Hi Tadej,
----- Original Message -----
> [...]
> Thanks for the nginx configuration instructions. I still had to overcome
> two issues before I could get nginx's metric values:
>
> 1) I had to configure nginx to allow access via IPv6, otherwise, I would
> get error messages like:
> 2015/09/10 08:20:26 [error] 4838#0: *1 access forbidden by rule,
> client: ::1, server: _, request: "GET /nginx_status HTTP/1.1", host:
> "localhost"
>
> So the relevant part of /etc/nginx/nginx.conf should look like:
>
> location /nginx_status {
> stub_status on;
> access_log off;
> allow 127.0.0.1;
> allow ::1;
> deny all;
> }
Ah yes, good catch - I'll update the man page with that information.
>
> 2) I had to temporarily disable SELinux, otherwise, I would get SELinux
> denial messages like:
> type=AVC msg=audit(1441874883.417:752): avc: denied { name_connect }
> for pid=4754 comm="perl" dest=80
> scontext=system_u:system_r:pcp_pmcd_t:s0
> tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
>
> For 2), I don't know whether I should file this as a bug report with PCP
> or distribution's (i.e. Fedora's) SELinux policy?
Yep, selinux-policy - and please CC me. Other PMDAs (pmdaapache) have a
similar need to access port 80... so I think the right thing will be for
pcp_pmcd_t to be allowed access, but lets see what the SELinux folk say.
cheers.
--
Nathan
|