Setting up lighttpd as a reverse proxy in front of a java web server.
System
CentOS 6.2 x64 running as a virtual guest
Errors
Error in /var/log/lighttpd/error.log
server started
connect failed: 8 Permission denied 13
proxy-server disabled: 127.0.0.1 9000 8
Error in /var/log/audit/audit.log (selinux)
type=AVC msg=audit(1334211267.437:7950): avc: denied { name_connect } for pid=21529 comm="lighttpd" dest=9000 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1334211267.437:7950): arch=c000003e syscall=42 success=no exit=-13 a0=9 a1=7fff20ab9060 a2=10 a3=1999999999999999 items=0 ppid=1 pid=21529 auid=500 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=498 sgid=498 fsgid=498 tty=(none) ses=19 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Error shown in web browser
500 - Internal Server Error
Diagnosis
run "semanage port -l | grep http_port_t"
It should show the allowed ports for the web servers.
Diagnosis
run "semanage port -l | grep http_port_t"
It should show the allowed ports for the web servers.
Solution
semanage port -a -t http_port_t -p tcp 9000
(or whichever port the internal web server is supposed to run on, that is not in the list above)
(or whichever port the internal web server is supposed to run on, that is not in the list above)
No comments:
Post a Comment