For certain PHP application to work with Apache/MySQL in SELINUX you might face some issues, please see the trouble shooting steps below:
If you face issues with any port for MySQL DB connection to Apache2/Nginx
You can allow port 3306(Standard) for MySQL communications
semanage port -a -t mysqld_port_t -p tcp 3306
If you face issues in communication between Apache2/Nginx and MySQL use below commands
setsebool httpd_can_network_connect_db 1
To persistent this change across reboots run the following command.
setsebool -P httpd_can_network_connect_db on
For stacks like Laravel, Storage and Bootstrap/Cache need to have the right SELinux context.
Commands like given below can allow writable folders in SElinux
semanage fcontext -a -t httpd_sys_rw_content_t “/var/www/<Site>/storage(/.*)?”
semanage fcontext -a -t httpd_sys_rw_content_t “/var/www/<Site>/bootstrap/cache(/.*)?”
The SELinux context needs to be applied on the directories.
restorecon -Rv “/var/www/<Site>/storage”
restorecon -Rv “/var/www/<Site>/bootstrap/cache”
In case of Apache2, the apache user needs to have the rights to create files in both directories. This can be achieved via.
setfacl -R -m u:apache:rwX storage/
setfacl -R -m u:apache:rwX bootstrap/cache/
In case of Nginx, the nginx user needs to have the rights to create files in both directories. This can be achieved via.
setfacl -R -m u:nginx:rwX storage/
setfacl -R -m u:nginx:rwX bootstrap/cache/
For nginx for default site configuration you may get the error failed (13: Permission denied)
NGINX would require the configuration of a /var/www/website root html path in the site configuration. Due to default Enforcing SELinux being enabled Nginx service requires the root user(or using sudo) to grant permission using
“chcon -Rt httpd_sys_content_t /var/www/website”
SELinux trouble shooting for Centos/Redhat Apache/Nginx PHP Mysql