I need help figuring out the root cause of this permission denied error. What permissions does nginx need? Why is it so complicated?

the socket API bind() to a port less than 1024, such as 80 as your title mentioned, need root access.

here is "Bind to ports less than 1024 without root access"

and another easier way is to run nginx as root.

If you use a port bigger than 1024 and root privilege, then still get this problem, that's may cause by SELinux:

Check this port, say 8024, in segange port

sudo semanage port -l | grep http_port_t

If the port list no 8024, then add it into segange port

sudo semanage port -a -t http_port_t  -p tcp 8024

update in 2017.12.22

Sometimes your SELinux is disabled, you need to enforcing it first. Check the status of SELinux by

$ sestatus

More steps can read this wonderful article: https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-1-basic-concepts

If see this msg after run "nginx -t", you dont have premission run as root "sudo nginx -t"

The best solution would be:

1) add user to sudoers ( my user is prod)

usermod -aG sudo prod

2) inside circus ( process manager ) append sudo before nginx executable, mine looks like this:

[watcher:nginx]
cmd = sudo /usr/sbin/nginx
args = -c /home/t/Projects/x_b_11/etc/nginx.conf -p /home/t/Projects/x_b_11

3) and finaly add line into file /etc/sudoers ( my user is prod). This line avoids error (sudo: no tty present and no askpass program specified). Probably need to restart session ( reboot). Enjoy.

prod ALL = NOPASSWD: /usr/sbin/nginx

nginx needs root access. please use

sudo nginx

next step along with your password