docs: fix SELinux policy guidance and add CentOS EOL notices

Replace the bare "disable temporarily" advice in the CentOS LAMP and
LEMP install guides with actionable SELinux policy steps for Cacti:
- setsebool httpd_can_network_connect + httpd_can_network_connect_db
- semanage fcontext / restorecon for non-default install paths
- link to current RHEL 9 SELinux docs (replaces broken CentOS link)
- fix malformed URL: https:////wiki.centos.org → RHEL docs

Add CentOS EOL notices to both guides: CentOS 7 EOL June 2024,
CentOS 8 EOL December 2021. Direct users to Rocky Linux / AlmaLinux
as binary-compatible RHEL rebuilds.

Refs Cacti#208

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>

Author: somethingwithproof

Install-Under-CentOS_LAMP.md

@@ -1,4 +1,6 @@
-# Installing on CentOS/RHEL/ROCKY
+# Installing on CentOS/RHEL/Rocky Linux/AlmaLinux
+
+> **Note:** CentOS Linux reached end-of-life on June 30, 2024 (CentOS 7) and December 31, 2021 (CentOS 8). New installations should use [Rocky Linux](https://rockylinux.org/) or [AlmaLinux](https://almalinux.org/), which are binary-compatible RHEL rebuilds. The commands in this guide apply to both.
 
 > **Note**: As of Cacti 1.2.31, PHP 8.1 is required and PHP Composer is required. 
 > Composer will be used to ensure all of the libraries are installed and are up to date.
@@ -478,31 +480,50 @@ configure the basics for Cacti.
 
 ### Security Enhanced Linux (SELinux)
 
-If you are having issues to access the web page, disable SELinux temporarily to
-prove that the issues come from the SELinux policy. It is NOT recommended to
-disable SELinux permanently.
+If you suspect SELinux is blocking Cacti, disable it temporarily to confirm, then re-enable it and apply the correct policy rather than leaving it disabled.
 
-[CentOS](https:////wiki.centos.org/es/HowTos/SELinux) has a lot of
-documentation on how to make your SELinux policy right.
+The [RHEL SELinux documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/) covers policy management in depth and applies equally to Rocky Linux and AlmaLinux.
 
 1. Check SELinux status
 
    ```console
    getenforce
    ```
 
-2. Disable SELinux temporarily
+2. Disable SELinux temporarily for testing
 
    ```console
    setenforce 0
    ```
 
-3. Enable SELinux back
+3. Re-enable SELinux
 
    ```console
    setenforce 1
    ```
 
+4. Configure SELinux booleans for Cacti
+
+   Cacti requires two booleans so Apache can reach the database and make outbound SNMP connections during polling:
+
+   ```console
+   setsebool -P httpd_can_network_connect 1
+   setsebool -P httpd_can_network_connect_db 1
+   ```
+
+5. Set file contexts (only needed if Cacti is outside `/var/www/html`)
+
+   If you installed Cacti to a non-default path, apply the correct SELinux file contexts. Replace `/path/to/cacti` with your actual install path:
+
+   ```console
+   semanage fcontext -a -t httpd_sys_content_t "/path/to/cacti(/.*)?"
+   semanage fcontext -a -t httpd_sys_rw_content_t "/path/to/cacti/rra(/.*)?"
+   semanage fcontext -a -t httpd_sys_rw_content_t "/path/to/cacti/log(/.*)?"
+   restorecon -Rv /path/to/cacti
+   ```
+
+   These labels grant Apache read access to Cacti's files and write access to the RRD and log directories. Without `httpd_sys_rw_content_t` on `rra/` and `log/`, graph generation silently fails even when UNIX permissions appear correct.
+
 ### Considerations when using Proxies in front of Cacti (Cacti 1.2.23+)
 
 For optimal security, only specify the HTTP headers that are set by your proxy
@@ -536,8 +557,7 @@ These can be set by editing the following section of config.php
 $proxy_headers = null;
 ```
 
-**Note:** If you installed Cacti out of `/var/www/html` make sure you fix up
-all SELinux context and permissions.
+**Note:** If you installed Cacti outside `/var/www/html`, run the `semanage fcontext` and `restorecon` commands from step 5 of the SELinux section above to apply the correct file contexts.
 
 ---
 Copyright (c) 2004-2026 The Cacti Group

Install-Under-CentOS_LEMP.md

@@ -1,4 +1,6 @@
-# Installing on CentOS 7
+# Installing on CentOS/RHEL/Rocky Linux/AlmaLinux (LEMP)
+
+> **Note:** CentOS Linux reached end-of-life on June 30, 2024 (CentOS 7) and December 31, 2021 (CentOS 8). New installations should use [Rocky Linux](https://rockylinux.org/) or [AlmaLinux](https://almalinux.org/), which are binary-compatible RHEL rebuilds. The commands in this guide apply to both.
 
 > **Note**: As of Cacti 1.2.31, PHP 8.1 is required and PHP Composer is required. 
 > Composer will be used to ensure all of the libraries are installed and are up to date.
@@ -528,33 +530,49 @@ configure the basics for Cacti.
 
 ### Security Enhanced Linux (SELinux)
 
-If you are having issues to access the web page, disable SELinux temporarily to
-prove that the issues come from the SELinux policy. It is NOT recommended to
-disable SELinux permanently.
+If you suspect SELinux is blocking Cacti, disable it temporarily to confirm, then re-enable it and apply the correct policy rather than leaving it disabled.
 
-[CentOS](https:////wiki.centos.org/es/HowTos/SELinux) has a lot of documentation
-on how to make your SELinux policy right.
+The [RHEL SELinux documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/) covers policy management in depth and applies equally to Rocky Linux and AlmaLinux.
 
-Check SELinux status
+1. Check SELinux status
 
-```console
-getenforce
-```
+   ```console
+   getenforce
+   ```
 
-Disable SELinux temporarily
+2. Disable SELinux temporarily for testing
 
-```console
-setenforce 0
-```
+   ```console
+   setenforce 0
+   ```
 
-Enable SELinux back
+3. Re-enable SELinux
 
-```console
-setenforce 1
-```
+   ```console
+   setenforce 1
+   ```
+
+4. Configure SELinux booleans for Cacti
+
+   Cacti requires two booleans so Nginx/PHP-FPM can reach the database and make outbound SNMP connections during polling:
+
+   ```console
+   setsebool -P httpd_can_network_connect 1
+   setsebool -P httpd_can_network_connect_db 1
+   ```
+
+5. Set file contexts (only needed if Cacti is outside `/usr/share/nginx/html`)
+
+   If you installed Cacti to a non-default path, apply the correct SELinux file contexts. Replace `/path/to/cacti` with your actual install path:
+
+   ```console
+   semanage fcontext -a -t httpd_sys_content_t "/path/to/cacti(/.*)?"
+   semanage fcontext -a -t httpd_sys_rw_content_t "/path/to/cacti/rra(/.*)?"
+   semanage fcontext -a -t httpd_sys_rw_content_t "/path/to/cacti/log(/.*)?"
+   restorecon -Rv /path/to/cacti
+   ```
 
-**Note:** If you installed Cacti out of `/usr/share/nginx/html` make sure you
-fix up all SELinux context and permissions.
+   These labels grant the web server read access to Cacti's files and write access to the RRD and log directories. Without `httpd_sys_rw_content_t` on `rra/` and `log/`, graph generation silently fails even when UNIX permissions appear correct.
 
 ---