π The Time I Added the Flask App on 8081 Too Soon β and NGINX Faceplanted
π₯ What Happened
While wiring up a reverse proxy for the Flask app on virtca8, I added this to nginx.conf:
location /virtca8/ {
proxy_pass http://127.0.0.1:8081/;
include proxy_set_header.conf;
}
But... the Flask app wasnβt running yet.
𧨠What Broke
-
nginx -tpassed β -
systemctl restart nginxfailed β -
Error:
Job for nginx.service failed because the control process exited with error code. -
journalctl -xerevealed:-
π SELinux blocked access to cert files (
star_fullchain.crt) -
π NGINX failed to connect to upstream
127.0.0.1:8081
-
π SELinux blocked access to cert files (
π οΈ What Fixed It
- Started the Flask app on port 8081 (or confirmed it was up)
-
Restored SELinux labels on certs:
restorecon -Rv /etc/pki/nginx -
Restarted nginx cleanly:
nginx -t && systemctl restart nginx
π Lessons Learned
|
β Do This |
π¬ Why |
|---|---|
|
|
Confirm Flask app is actually running |
|
Use |
Detect startup issues beyond syntax |
|
|
SELinux will silently block you otherwise |
|
Donβt wire dead upstreams |
NGINX gets angry fast |
Would you like a second entry for "The SELinux Certificate Label from Hell"? π
Β
- Log in to post comments