Scenario / Questions

I’m struggling with some strange permission related behavior: when I configure nginx to listen to port 8080 everything works as expected, but when I use any other port I get something like

2014/01/10 09:20:02 [emerg] 30181#0: bind() to failed (13: Permission denied)

in /var/log/nginx/error.log

I have no clue where to look at so I don’t really know what parts of the configuration might be interesting.

in nginx.conf nginx is configured to run as nginx:

user  nginx;

Also user nginx is in another group ‘git’

in the site-config I tried to listen like this:

server {
    listen 8090; #does not work
    #listen 8080; #works
    #listen 9090; #does not work
    #listen 9090 default; #does not work neighter
    #listen 80; #works!
    server_name <some IP>;

I have only one more listener which serves port 443.

When I start some other service e.g. a SimpleHTTPServer on port 8090 etc. as non-root everything works fine:

$ python -m SimpleHTTPServer 8090
Serving HTTP on port 8090 ...
localhost.localdomain - - [10/Jan/2014 09:34:19] "GET / HTTP/1.1" 200 -

What can the reasons be for denied permissions in general?

System is Fedora 18 ngnix is stock fedora 1.2.9

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

This will most likely be related to SELinux

semanage port -l | grep http_port_t
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

As you can see from the output above with SELinux in enforcing mode http is only allowed to bind to the listed ports. The solution is to add the ports you want to bind on to the list

semanage port -a -t http_port_t  -p tcp 8090

will add port 8090 to the list.