Why can't nginx access puma socket on CentOS 7?

nginx permissions ruby rails centos-7

Solution 1:

Hallelujah! This all turned out to be an SELinux policy issue specifically pertaining to nginx. After hours of digging, I discovered such denials by running:

sudo grep nginx /var/log/audit/audit.log

The messages looked like so:

type=AVC msg=audit(1415283617.227:1386): avc:  denied  { write } for  pid=1683 comm="nginx" name="my_app.sock" dev="tmpfs" ino=20657 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file

In order to fix this, I found a wonderful article by Axilleas.

To create the policy containing the necessary permissions, I had to install audit2allow and run: 

grep nginx /var/log/audit/audit.log | audit2allow -M nginx

Once done, I finalized the policy with:

semodule -i nginx.pp

Unfortunately, I had to run this process twice before being able to access my application because further policies were needed. Nonetheless, here was the solution.

Also, there is another nice article by Sergiy Krylkov.

Moral of the story: learn SELinux.

Related

IPv6 multicast address for all nodes on network
What is the difference between Virtualbox .SAV and .VDI files?
What is a safe ping frequency without it being considered a DDoS attack?
Can I install windows 10 with a local account?
External USB hard drive and risk of internal condensation?
Windows 10 Pro Hyper-V Manager Missing
windows 10 does not discover DVD device
Can Google Chrome extensions access website passwords saved by Chrome?
Docker Toolbox: Error creating machine: Error in driver during machine creation: Maximum number of retries (5) exceeded
When to rehash executables in $PATH with bash?
LVM: Two or more volume groups (VGs) on one physical volume (PV)
How do I see what distribution lists I'm subscribed to in Outlook?