SELinux ȯ°æÀ» »ç¿ëÇÏ´Â CentOS 6 ¿¡¼
yum À¸·Î apache httpd ¸¦ ¼³Ä¡ÈÄ, ±âµ¿½Ã ¾Æ·¡¿Í °°ÀÌ ¿À·ù°¡ ¹ß»ýÇÏ¿´´Ù.
¾Æ·¡ ±Û¿¡¼ º¸½Ã´Ù½ÃÇÇ,
SELinux ȯ°æ¿¡¼´Â apache/httpd °¡ 80, 81, 443, 488, 8008, 8009, 8443, 9000 Æ÷Æ®¸¸ ¹ÙÀεù µÉ ¼ö ÀÖ´Ù.
(semanage port -l | grep http ¸í·É¾î·Î Çã¿ëµÈ Æ÷Æ®¸¦ È®ÀÎÇÒ ¼ö ÀÖ´Ù)
(semanage ¸í·ÉÀÌ ¾ø´Ù¸é, sudo yum -y install policycoreutils-python °ú °°ÀÌ yum À» ÅëÇØ ¼³Ä¡ÇÒ ¼ö ÀÖ´Ù)
I happened to run into this problem because of missing SELinux permissions.
By default, SELinux only allowed apache/httpd to bind to the following ports:
80, 81, 443, 488, 8008, 8009, 8443, 9000
µû¶ó¼, httpd ¼³Á¤¿¡ À§ ¾ð±ÞµÈ Æ÷Æ® ÀÌ¿Ü ´Ù¸¥ Æ÷Æ®°¡ ¹ÙÀεù µÇ¸é, SELinux ȯ°æ¿¡¼ ¿À·ù¸¦ ¹ñ¾î³½´Ù.
So binding to my httpd.conf-configured Listen 88 HTTP port and
config.d/ssl.conf-configured Listen 8445 TLS/SSL port would fail with that default SELinux configuration.
À̸¦ ¼öÁ¤ÇÏ·Á¸é, »ç¿ëÇÏ·Á´Â Æ÷Æ®¸¦ SELinux ȯ°æ¿¡ µî·ÏÇØ ÁÖ¾î¾ß Çϴµ¥, ¾Æ·¡¿Í °°Àº ¸í·É¾î¸¦ »ç¿ëÇÏ¿© µî·ÏÇÒ ¼ö ÀÖ´Ù.
(°¢ ¸í·É¾îÀÇ -p tcp [Æ÷Æ®¹øÈ£] ¿¡¼ "Æ÷Æ®¹øÈ£" ´Â apache/httpd ·Î ¹ÙÀεù ÇÒ Æ÷Æ®¸¦ ÁöÁ¤ÇØ ÁÖ¸é µÈ´Ù)
(semanage ¸í·ÉÀÌ ¾ø´Ù¸é, sudo yum -y install policycoreutils-python °ú °°ÀÌ yum À» ÅëÇØ ¼³Ä¡ÇÒ ¼ö ÀÖ´Ù)
To fix my problem, I had to add ports 88 and 8445 to my system's SELinux configuration:
¡Ü Install semanage tools : sudo yum -y install policycoreutils-python
¡Ü Allow port 88 for httpd : sudo semanage port -a -t http_port_t -p tcp 88
¡Ü Allow port 8445 for httpd : sudo semanage port -a -t http_port_t -p tcp 8445
¾Æ·¡¿Í °°Àº ¸í·ÉÀ¸·Î apache/httpd ¿¡¼ »ç¿ëÇÏ°íÀÚ ÇÏ´Â 9880 Æ÷Æ®¸¦
SELinux ȯ°æ¿¡ µî·ÏÇÑ ÀÌÈÄ Á¤»ó ±âµ¿ µÊÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù.
|