Need Help with moving WWW root for Nginx

Hello fellow Fedora users: I am working with Fedora 43 KDE Edition and setting up my development environment.
The stack I have chosen is Vite, React, TailwindCSS and Nginx web server. Since this is a developer setup and Nginx is to test builds of the websites.

I have everything installed for supporting this environment. I want to move the root WWW directory from /var to /home/[user]/www. I can easily configure this in the Nginx configuration.

Where I need help is how to set SELinux to be able to “see” the user space directory.

Thanks in advance for any help!

Cheers. Michael Needham

You’d do something like… this, perhaps

semanage fcontext -a -t httpd_sys_content_t "/home/user/www(/.*)?"
restorecon -Rv /home/user/www

If that’s not enough, check the SELinux error messages for hints as to what’s happening to cause denials.

Hi. Thanks for this response. I think this is similar to allowing user hosting on Apache like the Universitys use. This is what was looking to do.

Thanks.

Michael

Hello: I thought this was solved. But I am still getting the 403 error no matter what. I have done the mods in the nginx.conf and checked the nginx.conf.default files. The SELinux permissions appear to be correct. I tried changing the user to nginx on that directory, which does defeat the purpose why I am moving it… I want to modify files in the directory without having to do everything as ‘sudo’.

SInce I am sure SELinux is not the problem (or perhaps the context is still not correct), I need other ideas. I have looked at the nginx log and actually tail -f was used and tried to access my index.html again like 4 times and it doesn’t seem to matter.

I am not sure what else I can do. The error.log just says permission denied and really doesn’t give a clear indication of what might be causing this.

I have set the directory recursively back to my user. After each modification of the conf file for nginx I do restart the server.

Completely at loss.

Thanks,

Michael

Does nginx have permission to read the folder? Try changing the group for the folder to nginx. If your SELinux logs are empty then it’s just regular POSIX perms.

OK, tried to change to the nginx group and the nginx log still says this:

2026/03/21 20:13:23 [error] 5634#5634: *1 “/home/mneedham/www/index.html” is forbidden (13: Permission denied), clie
│ nt: 127.0.0.1, server: _, request: “GET / HTTP/1.1”, host: “localhost”
916 │ 2026/03/21 20:13:27 [error] 5634#5634: *1 “/home/mneedham/www/index.html” is forbidden (13: Permission denied), clie
│ nt: 127.0.0.1, server: _, request: “GET / HTTP/1.1”, host: “localhost”

Still the 403 error.

here is the directory listing:

mneedham on Super-Spud ~ via  Node.js v25.8.1
➜ ll
drwxr-xr-x - mneedham mneedham system_u:object_r:cache_home_t:s0 21 Mar 20:02 .cache
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 16 Jan 05:44 .cargo
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 20 Jan 16:59 .cddb
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:config_home_t:s0 21 Mar 19:59 .config
drwx------ - mneedham mneedham unconfined_u:object_r:user_home_t:s0 28 Feb 21:12 .cups
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 3 Mar 17:24 .dotnet
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 28 Feb 21:35 .hplip
drwxr-xr-x - mneedham mneedham system_u:object_r:gconf_home_t:s0 4 Mar 16:38 .local
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:mozilla_home_t:s0 22 Oct 2025 .mozilla
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 18 Mar 13:51 .npm
drwx------ - mneedham mneedham unconfined_u:object_r:cache_home_t:s0 24 Dec 2025 .nv
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 18 Mar 13:42 .nvm
drwx------ - mneedham mneedham unconfined_u:object_r:home_cert_t:s0 19 Dec 2025 .pki
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 16 Jan 05:44 .rustup
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 24 Dec 2025 .steam
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 19 Dec 2025 .var
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 3 Mar 17:22 .vscode
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 25 Dec 2025 .zen
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 26 Dec 2025 Desktop
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 18 Mar 13:54 Documents
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 21 Mar 12:42 Downloads
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 25 Dec 2025 friction-1.0.0-rc.2-linux-x86_64
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 25 Dec 2025 Library
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 19 Dec 2025 motivate
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:audio_home_t:s0 28 Feb 21:50 Music
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 18 Mar 13:43 node_modules
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 4 Mar 17:04 Pictures
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 19 Dec 2025 Public
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 19 Dec 2025 Templates
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 25 Dec 2025 Unity
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 3 Mar 17:39 Videos
drwxr-xr-x - mneedham nginx unconfined_u:object_r:httpd_sys_content_t:s0 21 Mar 12:51 www
drwxr-xr-x - mneedham mneedham unconfined_u:object_r:user_home_t:s0 13 Feb 02:29 zig
.rw------- 14k mneedham mneedham unconfined_u:object_r:user_home_t:s0 21 Mar 20:15 .bash_history
.rw-r–r-- 18 mneedham mneedham unconfined_u:object_r:user_home_t:s0 22 Jul 2025 .bash_logout
.rw-r–r-- 165 mneedham mneedham unconfined_u:object_r:user_home_t:s0 16 Jan 05:44 .bash_profile
.rw-r–r-- 761 mneedham mneedham unconfined_u:object_r:user_home_t:s0 21 Mar 20:07 .bashrc
.rw-r–r-- 350 mneedham mneedham unconfined_u:object_r:user_home_t:s0 21 Mar 19:59 .gtkrc-2.0
.rw-r–r-- 21 mneedham mneedham unconfined_u:object_r:user_home_t:s0 16 Jan 05:44 .profile
lrwxrwxrwx - mneedham mneedham unconfined_u:object_r:user_home_t:s0 24 Dec 2025 .steampath → /home/mneedham/.steam/sdk32/steam
lrwxrwxrwx - mneedham mneedham unconfined_u:object_r:user_home_t:s0 24 Dec 2025 .steampid → /home/mneedham/.steam/steam.pid
.rw-r–r-- 0 mneedham mneedham unconfined_u:object_r:user_home_t:s0 19 Dec 2025 cap_%d
.rw-r–r-- 48k mneedham mneedham unconfined_u:object_r:user_home_t:s0 18 Mar 13:43 package-lock.json
.rw-r–r-- 50 mneedham mneedham unconfined_u:object_r:user_home_t:s0 18 Mar 13:43 package.json

mneedham on Super-Spud ~ via  Node.js v25.8.1
➜

Not sure where to go from there. Just not sure what is causing the problem.

Here is the ausearch command results BTW:

mneedham on Super-Spud /var/log  took 5s
➜ sudo ausearch -m avc -ts recent

mneedham on Super-Spud /var/log 
✗

Completely at a loss here.

Hi guys: Thank you for all the help. I decided that since it is not good practice to allow http access to your home directory anyhow, that I would just revert the nginx configurations back to the default. I can always follow the Apache paradigm for where to put my site and then modify the configs once again for the root.

In production, it will be a cloud server or physical server that is not part of my machine anyhow and though it is an extra step, you can still test the deployment on my local box by copying the build file (I am using Vite build with React and TailwindCSS) to the proper webserver directory on the same box and test it. Thanks again for the help.