Why can't nginx access puma socket on CentOS 7?
Solution 1:
Hallelujah! This all turned out to be an SELinux policy issue specifically pertaining to nginx. After hours of digging, I discovered such denials by running:
sudo grep nginx /var/log/audit/audit.log
The messages looked like so:
type=AVC msg=audit(1415283617.227:1386): avc: denied { write } for pid=1683 comm="nginx" name="my_app.sock" dev="tmpfs" ino=20657 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
In order to fix this, I found a wonderful article by Axilleas.
To create the policy containing the necessary permissions, I had to install audit2allow
and run:
grep nginx /var/log/audit/audit.log | audit2allow -M nginx
Once done, I finalized the policy with:
semodule -i nginx.pp
Unfortunately, I had to run this process twice before being able to access my application because further policies were needed. Nonetheless, here was the solution.
Also, there is another nice article by Sergiy Krylkov.
Moral of the story: learn SELinux.