Hi, have you checked this with disabled selinux ?
br, Aziz. > On 20 Dec 2017, at 11:07, [email protected] wrote: > > I'm setting up a web server on a Centos 7 VPS. I'm relatively sure I > have the firewalls set up properly since I can see my browser requests > in the access and error log. That said, I have file permission problem. > > nginx 1.12.2 > Linux servername 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC > 2017 x86_64 x86_64 x86_64 GNU/Linux > > > nginx.conf (with comments removed for brevity and my domain name remove > because google) > ------- > user nginx; > worker_processes auto; > error_log /var/log/nginx/error.log; > pid /run/nginx.pid; > > events { > worker_connections 1024; > } > > http { > log_format main '$remote_addr - $remote_user [$time_local] "$request" ' > '$status $body_bytes_sent "$http_referer" ' > '"$http_user_agent" "$http_x_forwarded_for"'; > > access_log /var/log/nginx/access.log main; > > sendfile on; > tcp_nopush on; > tcp_nodelay on; > keepalive_timeout 65; > types_hash_max_size 2048; > > include /etc/nginx/mime.types; > default_type application/octet-stream; > > server { > listen 80; > server_name mydomain.com www.mydomain.com; > > return 301 https://$host$request_uri; > } > > server { > listen 443 ssl http2; > server_name mydomain.com www.mydomain.com; > ssl_dhparam /etc/ssl/certs/dhparam.pem; > root /usr/share/nginx/html/mydomain.com/public_html; > > ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed > by Certbot > ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed > by Certbot > ssl_ciphers HIGH:!aNULL:!MD5; > ssl_prefer_server_ciphers on; > > location / { > root /usr/share/nginx/html/mydomain.com/public_html; > index index.html index.htm; > } > # > error_page 404 /404.html; > location = /40x.html { > } > # > error_page 500 502 503 504 /50x.html; > location = /50x.html { > } > } > > } > > I have firefox set up with no cache and do not save history. > ------------------------------------------------------------- > access log: > > mypi - - [20/Dec/2017:07:46:44 +0000] "GET /index.html HTTP/2.0" 403 169 > "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 > Firefox/52.0" "-" > > myip - - [20/Dec/2017:07:48:44 +0000] "GET /index.html > HTTP/2.0" 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) > Gecko/20100101 Firefox/52.0" "-" > ------------------------------- > error log: > > 2017/12/20 07:46:44 [error] 10146#0: *48 open() > "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed (13: > Permission denied), client: myip, server: mydomain.com, request: "GET > /index.html HTTP/2.0", host: "mydomain.com" > 2017/12/20 07:48:44 [error] 10146#0: *48 open() > "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed (13: > Permission denied), client: myip, server: mydomain.com, request: "GET > /index.html HTTP/2.0", host: "mydomain.com" > > > Directory permissions: > For now, I made eveything 755 with ownership nginx:nginx I did chmod > and chown with the -R option > > /etc/nginx: > drwxr-xr-x. 4 nginx nginx 4096 Dec 20 07:39 nginx > > /usr/share/nginx: > drwxr-xr-x. 4 nginx nginx 33 Dec 15 08:47 nginx > > /var/log: > drwx------. 2 nginx nginx 4096 Dec 20 07:51 nginx > -------------------------------------------------------------- > systemctl status nginx > ● nginx.service - The nginx HTTP and reverse proxy server > Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor > preset: disabled) > Active: active (running) since Wed 2017-12-20 04:21:37 UTC; 3h 37min ago > Process: 10145 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, > status=0/SUCCESS) > Main PID: 9620 (nginx) > CGroup: /system.slice/nginx.service > ├─ 9620 nginx: master process /usr/sbin/nginx > └─10146 nginx: worker process > > > Dec 20 07:18:33 servername systemd[1]: Reloaded The nginx HTTP and reverse > proxy server. > -------------------------------------------------------------- > > ps aux | grep nginx > root 9620 0.0 0.3 71504 3848 ? Ss 04:21 0:00 nginx: > master process /usr/sbin/nginx > nginx 10146 0.0 0.4 72004 4216 ? S 07:18 0:00 nginx: > worker process > root 10235 0.0 0.0 112660 952 pts/1 S+ 08:01 0:00 grep ngin > > ----------------------------------- > firewall-cmd --zone=public --list-all > public (active) > target: default > icmp-block-inversion: no > interfaces: eth0 > sources: > services: ssh dhcpv6-client http https > ports: > protocols: > masquerade: no > forward-ports: > source-ports: > icmp-blocks: > rich rules: > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
