Nginx 502 error with proxy_pass and SELinux

Alessandro Miliucci

2026/05/10

If you are struggling with a proxy_pass directive that throws a “502 Bad Gateway” error for no apparent reason, it could be cause by a SELinux setting.

Security Enhanced Linux (SELinux) provides an additional layer of system security. SELinux fundamentally answers the question: “May [subject] do [action] to [object]”, for example: “May a web server access files in users’ home directories?”.

When SELinux is enforced, the httpd_can_network_connect rule will block any network connection starting from nginx. For this reason proxy_pass directives will fail with “502 Bad Gateway” because it cannot reach the service it wants to proxy.

You can disable it using setsebool.

sudo setsebool httpd_can_network_connect 1 -P

To completely disable SELinux, you can put it in permissive mode with sudo setenforce 0.