This page just describes how I have found out you can do to make stuff work in SELinux when they don’t. I feel there may be a better way to update SELinux in an organized manner. If you know how, don’t hesitate to send me an email at olle at iix dot se. Anyhow, here is my way of making stuff work at the moment. Locate the problem In this example....
server { listen *:80; server_name _; return 301 https://$host$request_uri; }
server { listen *:443; server_name iix.se; ssl on; ssl_certificate /etc/letsencrypt/live/iix.se/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/iix.se/privkey.pem; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1; proxy_read_timeout 90; } }
Spam in error.log: 2017/05/07 16:51:50 [error] 30504#0: *7089 connect() failed (111: Connection refused) while connecting to upstream, client: 169.54.244.93, server: iix.se, request: "GET / HTTP/1.1", upstream: "http://[::1]:8001/", host: "phoenix.iix.se" In your nginx configuration, replace hostnames with ip-addresses