The error occurs when Nginx attempts to create or access its PID file during startup or configuration testing. The system reports permission denial (error code 13) specifically for the /run/nginx.pid file location.

• Manual restart works (sudo systemctl restart nginx)
• Configuration test fails (nginx -t)
• Warnings about types_hash optimization appear
• Previous bind() to port 443 failure was reported

Three main scenarios can trigger this permission error:

1. Incorrect permissions on /run directory
2. SELinux/AppArmor restrictions (common on RedHat/Debian systems)
3. User context mismatch during testing vs service execution

1. Verify Directory Permissions

Check current permissions:

ls -ld /run/nginx
ls -la /run/nginx.pid

Set correct permissions if needed:

sudo mkdir -p /run/nginx
sudo chown -R nginx:nginx /run/nginx
sudo chmod -R 755 /run/nginx

2. Test with Correct Privileges

When testing configuration, always use:

sudo nginx -t

Or switch to root user first:

sudo su -
nginx -t
exit

3. Systemd Service Configuration

Edit your service unit file (typically at /usr/lib/systemd/system/nginx.service):

[Service]
PIDFile=/run/nginx.pid
RuntimeDirectory=nginx
RuntimeDirectoryMode=0755

Reload systemd:

sudo systemctl daemon-reload

4. SELinux Context (If Applicable)

For RHEL/CentOS systems:

sudo chcon -Rt httpd_sys_content_t /run/nginx
sudo restorecon -Rv /run/nginx

Create a systemd tmpfiles.d configuration:

echo "d /run/nginx 0755 nginx nginx -" | sudo tee /etc/tmpfiles.d/nginx.conf
sudo systemd-tmpfiles --create

# Verify PID file creation
sudo systemctl restart nginx
ls -la /run/nginx.pid

# Test configuration
sudo nginx -t

# Check service status
systemctl status nginx

• Check audit logs for SELinux denials: sudo ausearch -m avc -ts recent
• Verify running context: ps auxZ | grep nginx
• Test with full paths: sudo /usr/sbin/nginx -t -c /etc/nginx/nginx.conf

---

When running nginx -t to test your configuration, you encounter the error:

2020/11/14 12:37:40 [emerg] 68391#68391: open() "/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

This occurs because Nginx needs write permissions to create its PID file in /run/nginx.pid during startup. The error persists even after manually restarting the service.

The issue stems from two potential problems:

1. Incorrect permissions on the /run/nginx directory
2. Improper SELinux/apparmor configurations (if enabled)

First, let's ensure proper directory structure and permissions:

sudo mkdir -p /run/nginx
sudo chown -R nginx:nginx /run/nginx
sudo chmod -R 755 /run/nginx

For systems using systemd, you might need to create a tmpfiles.d configuration:

echo "d /run/nginx 0755 nginx nginx -" | sudo tee /etc/tmpfiles.d/nginx.conf
sudo systemd-tmpfiles --create

After applying these changes:

sudo systemctl restart nginx
nginx -t

The configuration test should now pass without permission errors.

If the issue persists, consider these additional steps:

SELinux Context

For SELinux-enabled systems:

sudo semanage fcontext -a -t httpd_var_run_t "/run/nginx(/.*)?"
sudo restorecon -Rv /run/nginx

AppArmor Configuration

For AppArmor systems, ensure your Nginx profile includes:

/run/nginx/* rw,

Alternative PID Location

You can configure Nginx to use a different PID file location by editing /etc/nginx/nginx.conf:

pid /var/run/nginx.pid;

Then create the directory with proper permissions:

sudo mkdir -p /var/run/nginx
sudo chown nginx:nginx /var/run/nginx

To ensure the directory persists across reboots, create a systemd service override:

sudo mkdir -p /etc/systemd/system/nginx.service.d
sudo tee /etc/systemd/system/nginx.service.d/override.conf <<EOF
[Service]
RuntimeDirectory=nginx
RuntimeDirectoryMode=0755
EOF
sudo systemctl daemon-reload