Allow nginx to access a remote DB on a Centos

If you try to access a remote database with nginx or httpd server, you will have a connection problem with error code (13) even if mysql/mariadb client works well in command line. The reason for that is a security limitation set by default not allowing httpd servers sur connect a remote DB.

To disable this limitation and make all work, just type in the command line :

# setsebool -P httpd_can_network_connect 1

You can list all the existing flags for httpd by using getsebool

# getsebool -a | grep httpd

In case you expect SELinux to be the cause of your problem, you can enable / disable it with the following functions

# setenforce 1
# setenforce 0

If you need to check what is the permission missing for SELinux you can run the audit

# tail -100 /var/log/audit/audit.log | audit2allow

 

This entry was posted in Non classé, Systems and tagged , , , . Bookmark the permalink.

4 Responses to Allow nginx to access a remote DB on a Centos

  1. boolsee says:

    Thank you very much !!!
    Your one line command fixed my long trouble !!!
    You saved me from the deepest hell.

    I do hate SELinux….
    (To frankly speaking, this is my responsibility. I have to study for this.)

    Regards,

  2. CertDepot says:

    Hi,

    You should use the command as follows:
    # setsebool -P httpd_can_network_connect 1
    If you don’t specify the -P option, everything will be lost after reboot.

    Regards.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.