to 127.0.0.1:100 failed (13: Permission denied)
Sep 01 19:33:13 LAP-02-1755 nginx[8238]: nginx: configuration file /etc/nginx/nginx.conf test failed
Sep 01 19:33:13 LAP-02-1755 systemd[1]: nginx.service: control process exited, code=exited status=1
Sep 01 19:33:13 LAP-02-1755 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Sep 01 19:33:13 LAP-02-1755 systemd[1]: Unit nginx.service entered failed state.


Then, I cross checked the file permissions :


19:37:38_Mon Sep 01:/etc/nginx> sudo /usr/bin/namei -m /etc/nginx/nginx.conf
f: /etc/nginx/nginx.conf
drwxr-xr-x /
drwxr-xr-x etc
drwxr-xr-x nginx
-rw-r--r-- nginx.conf
Looks alright to me!! but why it is not coming? SELINUX?? yes...
19:41:51_Mon Sep 01:/etc/nginx> ls -Z /etc/httpd/conf/httpd.conf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 /etc/httpd/conf/httpd.conf
19:42:10_Mon Sep 01:/etc/nginx> ls -Z /etc/nginx/nginx.conf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 /etc/nginx/nginx.conf


Looks similar!! Now every time I tried to start nginx ...it throws AVC deniel error..once opened that..I got the solution too...:)

19:44:49_Mon Sep 01:/etc/nginx> sudo su -
Last login: Mon Sep 1 18:31:19 IST 2014 on pts/1
19:44:58_Mon Sep 01:~ # grep nginx /var/log/audit/audit.log | audit2allow -M nginxpol
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i nginxpol.pp

19:45:12_Mon Sep 01:~ # semodule -i nginxpol.pp

Now restart the nginx daemon..and voila!!

19:45:48_Mon Sep 01:/etc/nginx> sudo systemctl restart nginx.service
19:45:52_Mon Sep 01:/etc/nginx> sudo systemctl status nginx.service
nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: active (running) since Mon 2014-09-01 19:45:52 IST; 7s ago
Process: 8538 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 8535 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Main PID: 8541 (nginx)
CGroup: /system.slice/nginx.service
├─8541 nginx: master process /usr/sbin/nginx
└─8542 nginx: worker process

Sep 01 19:45:52 LAP-02-1755 nginx[8535]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 01 19:45:52 LAP-02-1755 nginx[8535]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Sep 01 19:45:52 LAP-02-1755 systemd[1]: Started The nginx HTTP and reverse proxy server.



Cool!! hope this will help.
Bhaskar