NGINX Permissions: 'sudo nginx' vs 'sudo service nginx start'
110
Solution 1
This is an selinux problem.
When you run sudo nginx it starts nginx as unconfined_t, when you run sudo service nginx start it starts nginx as httpd_t.
By initially starting with just sudo it creates a bunch of files and initializes its state as unconfined_t. For example the pid file will be the wrong context. Thus when using service nginx stop to terminate it there is insufficient privileges for httpd_t to read files written by the unconfined_t.
You should really always start using service which will avoid this problem. To correct it you will need to relabel stateful files that exist in the filesystem, for example running restorecon /var/run/nginx.pid will correct the incorrect label set on that pid file.
I am not sure if there are any more files that get written out when the service is created which will also need correcting. You can get a list of which files that these might be doing ausearch -ts recent -m avc.
Solution 2
Some additional information for those who want to extend a little bit knowledge on selinux and to debug issues with selinux:
https://www.nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/
tl;dr
Debug issues with SElinux permissions:
- set permissive mode ( informs about security breach in audit.log and performs actions )
- check audit.log ( for centos and probaly all RH familly /var/log/audit/audit.log )
- apply proper permissions on SElinux or on files
Tool:
ausearch -i -m avc
will help to read audit.log in human readable format any AVC (SElinux) issue
You can also try to add:
-ts recent
-ts today
to narrow scope of search.
Related videos on Youtube
25 : 19
Nginx vs OpenLiteSpeed: What performs better?
![fix nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)](https://i.ytimg.com/vi/rSUeIeny8B0/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBW8GTO0K7rT7COFxPFUHHvqx5rKg)
02 : 36
fix nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
![[Fixed] Nginx Job for nginx.service failed](https://i.ytimg.com/vi/GbNne0XQr0I/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDWmGFITeQhzWjDNvOSIak3VETJ4w)
02 : 47
[Fixed] Nginx Job for nginx.service failed
03 : 05
How to uninstall Nginx completely in Ubuntu/Centos
39 : 12
#2 Cấu hình nginx trên ubuntu
![[Webserver-administration-P4] Nginx - Cài đặt nginx](https://i.ytimg.com/vi/5aOtuNaAUBY/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLD84312XGHwYLbwPUC9KRRIdT6fDg)
18 : 37
[Webserver-administration-P4] Nginx - Cài đặt nginx
![[Webserver-administration-P5] Nginx - Hướng dẫn cấu hình nginx - các thông số cơ bản (Phần 1)](https://i.ytimg.com/vi/t3Knb9iPn9U/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDuuIMqQZrauYkmxyV4W64StLWE0A)
38 : 23
[Webserver-administration-P5] Nginx - Hướng dẫn cấu hình nginx - các thông số cơ bản (Phần 1)
04 : 43
How to install the latest stable Nginx version on CentOS 8
Author by
Coretypes
Updated on September 18, 2022Comments
-
Coretypes over 1 year
To customize a window's title bar, I made it an unadorned window, but then suffered high performance losses.
The mouse events I use while dragging and resizing the window are not fast enough for this job.
Is it possible to resize and drag an undecorated window without using javafx mouse events?
