Hi everyone, I’ve been hosting my small content website (focused mainly on Texas Roadhouse restaurant menus and reviews) on a Fedora Server setup for a few months, and recently I’ve been running into some strange technical issues. The website is built with a Node.js backend and served through Nginx, and until last week, everything worked perfectly. However, after a few system updates and configuration changes, my website has started throwing permission and SELinux-related errors that I can’t seem to resolve.
The first problem I noticed was that Nginx could no longer serve static files properly. Every request to an image, CSS, or JavaScript file returns a 403 Forbidden error. I checked the file permissions, and they’re all set to 755, owned by nginx:nginx. The Nginx configuration itself hasn’t changed — the document root still points to /var/www/html/mywebsite. When I disable SELinux temporarily using setenforce 0, everything works fine, but obviously, that’s not a permanent fix. So it seems like SELinux is blocking access, even though I’ve labeled the directory correctly using chcon -R -t httpd_sys_content_t /var/www/html/mywebsite.
Another issue is that my Node.js API (running as a systemd service) intermittently fails to bind to port 3000 after reboot. The service status shows “Permission denied” errors, and sometimes it fails silently without any output. I’ve checked the firewalld rules and port bindings, and nothing seems to be conflicting. When I check journalctl -xe, I see occasional audit logs from SELinux denying access to node for opening a socket. I’m not sure whether I need to set a specific policy for this or if there’s a simpler workaround to allow this process to communicate freely on the localhost.
I also noticed that after the last dnf update, my Let’s Encrypt SSL renewal process stopped working. The renewal script (using Certbot) can’t access the .well-known directory, which again points to an SELinux denial. The error message says “Permission denied: ‘/var/www/html/.well-known/acme-challenge’”. You can explore my website https://thetexasroadhousemenu.com/ I’ve already tried adjusting context types and verifying directory ownership, but it keeps failing during automatic renewals. This makes me think my entire web stack might need an SELinux policy refresh or reconfiguration.
Performance has also dropped since these issues started. The website used to serve pages instantly, but now every request takes 3–5 seconds to complete. System load looks normal, but the logs show frequent avc: denied messages related to file access and network sockets. I’ve read a few Fedora docs about SELinux troubleshooting using audit2why and audit2allow, but I’m hesitant to apply a broad policy change without fully understanding the impact.
Has anyone here experienced similar SELinux or permission issues while hosting a website on Fedora Server? Should I create a custom module for my web services, or is there a more “Fedora-friendly” way to permanently allow Nginx and Node.js to function together without disabling SELinux? I’d love to hear how other Fedora users are managing secure, production-grade web deployments. My goal is to keep the system safe but still get my restaurant website running smoothly again. Sorry for the long post!