Centos 7 上使用nginx为Node.js配置反向代理时错误:(13: Permission denied) while connecting to upstream
错误来源:Centos 7 上使用nginx为Node.js配置反向代理时产生(13: Permission denied) while connecting to upstream的错误
nginx配置文件内容如下:
upstream node_server { server 127.0.0.1:5000 max_fails=3 fail_timeout=4s; server 127.0.0.1:5001 max_fails=3 fail_timeout=4s; } server { listen 80 default_server; listen [::]:80 default_server; index index.html index.htm; server_name _; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; proxy_buffer_size 16k; proxy_buffers 4 32k; proxy_pass http://node_server; } location /public/ { root /opt/app; } }
使用Node.js静态文件交由nginx管理,而动态的请求有Node.js处理(app.js需要重新配置),配置成功后分别启动nginx服务和Node.js服务,访问http:127.0.0.1出现 502 服务器端错误,
查阅各种资料发虽然有nginx在反向代理配置时虽然有出现此类错误,但并没有解决问题。
查看nginx错误日志:
cat /var/log/nginx/error.log
发现错误:failed (13: Permission denied) while connecting to upstream
原因及解决方案:问题是由SElinux导致,查看audit日志:
sudo cat /var/log/audit/audit.log | grep nginx | grep denied
错误信息:
type=AVC msg=audit(1437452895.972:639): avc: denied { name_connect } for pid=5884 comm="nginx" dest=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket permissive=0
修复此错误:
sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx sudo semodule -i mynginx.pp
问题最终得到解决。(附上最终成功界面截图)
解决方法在stackoverflow中的链接为:http://stackoverflow.com/questions/23948527/13-permission-denied-while-connecting-to-upstreamnginx
相关知识链接:1.SElinux http://vbird.dic.ksu.edu.tw/linux_basic/0440processcontrol_5.php