SELinux is set to Enforcing by default in Fedora. If you are deploying a production server, don’t disable SELinux.
$ getenforce
Enforcing
Run semanage port -l to see the default ports that apache or nginx can access. If you reverse proxy to one of these ports, then you don’t need to change the security policy.
$ semanage port -l | grep http_port
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
If you want to reverse proxy to a different port such as 5000, here is how you can change the security policy.
semanage port -a -t http_port_t -p tcp 5000
You also need to set a boolean that will allow apache or nginx to reverse proxy.
# Allow apache/nginx to reverse proxy
$ setsebool httpd_can_network_relay 1
# Allow apache/nginx to reverse proxy permanently even after reboot
$ setsebool httpd_can_network_relay 1 -P
Don’t blindly trust audit2allow -a to dictate your security policy! Here is the SELinux manual.