Main.java
package main; import javafx.application.Application; import javafx.event.EventHandler; import javafx.fxml.FXMLLoader; import javafx.geometry.Rectangle2D; import javafx.scene.Parent; import javafx.scene.Scene; import javafx.scene.control.Button; import javafx.scene.control.Label; import javafx.scene.input.MouseEvent; import javafx.scene.layout.AnchorPane; import javafx.scene.layout.HBox; import javafx.scene.paint.Color; import javafx.stage.Screen; import javafx.stage.Stage; import javafx.stage.StageStyle; import java.awt.event.MouseListener; public class Main extends Application { // JavaFX Office Application Main Class double xLength, yLenght; boolean maximized = false, resizebottom; // variables double xOffset, yOffset, xCor, yCor, dx, dy; @Override public void start(Stage primaryStage) throws Exception { FXMLLoader loader = new FXMLLoader(getClass().getResource("main.fxml")); AnchorPane root = loader.load(); Scene scene = new Scene(root, 1366, 900); // Move Operations HBox titleBar = (HBox) loader.getNamespace().get( "titleBar"); titleBar.setOnMousePressed(event -> { xOffset = primaryStage.getX() - event.getScreenX(); yOffset = primaryStage.getY() - event.getScreenY(); }); titleBar.setOnMouseDragged(event -> { if (maximized) { primaryStage.setX(event.getScreenX()); primaryStage.setWidth(xLength); primaryStage.setHeight(yLenght); maximized = false; } else { primaryStage.setX(event.getScreenX() + xOffset); primaryStage.setY(event.getScreenY() + yOffset); } }); // Button Operations Label maximizeButton = (Label) loader.getNamespace().get( "maximizeButton" ); maximizeButton.setOnMouseClicked(mouseClickEvent -> { if (!maximized) { xLength = primaryStage.getWidth(); xCor = primaryStage.getX(); yLenght = primaryStage.getHeight(); yCor = primaryStage.getY(); root.setStyle("-fx-border-insets: 0;\n" + " -fx-background-insets: 0;"); primaryStage.setX(0); primaryStage.setY(0); primaryStage.setWidth(1920); primaryStage.setHeight(1050); maximized = true; } else { primaryStage.setWidth(xLength); primaryStage.setX(xCor); primaryStage.setHeight(yLenght); primaryStage.setY(yCor); root.setStyle("-fx-border-insets: 5;\n" + " -fx-background-insets: 5;"); maximized = false; } }); Label closeButton = (Label) loader.getNamespace().get( "closeButton" ); closeButton.setOnMouseClicked(mouseClickEvent -> { primaryStage.hide(); }); Label minimizeButton = (Label) loader.getNamespace().get( "minimizeButton" ); minimizeButton.setOnMouseClicked(mouseClickEvent -> { primaryStage.setIconified(true); }); scene.setFill(Color.TRANSPARENT); primaryStage.setScene(scene); primaryStage.initStyle(StageStyle.TRANSPARENT); ResizeHelper.addResizeListener(primaryStage); primaryStage.show(); } public static void main(String[] args) { launch(args); } }ResizeHelper.java
package main; import javafx.collections.ObservableList; import javafx.event.EventHandler; import javafx.event.EventType; import javafx.scene.Cursor; import javafx.scene.Node; import javafx.scene.Parent; import javafx.scene.Scene; import javafx.scene.input.MouseEvent; import javafx.stage.Stage; //created by Alexander Berg public class ResizeHelper { public static void addResizeListener(Stage stage) { ResizeListener resizeListener = new ResizeListener(stage); stage.getScene().addEventHandler(MouseEvent.MOUSE_MOVED, resizeListener); stage.getScene().addEventHandler(MouseEvent.MOUSE_PRESSED, resizeListener); stage.getScene().addEventHandler(MouseEvent.MOUSE_DRAGGED, resizeListener); stage.getScene().addEventHandler(MouseEvent.MOUSE_EXITED, resizeListener); stage.getScene().addEventHandler(MouseEvent.MOUSE_EXITED_TARGET, resizeListener); ObservableList<Node> children = stage.getScene().getRoot().getChildrenUnmodifiable(); for (Node child : children) { addListenerDeeply(child, resizeListener); } } public static void addListenerDeeply(Node node, EventHandler<MouseEvent> listener) { node.addEventHandler(MouseEvent.MOUSE_MOVED, listener); node.addEventHandler(MouseEvent.MOUSE_PRESSED, listener); node.addEventHandler(MouseEvent.MOUSE_DRAGGED, listener); node.addEventHandler(MouseEvent.MOUSE_EXITED, listener); node.addEventHandler(MouseEvent.MOUSE_EXITED_TARGET, listener); if (node instanceof Parent) { Parent parent = (Parent) node; ObservableList<Node> children = parent.getChildrenUnmodifiable(); for (Node child : children) { addListenerDeeply(child, listener); } } } static class ResizeListener implements