🟠 High   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: RHEL 10.0 RHEL 10.1

πŸ“– ~1 min read

Table of contents
  1. Problem Summary
  2. Symptoms
  3. Diagnostics
  4. Root Cause
  5. Primary Fix
  6. Verification
  7. Prevention
  8. Rollback
  9. Automation
  10. Command Reference
  11. Escalation
  12. Related Notes

Problem Summary

NGINX returns 502 because SELinux denies outbound proxy connection.

Symptoms

audit logs show AVC denial for httpd_t name_connect.

Diagnostics

Run ausearch -m AVC -ts recent and getenforce.

Root Cause

Boolean for network connects by httpd is disabled.

Primary Fix

Enable setsebool -P httpd_can_network_connect 1 and verify contexts.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for rhel-10 β€” rhel10-b02-p30-1
Illustrative mockup β€” Progressive Robot β€” Illustrative mockup β€” Progressive Robot

Verification

Confirm NGINX upstream responds and no new AVC events appear.

Illustrative mockup for rhel-10 β€” rhel10-b02-p30-2
Illustrative mockup β€” Progressive Robot β€” Illustrative mockup β€” Progressive Robot

Prevention

Include SELinux boolean checks in deployment checklist.

Rollback

Disable boolean only if business requirement changes.

Automation

Apply booleans via Ansible seboolean module.

Command Reference

getenforce; setsebool -P httpd_can_network_connect 1; journalctl -t setroubleshoot

Escalation

Share AVC records and policy package versions.

Avoid switching SELinux to permissive as a permanent workaround.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.