Nginx cannot access remotely due to Selinux service

Article Source: http://blog.csdn.net/johnnycode/article/details/41947581

2014-12-16 Day

The Internet connection was handled well last night. In the morning I could not visit again.

The phenomenon is Nginx can obtain respone head information, but respone body information intermittently can be obtained, nginx configured for monitoring 80port. Iptables and SELinux service stop state.

Finally the processing conclusion is that an IDC request 80port must apply for the white list talent enough to visit, because the ability to intermittently obtain respone Body caused to the problem of miscalculation, remember!

2014-12-15 Day

This is the name of this article, because it is not very understanding of Selinux. Maybe you have a better way to let me know!

first, the problem phenomenon
after Nginx startup, the machine can access the default index.html by using the Curl command, which is inaccessible to other interfaces. When you visit the server remotely, you are prompted for the request information. Check nginx user permissions and port are normal. Iptables not started.

# curl-i 123.123.123.123http/1.1 OKServer:nginxDate:Mon, Dec 10:52:34 Gmtcontent-type:text/htmlcontent-len Gth:12last-modified:mon, Dec 10:00:36 gmtconnection:keep-aliveaccept-ranges:bytes

The folder permission suffix is found to have a point when checking the folder.

Note the difference between the 50x.html, Default.html, index.html, and the welcome.html file permissions under the HTML folder, after the three file permissions.

Second, the problem analysis

Google, Degree Niang, finally concluded that the SELinux Protection folder will have a point after the file and folder

Querying SELinux status

$ sestatusselinux Status:                 enabledselinuxfs mount:                /selinuxcurrent mode:                   enforcingmode from config file:          enforcingpolicy version:                 24Policy from config file:        targeted

Querying SELinux execution mode

execution modes are divided into three enforcing (mandatory mode), permissive (tolerant mode), disabled (off)

Third, problem-handling

Since the analysis of the problem may be in SELinux, then try to repair, repair methods are divided into two temporary repair and permanent repair!

Temporary fix, online vibe way.

# Setenforce 0 #关闭 selinux# setenforce 1 #开启 Selinux

actually able to perform the next test effect, I execute the result is between enforcing mode and permissive mode switch back and forth no matter what effect, assuming I understand the error. Please do not hesitate to enlighten me.

Permanent way, is indeed available. Need to restart server!

1. Change/etc/selinux/config file

# Vim/etc/selinux/config

2, change selinux=disabled. Post-Change Content

# This file controls the state of SELinux in the system.# selinux= can take one of the these three values:#       Enforcing-se  Linux security Policy is enforced.#       permissive-selinux prints warnings instead of enforcing.#       Disabled-selinux is fully disabled. selinux=disabled# selinuxtype= type of policy in use. Possible values are:#       targeted-only targeted network daemons is protected.#       strict-full SELinux protection. selinuxtype=targeted

3, restart the computer to view the Selinux status, should be off state

$ Getenforce Disabled

Iv. Summary of issues

1. When the Selinux service is not stopped, the files are added, the folders are changed with the points, and the default.html and index.html are shown.

2. After the SELinux service is stopped, the new file will not be protected by SELinux service. That is, not with a point. See welcome.html.
the first time to deal with the Selinux problem, if the actual problem and the solution of discrepancies please let me know, open-minded learning! Thank you.

Thanks to the author of Baidu Library for guiding opinions

Nginx cannot access remotely due to Selinux service