Code: Select all
[root@host ssl]# service nginx restart
nginx: [emerg] BIO_new_file("/srv/ssl/cert-rekey/cert-rekey.crt") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/srv/ssl/cert-rekey/cert-rekey.crt','r') error:2006D002:BIO routines:BIO_new_file:system lib)
If I setenforce 0 nginx operates normally.
I copied the certs to /etc/nginx/ssl and the nginx daemon can now start, but half it's abilities are broken, again due to selinux:
Code: Select all
2014/10/29 20:35:27 [crit] 4407#0: *1 connect() to 10.0.3.15:8080 failed (13: Permission denied) while connecting to upstream, client: 10.0.6.102, server: dev.upstream, request: "GET /home HTTP/1.1", upstream: "http://10.0.3.15:8080/home", host: "dev.upstream.com"
Nginx was installed from the official Nginx yum repo.
I'm not sure why this has worked fine on 6.5, but the upgrade to 6.6 has broken it on BOTH of my servers.
Any suggestions on where to start? I don't want to leave SELinux disabled since these servers are internet facing.
(EDIT)
Here is the output of ls -lrtZ /etc/nginx
Code: Select all
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 win-utf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 uwsgi_params
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 scgi_params
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 mime.types
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 koi-win
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 koi-utf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 fastcgi_params
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 nginx.conf.rpmsave
drw-------. root root unconfined_u:object_r:httpd_config_t:s0 ssl
drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 conf.d
-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 nginx.conf