I was setting up a test webserver that I could run a couple different web apps. There are a few things you need to know in order to set this up. There are three modifications that you need to make to be able to do this from a default installation. These mods are through httpd, selinux, iptables.
Let's say I want to open a port on 8000. First, make your modifications to the apache config. This should be located in /etc/httpd/conf/httpd.conf
Listen 8000
<VirtualHost *:8000>
# ServerName I.dont.need.one.of.these.for.my.purposes
DocumentRoot /path/to/web/directory
SetEnv APPLICATION_ENV "development"
<Directory /path/to/web/directory>
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Great, that's all set up. Let's try and restart the httpd service
service http restart Stopping httpd: [OK] Starting httpd: [FAILED] (98)Address already in use: make_sock: could not bind to address [::]:8000
What? What's going on? Listing the services using netstats doesn't reveal that the port is taken. Doing some research reveals that CentOS is shipped with selinux setup and that I need to open a port for that
semanage port -a -t http_port_t -p tcp 8000
After this step, go ahead and restart the httpd service.
service http restart Stopping httpd: [FAILED] Starting httpd: [OK]
Yay, everything is working right? Navigate to http://192.168.0.1:8000 and nothing responds. Check the apache logs and there's not even an access attempt. Do a little more research and it looks like the default CentOS installation comes with iptables installed and tightly regulated. You'll find the config file at /etc/sysconfig/iptables. Add the following line.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8000 -j ACCEPT
Now all we need to do is restart iptables and we're all set
service iptables restart
Posts
No comments:
Post a Comment