Nginx cannot be remotely accessed due to Selinux Service

Nginx cannot be remotely accessed due to Selinux Service
This is the name of this article for the time being, because Selinux is not very well understood. Maybe you have a better way to tell me!
I. symptom
After Nginx is started, the local machine can be accessed normally. You can use the Curl command to obtain the default index.html, which is unavailable on other interfaces. The error 400 bad request message is displayed when you remotely access the server. Check that the Nginx user permission and port are normal and iptables is not started.

# curl -I localhostHTTP/1.1 200 OKServer: nginxDate: Mon, 15 Dec 2014 10:52:34 GMTContent-Type: text/htmlContent-Length: 12Last-Modified: Mon, 15 Dec 2014 10:00:36 GMTConnection: keep-aliveAccept-Ranges: bytes

Check the Directory and find that the suffix of the directory permission has a dot.

 

Observe the differences between the permissions of the 50x.html 、ult.html#index.html file and the welcome.html file in the html directory.

Ii. Problem Analysis

Google and Du Niang finally concluded that selinux protects directories by setting a point after files and folders.

Querying selinux status

 

$ sestatusSELinux status:                 enabledSELinuxfs mount:                /selinuxCurrent mode:                   enforcingMode from config file:          enforcingPolicy version:                 24Policy from config file:        targeted

Query selinux Running Mode

 

$ getenforceEnforcing 

There are three running modes: enforcing (forced mode), permissive (tolerant mode), and disabled (disabled)

Iii. troubleshooting

Since the problem may be solved by selinux, try to fix the problem. There are two ways to fix the problem: temporary repair and permanent repair!

Temporary repair and online uploading.

# Setenforce 0 # disable Selinux # setenforce 1 # enable Selinux

In fact, you can run the following command to test the effect. The result is that you switch back and forth between the enforcing mode and the permissive mode without any effect. If you understand the error, please advise!

 

Permanent, available, need to restart the server!

1. Modify the/etc/selinux/config file

# vim /etc/selinux/config

2. Modify SELINUX = disabled. The modified content

 

# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:#       enforcing - SELinux security policy is enforced.#       permissive - SELinux prints warnings instead of enforcing.#       disabled - SELinux is fully disabled.SELINUX=disabled# SELINUXTYPE= type of policy in use. Possible values are:#       targeted - Only targeted network daemons are protected.#       strict - Full SELinux protection.SELINUXTYPE=targeted

3. Restart your computer to check the Selinux status. The status should be disabled.

$ getenforce Disabled

Iv. Problem Summary

1. If the Selinux service is not stopped, add or modify directories to files with dots. For more information, see default.html and index.html.

2. After the Selinux service is stopped, the new files will not be protected by the Selinux service, that is, they will not be added. For more information, see welcome.html.
The first time you handle Selinux problems, please let me know if there is any difference between the actual problem and the solution. Learn with humility! Thank you!