Modifying SElinux configure for allowing nginx reverse proxy local site
Read about audit2allow and used it to create a policy to allow access to the denied requests for nginx.
[root]# sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -m nginxlocalconf > nginxlocalconf.te
[root]# cat nginxlocalconf.te
module nginxlocalconf 1.0;
require {
type httpd_t;
type var_t;
type transproxy_port_t;
class tcp_socket name_connect;
class file { read getattr open };
}
#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_can_network_connect'
allow httpd_t transproxy_port_t:tcp_socket name_connect;
allow httpd_t var_t:file { read getattr open };
[root]# sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M nginxlocalconf
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i nginxlocalconf.pp
[root]# semodule -i nginxlocalconf.pp