- 1STM32F7QSPI学习笔记——读写N25Q128
- 2论文阅读:PIDNet: A Real-time Semantic Segmentation Network Inspired by PIDControllers
- 3uboot之SPL理解和主要流程梳理_spl: failed to boot from all boot devices
- 4探讨BI可视化下的旅游大数据分析,你的钱都花哪了?_旅游可视化能运用什么技术
- 5python 图片和二进制转换的三种方式_代码图片转二进制
- 6ELK搭建(八):搭建PostgreSQL性能、运行效率监控平台_elastic监控大批量postgresql日志
- 7OpenAI 生成视频模型 Sora 论文翻译_photorealistic video generation with diffusion mod
- 8Unity录音AudioClip转MP3格式_unity audioclip 存本地mp3
- 9多线程脚本python_python多线程脚本编写
- 10基于TP5、EasyWeChat、fastadmin微信小程序授权登录_基于thinkphp5+easywechat+fastadmin微信小程序授权登录&获取手机号&微信
linux修改http端口80,在开启selinux的情况下,如何修改httpd的端口且服务能正常使用...
赞
踩
本次测试将原有httpd的port 80 修改为801
[root@localhost ~]# systemctl restart httpd
Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.
[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# systemctl start httpd
Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.
[root@localhost ~]# !v
vim /etc/httpd/conf/httpd.conf
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 801 修改为801 违返selinux
[root@localhost ~]# semanage port -l |grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 没有801所以不能接管httpd
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@localhost ~]#systemctl status -l httpd
10月 19 14:46:02 localhost.localdomain httpd[1452]: AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.localdomain. Set the ‘ServerName’ directive globally to suppress this message
10月 19 14:46:02 localhost.localdomain httpd[1452]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:801
10月 19 14:46:02 localhost.localdomain httpd[1452]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:801
[root@localhost ~]# journalctl -xn
***** Plugin catchall (1.49 confidence) suggests
10月 19 14:46:02 localhost.localdomain httpd[1452]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:801
10月 19 14:46:02 localhost.localdomain httpd[1452]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:801 //不允许801调用本地sock
If you believe that httpd should be allowed name_bin
Then you should report this as a bug.
You can generate a local policy module to allow this
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow
# semodule -i mypol.pp *********//selinux报错
解决方案
semanage port -a -t http_port_t -p tcp 801 将801加入selinux
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 801, 80, 81, 443, 488, 8008, 8009, 8443, 9000 ///801已加入
[root@localhost ~]# systemctl status httpd.service
httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
Active: active (running) since 二 2016-10-18 18:18:25 CST; 6min ago //启动正常
Process: 49005 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 49231 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
CGroup: /system.slice/httpd.service
[root@localhost ~]# netstat -ntlp |grep http
tcp6 0 0 :::801 :::* LISTEN 49231/httpd
本地测试
[root@localhost ~]# curl http://localhost:801
test1
t2
艇3
dfdfdfdf
外部测试完成
扩展
senamage 端口 增加 类型 [] 协议 TCP/UDP 端口
semanage port -a -t http_port_t -p tcp 801
senamage 端口 修改 类型 [] 协议 TCP/UDP 端口
semanage port -m -t http_port_t -p tcp 801
senamage 端口 删除 类型 [] 协议 TCP/UDP 端口
semanage port -d -t http_port_t -p tcp 801
