richardm Wrote:
---
> [...]Someone in RH decided
> to make the nginx webserver follow the same SELinux policy rules as
> Apache.
Thanks for following up on this Richard. Undisclosed changes like this drive
me crazy ... why make changes like this
>For now, to work around the issue, CentOS forum user sercan has provided
the following commands to create
>a new SELinux policy for Nginx. I've tested it on two of my servers and it
works.
> . . .
And there's one more quick workaround to get running very quickly. Not
entirely recommended since
I've verified that the update to Centos 6.6 does indeed relabel nginx
related directories/files during yum update. And a restart of the nginx
process will now have the label "httpd_t". Someone in RH decided to make the
nginx webserver follow the same SELinux policy rules as Apache.
OK, that works
You can use something like this to handle project directories.
$PROJECT_DIR=/srv/myproject
semanage fcontext -a -t httpd_sys_content_t "$PROJECT_DIR(/.*)?"
if [ -d "$PROJECT_DIR" ]; then
restorecon -R "$PROJECT_DIR"
fi
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254456,254497#msg
As a follow up, if you are using NginX as a proxy, you might need a few more
things. Here is a preliminary template of a type enforcement I've created
for NginX to alleviate these issues. You can use this Type Enforcement file
to generate an SELinux module, package it up, and load it.
module ngi
Thank you Richard. I have shared your post in my thread in the CentOS
forums.
For now, to work around the issue, CentOS forum user sercan has provided the
following commands to create a new SELinux policy for Nginx. I've tested it
on two of my servers and it works.
- Make sure you have the policy
An upgrade to Centos 6.6 seems to relabel the standard directories used by
nginx with "httpd_" tags.
I have two Centos systems nginx installed from the nginx repo. Both were at
version 6.5 and showed,
ls -lZ /etc/nginx/
drwxr-xr-x. root root system_u:object_r:etc_t:s0 conf.d
. . .
-rw-r-
Then that is something that is different with respect to CentOS 6.6, because
the default.conf was just dropped when I re-installed it from the Nginx yum
repository.
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 default.conf
-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
By default nginx drops as pasted before, nginx never drops the file
types as `httpd_config_t`.
If you never needed SELinux and didn't familiar with it, just
disabled. But, it not recommended to you to disable them. Good luck!
On 10/31/2014 01:05
That's the thing, I've never needed to set an SELinux policy. These are
single purpose servers, they run Nginx and that's it. I've always installed
Nginx, configured the .conf files for Nginx, and off it went. I've never
needed to disable SELinux and actually, since I perform a minimal install of
S
> We have been successfully running Nginx installed from the official
> Nginx CentOS repositories for ages. Last night I upgraded two of my
> Nginx 1.6.0 servers from CentOS 6.5 to CentOS 6.6 and SELinux
> immediately broke just about everything with Nginx. At first it
> wouldn't l
We have been successfully running Nginx installed from the official Nginx
CentOS repositories for ages. Last night I upgraded two of my Nginx 1.6.0
servers from CentOS 6.5 to CentOS 6.6 and SELinux immediately broke just
about everything with Nginx. At first it wouldn't let it read the SSL
I add an extra header, just for those who don't understand spdy...
add_header Alternate-Protocol "443:npn-spdy/3.1";
and specifically set up ssl protocols/ciphers and ocsp stapling but I'd
suggest that it's a limitation of the benchmark that you're hitting.
Using something like webpaget
I need to evaluate if using spdy will be good for my website but i'm having
trouble setting everyting up. While using the chrome benchmark extension (1)
an error message stating that it was not possible to use spdy apeared. This
made me believe that there might be something wrong with my configurat
Hello!
On Fri, May 23, 2014 at 12:31:23PM -0400, loki wrote:
> I have recently upgraded to Nginx-1.6.0 from 1.4.2 and I am seeing that
> Nginx is swapping a lot. I have tried reducing vm.swappiness=0 but has not
> worked. This continues to happen on multiple servers that are runnin
I have recently upgraded to Nginx-1.6.0 from 1.4.2 and I am seeing that
Nginx is swapping a lot. I have tried reducing vm.swappiness=0 but has not
worked. This continues to happen on multiple servers that are running
Nginx-1.6.0:
s, 1:16, 2 users, load average: 1.38, 2.32, 4.32
Tasks: 467
ordingly, or just use "make makesum").
>
> Thanks.
>
> Le 24 avr. 2014 à 15:14, Maxim Dounin a écrit :
>
> > Changes with nginx 1.6.0 24 Apr 2014
> >
> >*) 1.6.x stable branch.
> >
> >
no Freebsd port ?
Thanks.
Le 24 avr. 2014 à 15:14, Maxim Dounin a écrit :
> Changes with nginx 1.6.0 24 Apr 2014
>
>*) 1.6.x stable branch.
>
>
> --
> Maxim Dounin
> http://ng
On Thu, Apr 24, 2014 at 05:14:04PM +0400, Maxim Dounin wrote:
Changes with nginx 1.6.0 24 Apr 2014
*) 1.6.x stable branch.
FYI, nginx 1.6.0-1 has been uploaded to debian sid (unstable).
When it migrates to testing, we will also upload it to wheezy
Hello Nginx users,
Now available: Nginx 1.6.0 for Windows http://goo.gl/aWPxCn (32-bit and
64-bit versions)
These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.
Announcements are also
Changes with nginx 1.6.0 24 Apr 2014
*) 1.6.x stable branch.
--
Maxim Dounin
http://nginx.org/en/donation.html
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
21 matches
Mail list logo
