403 when changing nginx root directory [duplicate]
By default, SELinux will prevent web server access to user home directories. If you really need the web server to access files in a user home directory, you can set the boolean httpd_read_user_content
.
# setsebool -P httpd_read_user_content 1
It's not a good idea to host websites in user home directories though. For example, an exploit of the web server could allow other files than the web site files to be read if you used the above boolean. Also, while you can use that boolean to allow read access, SELinux will never allow the web server to write files to a user home directory. Better to place them elsewhere in the filesystem, such as a subdirectory of /srv/www
, where SELinux already permits access with the type httpd_sys_content_t
, and directories which will contain uploaded files can be given the type httpd_sys_rw_content_t
. This can't be done with user home directories without potentially breaking things.
For example, you can create the directory /srv/www/example.gov.gr
, set its ownership to the user you want, and make any upload directories writable by the web server user with the SELinux context to allow uploads shown above.