Search This Blog

Friday, September 06, 2019

Copy files around in CentOS with SELinux (e.g. Nginx)

Imagine that you want to enable https traffic on a site served by Nginx. Sounds simple. A series of command like these should work:

scp* your_remote_server:
ssh your_remote_server
sudo mkdir /etc/nginx/ssl
sudo cp* /etc/nginx/ssl

Edit appropriate configuration file(s). Finally, run:

sudo systemctl restart nginx

and nothing, or rather an error message with information that nginx cannot access ssl certificate files. You check and files exists, so what's the problem?

The problem is a SELinux security context, diffrent for /etc/ngnix and /home/X

To change it you need to run chcon. For example:

chcon --reference /etc/nginx/nginx.conf /etc/nginx/ssl/*

More info at: