Apache HTTPD Tricks and Traps
This page is an accumulating collection of various minutiae about HTTPDS, mosly learned the hard` way.
Contents:
1. Problems
1.1. Failed to bind to address or port
HTTP fails to start, displaying this message:
httpd: (13)Permission denied: make_sock: could not bind to address [::]:8443
The message also shows in /var/log/messages, preceded by:
context=root:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=tcp_socket Jun 12 15:19:59 sakai-vre-demo kernel: audit(1150121999.270:195): avc: denied { name_bind } for pid=28837 comm="httpd" src=8443 scontext=root:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=tcp_socket
The commonly found cause of this problem is that the port is already bound by another process. (In our case, we thought it was Tomcat.) Another cause is that SELinux is installed and operating in "enforcing" mode, and the SELinux configuration does not allow this connection. In this case, a quick fix is to run SELinux in "permissive" mode until such time as the correct policy to emnforce can be determined. For this, edit /etc/selinux/config thus:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
2. References
3. Other links
http://fedora.redhat.com/docs/selinux-faq-fc3/ - Information and HOWTOs about SELinux.
-- GrahamKlyne 2006-06-12 14:46:10
