Nginx 403 error for single file while others work

Question

I have a simple Flask/Nginx server and 3 files in location /opt/hosting/files:

[adam@localhost]$ namei -om /opt/hosting/files
    f: /opt/hosting/files
     dr-xr-xr-x root  root  /
     drwxr-xr-x root  root  opt
     drwxr-xr-x root  root  hosting
     drwxr-xr-x nginx nginx files

In the folder files I have 3 files: two images and a bigger zip file:

[adam@localhost]$ ls -lh /opt/hosting/files/
total 424M
-rwx-----x. 1 nginx nginx  19K 03-06 01:29 file1.jpg
-rwx-----x. 1 nginx nginx  18M 03-06 03:34 file2.png
-rwxr-xr-x. 1 nginx nginx 406M 07-07 13:07 file3.zip

I am serving these files and while the first two appear without a problem, I get 403 Forbidden for the zip file both through www and using wget. I think directories permissions are set correctly, since the two other files are fine. Zip file properties are even higher so this shouldn't be an issue as well.

I tried using chown root:root and chown 777 for file and folders and couldn't access the file anyway. After making changes I'm restarting nginx with sudo systemctl restart uwsgi. SELinux shows Enforcing.

What is the problem here?

Answer 1

Got it. Reading a comment by tinesoft here made me check SELinux context of files (yes, I'm running CentOS, forgot to mention that) and it was:

[adam@localhost]$ ls -lZ /opt/hosting/files
-rwx-----x. nginx nginx unconfined_u:object_r:httpd_sys_content_t:s0 file1.jpg
-rwx-----x. nginx nginx unconfined_u:object_r:httpd_sys_content_t:s0 file2.png
-rwxr-xr-x. nginx nginx unconfined_u:object_r:user_home_t:s0 file3.zip

Then, following SELinux documentation from RedHat I managed to change the type of SELinux context from user_home_t to httpd_sys_content_t using

sudo chcon -t httpd_sys_content_t file3.zip

That was it.