Nginx static file configuration for CenotOS 7 Minimal Installation

http nginx localhost

I have a brand new VM with CenotOS 7 Minimal Installation.

What I want to happen is to configure Nginx to serve static files from a directory on localhost:80.

My directory is /home/kenny/projects/kcrypt/dist/.

Here are the contents of my /etc/nginx/nginx.conf:

# this is set to root in order to rule out
# any permission related issues.
user root;    

worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        root         /home/kenny/projects/kcrypt/dist/;
        index index.html;

        location / {
        }
    }
}

when I run curl http://localhost I get this response:

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

I have tried giving all kinds of permissions to any directories that I can think of.

In the end I configured Nginx to run as root.

I have reinstalled the OS multiple times already and can't get it to work.

P.S.

This is what I found in /var/log/nginx/error.log

2018/02/27 21:33:19 [error] 15689#0: *1 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 21:33:35 [error] 15690#0: *2 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: 127.0.0.1, server: , request: "GET / HTTP/1.1", host: "127.0.0.1"
2018/02/27 21:33:38 [error] 15690#0: *3 open() "/home/kenny/projects/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"

I don't get what it wants... I have given it all the permissions that I can.

This is what I have in the root directory:

[root@vm3 dist]# ll
total 368K
drwxrwxrwx. 2 root root   98 Feb 26 23:16 .
drwxrwxrwx. 6 root root  234 Feb 27 21:26 ..
-rwxrwxrwx. 1 root root 1.2K Feb 26 23:16 favicon.ico
-rwxrwxrwx. 1 root root 1.7K Feb 26 23:16 index.html
-rwxrwxrwx. 1 root root 175K Feb 26 22:53 index.js
-rwxrwxrwx. 1 root root  297 Feb 26 23:16 manifest.json
-rwxrwxrwx. 1 root root 179K Feb 26 22:53 styles.css

P.S. 2

I have tried putting my static files in /var/www/kcrypt/dist/, but with no result.

I still get the same error messages: 

2018/02/27 23:18:11 [error] 16157#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 23:20:58 [error] 16535#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"
2018/02/27 23:21:30 [error] 16564#0: *1 open() "/var/www/kcrypt/dist/index.html" failed (13: Permission denied), client: ::1, server: , request: "GET / HTTP/1.1", host: "localhost"

Solution 1:

Your system has SELinux enabled. By default SELinux does not allow the web server to read files in users' home directories. The directories enabled for web serving are /var/www (where system packages place files) and /srv/www (where users are expected to place files in production).

If you need to serve files from home directories, you can set the SELinux boolean httpd_read_user_content, which will allow these files to be read.

setsebool -P httpd_read_user_content 1

Keep in mind that SELinux will never allow the web server to write in user home directories. If you need this, you will need to place your web content elsewhere and make the appropriate directories writable.

Also keep in mind that SELinux works in addition to regular UNIX permissions, so the relevant files and directories must also have the appropriate ownership and permissions, whatever they will be for your specific use case.

Related

How to use network fileshare as user's home, and not roaming profiles
3WARE 9650-4LPML JBOD DISK to RAID - 1 Mirror Migration How To?
.htaccess rules to stop DDoS POST flooding
KVM with one host IP and a different subnet for machines
LAMP Staging Server with linux users
No longer have to enter a password to SSH into another server?
10,000 entries in iptables on CentOS 4GB Ran, dual core 2.3ghz?
Unable to change user in security context of symlink
Cisco ASA 5520 Unable to access external IP on Internal Network
Outlook SSL Error after New Certificate Installation
Am I getting DDoSed, and what should I about it?
How to block Skype using Squid?