I have two RHEL 7 machines.
I have installed nginx and php-fpm and setup a nfs mount. I can read/write to the nfs mount without issues and I have another application server (Apache Geronimo) that is able to read write to it.
When I installed nginx it setup a nginx user which I created on the NFS file server with the same uid and gid.
I am able to list out files on the nfs client mount using the nginx user. However when I tried to serve up static html or dynamic php files using nginx from the nfs I get a permission error:
*5 stat() "/usr/depot/repository/test.php" failed (13: Permission denied) *5 open() "/usr/depot/repository/test.html" failed (13: Permission denied)
In addition I created folder under /usr/depot/testing with the same permissions (just wasn’t nfs) and that worked just fine.
Here is the mounting info on the client.
xxx.xxx.xxx.xxx:/mnt/repository on /usr/depot/repository type nfs4 (rw,nosuid,nodev,noexec,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=xxx.xxx.xxx.xxx,local_lock=none,addr=xxx.xxx.xxx.xxx)
I can’t see anything wrong with this setup so I’m at a loss as to why nginx can’t read the files from the nfs share.
Ok I just disabled SELinux reboot and that fixed it. Now the question is how do I configure SELinux so that nginx can access the remote server.
In RHEL 7, the same SELinux policies that apply to Apache also apply to nginx. So you can use the same booleans:
httpd_use_nfs (off , off) Allow httpd to use nfs
Set the correct boolean to allow the web server to use NFS.
setsebool -P httpd_use_nfs 1
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.