firewall-cmd --zone=public --add-port=3000/tcp
firewall-cmd --add-service=http
certbot certonly --standalone -d lieblichknuffeltal.de -d www.lieblichknuffeltal.de
- index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>gitea.lieblichknuffeltal.de</title>
</head>
<body>
<h1>It works</h1>
</body>
</html>
- lkt.conf
server {
listen 80;
listen [::]:80;
root /var/www/lieblichknuffeltal.de;
index index.html;
server_name lieblichknuffeltal.de www.lieblichknuffeltal.de;
}
#selinux doesn't permit nginx to read /var/www-
chcon -Rt httpd_sys_content_t /var/www
dnf install python3-certbot-nginx
certbot -d gitea.lieblichknuffeltal.de --expand --nginx
cat /var/log/audit/audit.log | grep denied | grep 3000
dnf whatprovides audit2why
dnf install policycoreutils-python-utils
cat /var/log/audit/audit.log | grep denied | grep 3000 | audit2why
setsebool -P httpd_can_network_connect 1
# or [doesn't work]
semanage port --add --type http_port_t --proto tcp 3000
semanage port -l | grep 3000