====== Fedora/LKT ======


firewall-cmd --zone=public --add-port=3000/tcp
firewall-cmd --add-service=http

 certbot certonly --standalone -d lieblichknuffeltal.de -d www.lieblichknuffeltal.de

gitea.lieblichknuffeltal.de

It works

server { listen 80; listen [::]:80; root /var/www/lieblichknuffeltal.de; index index.html; server_name lieblichknuffeltal.de www.lieblichknuffeltal.de; }


#selinux doesn't permit nginx to read /var/www-
chcon -Rt httpd_sys_content_t /var/www

dnf install python3-certbot-nginx
certbot -d gitea.lieblichknuffeltal.de --expand --nginx


 cat /var/log/audit/audit.log | grep denied | grep 3000
dnf whatprovides audit2why
dnf install  policycoreutils-python-utils

cat /var/log/audit/audit.log | grep denied | grep 3000 | audit2why
setsebool -P httpd_can_network_connect 1
# or [doesn't work]
semanage port --add --type http_port_t --proto tcp 3000
semanage port -l | grep 3000