CentOS 7 have selinux activated, so when you decide to change your default httpd directories you have to give the right selinux permission to these directories otherwize the https server will not be able to access the files.

SeLinux

SeLinux is a way to isolate process / directories depending on an execution context. Your can see the context of each file by using ls -Z option.

SeLinux can be deactivated by using setenforce command:

# setenforce 0  <-- deactivate selinux
# setenforce 1  <-- activate selinux

This is a way to verify if your problem comes from SeLinux or not

The command chcon allow you to change the security context – (take a look to comment as chcon could not be the best choice )

Log files

The log files & directories must have the httpd_log_t permission. Imagine your log dierctory is /httpd/logs you can gives the permission by using :

# chcon -Rv --type=httpd_log_t /httpd/logs

Html files

The html & php files must have httpd_sys_content_t permission ; the command looks like

# chcon -Rv --type=httpd_sys_content_t /httpd/htdocs

For the directory where you want apache to be able to write you must set a httpd_sys_rw_content_t permission

# chcon -Rv --type=httpd_sys_rw_content_t /httpd/htdocs/upload

The Apache configuration files and SSL certificates should have the following rights

# chcon -Rv --type=httpd_config_t /...

Allow to have internal connection (proxy)

When the nginx server want to reach a local springboot application exposed on a different port:

# setsebool -P httpd_can_network_connect 1

Allow to send mail

SeLinux is also protecting against sending mail from apache if not authorized. So if you need to send mail you need to authorize it

# setsebool -P httpd_can_sendmail=on

To see all the possible flag you can activate / disable with setsebool, check the command

# sestatus -b

You will see all existing flags and current status.

ALLOW TO ACCESS the database

# setsebool -P httpd_can_network_connect_db=on