403 when changing nginx root directory [duplicate]

nginx

By default, SELinux will prevent web server access to user home directories. If you really need the web server to access files in a user home directory, you can set the boolean httpd_read_user_content.

# setsebool -P httpd_read_user_content 1

It's not a good idea to host websites in user home directories though. For example, an exploit of the web server could allow other files than the web site files to be read if you used the above boolean. Also, while you can use that boolean to allow read access, SELinux will never allow the web server to write files to a user home directory. Better to place them elsewhere in the filesystem, such as a subdirectory of /srv/www, where SELinux already permits access with the type httpd_sys_content_t, and directories which will contain uploaded files can be given the type httpd_sys_rw_content_t. This can't be done with user home directories without potentially breaking things.

For example, you can create the directory /srv/www/example.gov.gr, set its ownership to the user you want, and make any upload directories writable by the web server user with the SELinux context to allow uploads shown above.

Related

Unable to access Redfish on HPE Superdome 2
Ansible Windows Update - Fails Unless Interactive Login Performed
Maximum SSL certificate duration
Trying to receive emails AND store them into an S3 bucket
How do I forward a www subdomain through DDNS and use the domain's certificate? - Ubuntu Nginx Let's Encrypt DDNS
Any ideas how could I've been ransomware hacked?
Is there any specific command to check all running processes inside a specific VM on ESXi?
Looking for a CLI application that allows me to connect to server over SSH quickly
rsyslog is putting log entries into an included file
How much does FreeBSD differ from Linux?
ipmitool and freeipmi don't see the same sensors
POST of large file is timing out, when running through ARR