Centos 7 file permission problem

lists at lazygranch.com lists at lazygranch.com
Thu Dec 21 00:33:14 UTC 2017 

Well that was it. You can't believe how many hours I wasted on that.
Thanks. Double thanks. 
I'm going to mention this in the Digital Ocean help pages. 

I disabled selinx, but I have a book laying around on how to set it up.
Eh, it is on the list. 

 On Wed, 20 Dec 2017 14:17:18 +0300
Aziz Rozyev <arozyev at nginx.com> wrote:

> Hi,
> 
> have you checked this with disabled selinux ? 
> 
> br,
> Aziz.
> 
> 
> 
> 
> 
> > On 20 Dec 2017, at 11:07, lists at lazygranch.com wrote:
> > 
> > I'm setting up a web server on a Centos 7 VPS. I'm relatively sure I
> > have the firewalls set up properly since I can see my browser
> > requests in the access and error log. That said, I have file
> > permission problem. 
> > 
> > nginx 1.12.2
> > Linux servername 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20
> > 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
> > 
> > 
> > nginx.conf (with comments removed for brevity and my domain name
> > remove because google)
> > -------
> > user nginx;
> > worker_processes auto;
> > error_log /var/log/nginx/error.log;
> > pid /run/nginx.pid;
> > 
> > events {
> >    worker_connections 1024;
> > }
> > 
> > http {
> >    log_format  main  '$remote_addr - $remote_user [$time_local]
> > "$request" ' '$status $body_bytes_sent "$http_referer" '
> >                      '"$http_user_agent" "$http_x_forwarded_for"';
> > 
> >    access_log  /var/log/nginx/access.log  main;
> > 
> >    sendfile            on;
> >    tcp_nopush          on;
> >    tcp_nodelay         on;
> >    keepalive_timeout   65;
> >    types_hash_max_size 2048;
> > 
> >    include             /etc/nginx/mime.types;
> >    default_type        application/octet-stream;
> > 
> > server {
> >        listen 80;
> >        server_name mydomain.com www.mydomain.com;
> > 
> >        return 301 https://$host$request_uri;
> > }
> > 
> >    server {
> >        listen       443 ssl  http2;
> >        server_name  mydomain.com www.mydomain.com;
> >        ssl_dhparam /etc/ssl/certs/dhparam.pem;
> >        root         /usr/share/nginx/html/mydomain.com/public_html;
> > 
> > ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; #
> > managed by Certbot
> > ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
> > # managed by Certbot ssl_ciphers HIGH:!aNULL:!MD5;
> > ssl_prefer_server_ciphers on;
> > 
> >        location / {
> >            root   /usr/share/nginx/html/mydomain.com/public_html;
> >            index  index.html index.htm;
> >        }
> > #
> >        error_page 404 /404.html;
> >            location = /40x.html {
> >        }
> > #
> >        error_page 500 502 503 504 /50x.html;
> >            location = /50x.html {
> >        }
> >    }
> > 
> > }
> > 
> > I have firefox set up with no cache and do not save history.
> > -------------------------------------------------------------
> > access log:
> > 
> > mypi - - [20/Dec/2017:07:46:44 +0000] "GET /index.html HTTP/2.0"
> > 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
> > Firefox/52.0" "-"
> > 
> > myip - - [20/Dec/2017:07:48:44 +0000] "GET /index.html
> > HTTP/2.0" 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0)
> > Gecko/20100101 Firefox/52.0" "-"
> > -------------------------------
> > error log:
> > 
> > 2017/12/20 07:46:44 [error] 10146#0: *48 open()
> > "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed
> > (13: Permission denied), client: myip, server: mydomain.com,
> > request: "GET /index.html HTTP/2.0", host: "mydomain.com"
> > 2017/12/20 07:48:44 [error] 10146#0: *48 open()
> > "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed
> > (13: Permission denied), client: myip, server: mydomain.com,
> > request: "GET /index.html HTTP/2.0", host: "mydomain.com"
> > 
> > 
> > Directory permissions:
> > For now, I made eveything 755 with ownership nginx:nginx I did chmod
> > and chown with the -R option
> > 
> > /etc/nginx:
> > drwxr-xr-x.  4 nginx nginx    4096 Dec 20 07:39 nginx
> > 
> > /usr/share/nginx:
> > drwxr-xr-x.   4 nginx nginx    33 Dec 15 08:47 nginx
> > 
> > /var/log:
> > drwx------. 2 nginx  nginx    4096 Dec 20 07:51 nginx
> > --------------------------------------------------------------
> > systemctl status nginx
> > ● nginx.service - The nginx HTTP and reverse proxy server
> >   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled;
> > vendor preset: disabled) Active: active (running) since Wed
> > 2017-12-20 04:21:37 UTC; 3h 37min ago Process: 10145
> > ExecReload=/bin/kill -s HUP $MAINPID (code=exited,
> > status=0/SUCCESS) Main PID: 9620 (nginx)
> > CGroup: /system.slice/nginx.service ├─ 9620 nginx: master
> > process /usr/sbin/nginx └─10146 nginx: worker process
> > 
> > 
> > Dec 20 07:18:33 servername systemd[1]: Reloaded The nginx HTTP and
> > reverse proxy server.
> > --------------------------------------------------------------
> > 
> > ps aux | grep nginx
> > root      9620  0.0  0.3  71504  3848 ?        Ss   04:21   0:00
> > nginx: master process /usr/sbin/nginx nginx    10146  0.0  0.4
> > 72004  4216 ?        S    07:18   0:00 nginx: worker process
> > root     10235  0.0  0.0 112660   952 pts/1    S+   08:01   0:00
> > grep ngin
> > 
> > -----------------------------------
> > firewall-cmd --zone=public --list-all
> > public (active)
> >  target: default
> >  icmp-block-inversion: no
> >  interfaces: eth0
> >  sources: 
> >  services: ssh dhcpv6-client http https
> >  ports: 
> >  protocols: 
> >  masquerade: no
> >  forward-ports: 
> >  source-ports: 
> >  icmp-blocks: 
> >  rich rules:
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

More information about the nginx mailing list