0

hi i like to connect through an nginx to an azure sql db to have an single point of access to my network. Goal is to access to the nginx publicip:1234 which is translated to mydb.database.microsoft.com:1433

I have configured a nginx on centos with stream addon.

config looks like:

stream {

upstream mssql {
     server mydb.database.microsoft.com:1433;
     server mydb.database.microsoft.com:1433;
}

server {
   listen 1234;
   proxy_pass mssql;
}
}

The mssql is configured to accept connections from the publicip of the nginx machine as well as has a service endpoint to the vnet where the nginx is connected to.

When i try to connect to the db through the nginx i receive the following error message:

.... connect() to IPOFDB:1433 failed (13: Permission denied) while connecting to upstream, client: MYIP server:0.0.0.0:1234 ...

The only idea why it my fail is that the outgoing ip from nginx is not the publicip which is whitelisted for the db and it does not use the vnet endpoint connection.

any ideas.

Thanks for your help.

kf2
  • 175
  • 3
  • 11
  • Probably an SELinux thing. [Check this out](https://stackoverflow.com/a/24830777/1790644), might be able to help. The kernel is rejecting nginx from reaching out to other nodes in on the network. To allow this, try running: `setsebool -P httpd_can_network_connect 1` – Matt Clark Apr 08 '19 at 21:09
  • i disabled sellinux, error still exists – kf2 Apr 10 '19 at 20:59

1 Answers1

0

Disable SElinux permanently and reboot

or

semanage port -a -t http_port_t  -p tcp 1234
k''
  • 702
  • 1
  • 8
  • 19