CentOS 7 have selinux activated, so when you decide to change your default httpd directories you have to give the right selinux permission to these directories otherwize the https server will not be able to access the files.
SeLinux is a way to isolate process / directories depending on an execution context. Your can see the context of each file by using ls -Z option.
SeLinux can be deactivated by using setenforce command:
# setenforce 0 <-- deactivate selinux # setenforce 1 <-- activate selinux
This is a way to verify if your problem comes from SeLinux or not
The command chcon allow you to change the security context – (take a look to comment as chcon could not be the best choice )
The log files & directories must have the httpd_log_t permission. Imagine your log dierctory is /httpd/logs you can gives the permission by using :
# chcon -Rv --type=httpd_log_t /httpd/logs
The html & php files must have httpd_sys_content_t permission ; the command looks like
# chcon -Rv --type=httpd_sys_content_t /httpd/htdocs
For the directory where you want apache to be able to write you must set a httpd_sys_rw_content_t permission
# chcon -Rv --type=httpd_sys_rw_content_t /httpd/htdocs/upload
The Apache configuration files and SSL certificates should have the following rights
# chcon -Rv --type=httpd_config_t /...
Allow to have internal connection (proxy)
When the nginx server want to reach a local springboot application exposed on a different port:
# setsebool -P httpd_can_network_connect 1
Allow to send mail
SeLinux is also protecting against sending mail from apache if not authorized. So if you need to send mail you need to authorize it
# setsebool -P httpd_can_sendmail=on
To see all the possible flag you can activate / disable with setsebool, check the command
# sestatus -b
You will see all existing flags and current status.
ALLOW TO ACCESS the database
# setsebool -P httpd_can_network_connect_db=on