Apache HTTPD Tricks and Traps

This page is an accumulating collection of various minutiae about HTTPDS, mosly learned the hard` way.

Contents:

1. Problems

1.1. Failed to bind to address or port

HTTP fails to start, displaying this message:

}}} The message also shows in /var/log/messages, preceded by:

Jun 12 15:19:59 sakai-vre-demo kernel: audit(1150121999.270:195): avc: denied { name_bind } for pid=28837 comm="httpd" src=8443 scontext=root:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=tcp_socket }}}

The commonly found cause of this problem is that the port is already bound by another process. (In our case, we thought it was Tomcat.) Another cause is that SELinux is installed and operating in "enforcing" mode, and the SELinux configuration does not allow this connection. In this case, a quick fix is to run SELinux in "permissive" mode until such time as the correct policy to emnforce can be determined. For this, edit /etc/selinux/config thus:

# SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted }}}

2. References


-- GrahamKlyne 2006-06-12 14:46:10

Creative Commons License
The content of this wiki is licensed under the Creative Commons Attribution-ShareAlike 2.0 England & Wales Licence.

OSS Watch is funded by the Joint Information Systems Committee (JISC) and is situated within the Research Technologies Service (RTS) of the University of Oxford.