EventHandler<MouseEvent> { private Stage stage; private Cursor cursorEvent = Cursor.DEFAULT; private int border = 4; private double startX = 0; private double startY = 0; public ResizeListener(Stage stage) { this.stage = stage; } @Override public void handle(MouseEvent mouseEvent) { EventType<? extends MouseEvent> mouseEventType = mouseEvent.getEventType(); Scene scene = stage.getScene(); double mouseEventX = mouseEvent.getSceneX(), mouseEventY = mouseEvent.getSceneY(), sceneWidth = scene.getWidth(), sceneHeight = scene.getHeight(); if (MouseEvent.MOUSE_MOVED.equals(mouseEventType) == true) { if (mouseEventX < border && mouseEventY < border) { cursorEvent = Cursor.NW_RESIZE; } else if (mouseEventX < border && mouseEventY > sceneHeight - border) { cursorEvent = Cursor.SW_RESIZE; } else if (mouseEventX > sceneWidth - border && mouseEventY < border) { cursorEvent = Cursor.NE_RESIZE; } else if (mouseEventX > sceneWidth - border && mouseEventY > sceneHeight - border) { cursorEvent = Cursor.SE_RESIZE; } else if (mouseEventX < border) { cursorEvent = Cursor.W_RESIZE; } else if (mouseEventX > sceneWidth - border) { cursorEvent = Cursor.E_RESIZE; } else if (mouseEventY < border) { cursorEvent = Cursor.N_RESIZE; } else if (mouseEventY > sceneHeight - border) { cursorEvent = Cursor.S_RESIZE; } else { cursorEvent = Cursor.DEFAULT; } scene.setCursor(cursorEvent); } else if(MouseEvent.MOUSE_EXITED.equals(mouseEventType) || MouseEvent.MOUSE_EXITED_TARGET.equals(mouseEventType)){ scene.setCursor(Cursor.DEFAULT); } else if (MouseEvent.MOUSE_PRESSED.equals(mouseEventType) == true) { startX = stage.getWidth() - mouseEventX; startY = stage.getHeight() - mouseEventY; } else if (MouseEvent.MOUSE_DRAGGED.equals(mouseEventType) == true) { if (Cursor.DEFAULT.equals(cursorEvent) == false) { if (Cursor.W_RESIZE.equals(cursorEvent) == false && Cursor.E_RESIZE.equals(cursorEvent) == false) { double minHeight = stage.getMinHeight() > (border*2) ? stage.getMinHeight() : (border*2); if (Cursor.NW_RESIZE.equals(cursorEvent) == true || Cursor.N_RESIZE.equals(cursorEvent) == true || Cursor.NE_RESIZE.equals(cursorEvent) == true) { if (stage.getHeight() > minHeight || mouseEventY < 0) { stage.setHeight(stage.getY() - mouseEvent.getScreenY() + stage.getHeight()); stage.setY(mouseEvent.getScreenY()); } } else { if (stage.getHeight() > minHeight || mouseEventY + startY - stage.getHeight() > 0) { stage.setHeight(mouseEventY + startY); } } } if (Cursor.N_RESIZE.equals(cursorEvent) == false && Cursor.S_RESIZE.equals(cursorEvent) == false) { double minWidth = stage.getMinWidth() > (border*2) ? stage.getMinWidth() : (border*2); if (Cursor.NW_RESIZE.equals(cursorEvent) == true || Cursor.W_RESIZE.equals(cursorEvent) == true || Cursor.SW_RESIZE.equals(cursorEvent) == true) { if (stage.getWidth() > minWidth || mouseEventX < 0) { stage.setWidth(stage.getX() - mouseEvent.getScreenX() + stage.getWidth()); stage.setX(mouseEvent.getScreenX()); } } else { if (stage.getWidth() > minWidth || mouseEventX + startX - stage.getWidth() > 0) { stage.setWidth(mouseEventX + startX); } } } } } } } }-
Michael Hampton over 9 yearsWhat is the output ofnginx -t? -
Saad Masood over 9 yearsIts says that configuration ok. And test successful.
-
Saad Masood over 9 yearsOk. I got it running. But im still confused. I usually start nginx with
sudo service nginx startBut this time i stopped it. and then just ransudo nginxwhich runs and i can see that nginx is listening on8081and8080. But when i try to stop it withsudo service nginx stopit says that it doesn't have permission for/var/run/nginx.pidwhich is weird as i'm doing a sudo on it. -
Saad Masood over 9 years@MichaelHampton so the question is How is
sudo nginxdifferent thansudo service nginx start???
-
-
Saad Masood over 9 yearsthe
ausearchcommand needs sudo. And after that it says<no matches>ls -Z /usr/sbin/nginxgive me-rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/nginx -
Saad Masood over 9 years
ps -eZ | grep nginxgive the following:unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 46438 ? 00:00:00 nginx -
Saad Masood over 9 years
ls -Z /var/run/nginx.pidgives:-rw-r--r--. root root unconfined_u:object_r:var_run_t:s0 /var/run/nginx.pid -
Saad Masood over 9 yearsHow can i rectify this?
-
Matthew Ife over 9 yearsRecent only goes back 10 minutes. You can put a time in from when you know you last ran the sudo command to see if it comes up then.
