proxy_pass isn't working when SELinux is enabled, why?

Question

I\'m having an application listening on port 8081 and Nginx running on port 8080. The proxy pass statement looks like:

$ cat /var/etc/opt/lj/output/services/abc.         


        

Answer 1

Read about audit2allow and used it to create a policy to allow access to the denied requests for Nginx.

Step 1 involves running audit2allow targeting nginxlocalconf:

$ sudo grep nginx /var/log/audit/audit.log | \
     grep denied | audit2allow -m nginxlocalconf > nginxlocalconf.te

Step 2, review results:

$ cat nginxlocalconf.te 

module nginxlocalconf 1.0;

require {
    type httpd_t;
    type var_t;
    type transproxy_port_t;
    class tcp_socket name_connect;
    class file { read getattr open };
}

#============= httpd_t ==============

#!!!! This avc can be allowed using the boolean 'httpd_can_network_connect'
allow httpd_t transproxy_port_t:tcp_socket name_connect;
allow httpd_t var_t:file { read getattr open };

Review steps to activate:

$ sudo grep nginx /var/log/audit/audit.log | grep denied | \
   audit2allow -M nginxlocalconf
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i nginxlocalconf.pp

Step 3, active:

$ sudo semodule -i nginxlocalconf.pp