Nginx static file configuration for CenotOS 7 Minimal Installation

Hristo Kolev asked:

I have a brand new VM with CenotOS 7 Minimal Installation.

What I want to happen is to configure Nginx to serve static files from a directory on localhost:80.

My directory is /home/kenny/projects/kcrypt/dist/.

Here are the contents of my /etc/nginx/nginx.conf:

# this is set to root in order to rule out
# any permission related issues.
user root;    

worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        root         /home/kenny/projects/kcrypt/dist/;
        index index.html;

        location / {
        }
    }
}

when I run curl http://localhost I get this response:

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

I have tried giving all kinds of permissions to any directories that I can think of.

In the end I configured Nginx to run as root.

I have reinstalled the OS multiple times already and can’t get it to work.

P.S.

This is what I found in /var/log/nginx/error.log

2018/02/27 21:33:19 [error] 15689#0: *1 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 21:33:35 [error] 15690#0: *2 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "127.0.0.1"
2018/02/27 21:33:38 [error] 15690#0: *3 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"

I don’t get what it wants… I have given it all the permissions that I can.

This is what I have in the root directory:

[[email protected] dist]# ll
total 368K
drwxrwxrwx. 2 root root   98 Feb 26 23:16 .
drwxrwxrwx. 6 root root  234 Feb 27 21:26 ..
-rwxrwxrwx. 1 root root 1.2K Feb 26 23:16 favicon.ico
-rwxrwxrwx. 1 root root 1.7K Feb 26 23:16 index.html
-rwxrwxrwx. 1 root root 175K Feb 26 22:53 index.js
-rwxrwxrwx. 1 root root  297 Feb 26 23:16 manifest.json
-rwxrwxrwx. 1 root root 179K Feb 26 22:53 styles.css

P.S. 2

I have tried putting my static files in /var/www/kcrypt/dist/, but with no result.

I still get the same error messages:

2018/02/27 23:18:11 [error] 16157#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 23:20:58 [error] 16535#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 23:21:30 [error] 16564#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"

My answer:


Your system has SELinux enabled. By default SELinux does not allow the web server to read files in users’ home directories. The directories enabled for web serving are /var/www (where system packages place files) and /srv/www (where users are expected to place files in production).

If you need to serve files from home directories, you can set the SELinux boolean httpd_read_user_content, which will allow these files to be read.

setsebool -P httpd_read_user_content 1

Keep in mind that SELinux will never allow the web server to write in user home directories. If you need this, you will need to place your web content elsewhere and make the appropriate directories writable.


Also keep in mind that SELinux works in addition to regular UNIX permissions, so the relevant files and directories must also have the appropriate ownership and permissions, whatever they will be for your specific use case.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.