Linux – CentOS – disable/enable SELinux

From  CentOS 7 SELinux is enabled and set to enforcing by default.

To disable it pernamently open and edit /etc/selinux/config
and set the SELINUX=enforcing to permissive or disabled

After that change is made it is necessary to restart the system.

There is another way to disable it right away by running this command:

#setenforce 0

than to check the status run:

#sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

NGINX – (13: Permission denied) while connecting to upstream node.js server

While experimenting with simple node.js server on CentOS 7 and nginx upstream directive I run into some issues. I was able to access the node.js server running on port 8080 but when trying to access it via nginx I was getting error msg: (13: Permission denied) while connecting to upstream and 502 Bad Gateway error in the browser.

2016/01/10 14:34:55 [crit] 16705#0: *2 connect() to [::1]:8080 failed (13: Permission denied) while connecting to upstream, client: 172.31.123.123, server: www.mynode.local, request: "GET / HTTP/1.0", upstream: "http://[::1]:8080/", host: "www.mynode.local"

It turned out to be SELinux issue. I checked for errors in the SELinux logs:
cat /var/log/audit/audit.log | grep nginx | grep denied
where I found few clues:
type=AVC msg=audit(1452436495.252:181): avc: denied { name_connect } for pid=16705 comm="nginx" dest=8080 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket

And found that running the following commands fixed my issue:
cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
semodule -i mynginx.pp

After that everything was working as expected.