13: Permission denied while connecting to upstream: nginx

13: Permission denied while connecting to upstream: nginx

While deploying nginx reverse proxy i came across this error. This turns out the issue was due to SELinux. My nginx configuration is below.

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log          /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   601;
    types_hash_max_size 2048;
    default_type        application/octet-stream;
    include             /etc/nginx/mime.types;
    include             /etc/nginx/conf.d/*.conf;

    server {
        listen 80;
        location / {
            # pass all communication to NaviServer on port 8000
            proxy_pass           http://127.0.0.1:8000;
            # add information about the original IP
            proxy_set_header     X-Forwarded-For $remote_addr;
            # upload files to file storage up to 1G
            client_max_body_size 1024M;
        }

        # error_page    500 502 503 504 /err/50x.html;
        # error_page    404             /err/404.html;
        # location /err/ {
        #     root /usr/share/nginx/html;
        # }

    }
}

When i'm trying to access the page I am getting 502 Bad Gateway.

Solution:

To solve this Error we need to tell SELinx to allow nginx to create an outgoing connection to port 8000.

Execute the following commands:

cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
semodule -i mynginx.pp

Now point your browser again to http://localhost/ and you should see the page.