I have Apache/2.4.6 installed in a minimal CentOS 7 VM. I am trying to access the default page when Apache is installed by accessing the CentOS IP as http://192.168.3.130 (is a host only interface) but I got "This webpage is not available: ERR_CONNECTION_TIMED_OUT" and I can't find why. I have stopped iptables and then checked:
# service iptables status Redirecting to /bin/systemctl status iptables.service ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled) Active: inactive (dead)
Jan 29 11:22:43 devserver.local systemd[1]: Stopped IPv4 firewall with iptables.
isn't running. I have checked the status of Apache:
# service httpd status Redirecting to /bin/systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2016-01-29 11:16:00 EST; 7min ago Docs: man:httpd(8) man:apachectl(8) Main PID: 18738 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service ├─18738 /usr/sbin/httpd -DFOREGROUND ├─18739 /usr/sbin/httpd -DFOREGROUND ├─18740 /usr/sbin/httpd -DFOREGROUND ├─18741 /usr/sbin/httpd -DFOREGROUND ├─18742 /usr/sbin/httpd -DFOREGROUND └─18743 /usr/sbin/httpd -DFOREGROUND
Jan 29 11:15:58 devserver.local systemd[1]: Starting The Apache HTTP Server... Jan 29 11:15:59 devserver.local httpd[18738]: AH00557: httpd: apr_sockaddr_info_get() failed for devserver.local Jan 29 11:15:59 devserver.local httpd[18738]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message Jan 29 11:16:00 devserver.local systemd[1]: Started The Apache HTTP Server.
it's running. I have checked network status:
# ifconfig eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.222.133 netmask 255.255.255.0 broadcast 192.168.222.255 inet6 fe80::20c:29ff:fe6f:2b72 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:6f:2b:72 txqueuelen 1000 (Ethernet) RX packets 152628 bytes 225455749 (215.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 54931 bytes 3355746 (3.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554952: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.3.130 netmask 255.255.255.0 broadcast 192.168.3.255 inet6 fe80::20c:29ff:fe6f:2b7c prefixlen 64 scopeid 0x20<link> ether 00:0c:29:6f:2b:7c txqueuelen 1000 (Ethernet) RX packets 9655 bytes 702056 (685.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5800 bytes 529054 (516.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 20 bytes 1700 (1.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20 bytes 1700 (1.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
it's fine. I have ping server from Windows:
C:\Users\reynierpm>ping 192.168.3.130
Pinging 192.168.3.130 with 32 bytes of data: Reply from 192.168.3.130: bytes=32 time<1ms TTL=64 Reply from 192.168.3.130: bytes=32 time<1ms TTL=64 Reply from 192.168.3.130: bytes=32 time<1ms TTL=64 Reply from 192.168.3.130: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.3.130: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
it works. So ... what's wrong? What I am missing here?
On 29/01/16 16:35, reynierpm@gmail.com wrote:
I have Apache/2.4.6 installed in a minimal CentOS 7 VM. I am trying to access the default page when Apache is installed by accessing the CentOS IP as http://192.168.3.130 (is a host only interface) but I got "This webpage is not available: ERR_CONNECTION_TIMED_OUT" and I can't find why. I have stopped iptables and then checked:
my first guess would be;
setsebool -P httpd_can_network_connect on
firewall-cmd --add-service=http --permanent
if you're serving over https you'll also want; firewall-cmd --add-service=https --permanent
if you intend on sending email; setsebool -P httpd_can_sendmail on
On Fri, Jan 29, 2016 at 11:41 AM, Michael H michael@wemoto.com wrote:
setsebool -P httpd_can_network_connect on firewall-cmd --add-service=http --permanent
I have ran those two and still can't access. I have restarted httpd and iptables services after ran those lines. BTW, what those means? setsebool is part of SELinux? Or this is new kind of extra security layer on CentOS7? I am moving from Centos 6.7 to 7 and things change between versions.
On 29/01/16 16:45, reynierpm@gmail.com wrote:
On Fri, Jan 29, 2016 at 11:41 AM, Michael H michael@wemoto.com wrote:
setsebool -P httpd_can_network_connect on firewall-cmd --add-service=http --permanent
I have ran those two and still can't access. I have restarted httpd and iptables services after ran those lines. BTW, what those means? setsebool is part of SELinux? Or this is new kind of extra security layer on CentOS7? I am moving from Centos 6.7 to 7 and things change between versions.
Selinux has been around for a while.
setsebool - set selinux boolean
You should probably be using the firewall-cmd rather than iptables; firewall-cmd --add-service=http --permanent - add the http service to your firewall.
I forgot, unless you run
firewall-cmd --reload
the rules may not be in play.
Michael
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Fri, Jan 29, 2016 at 11:48 AM, Michael H michael@wemoto.com wrote:
Selinux has been around for a while.
Yes, I know this but ...
setsebool - set selinux boolean
What I am asking is if the command above is part of SELinux since I doesn't use before because it's a VM running on my PC so I not need such security levels.
You should probably be using the firewall-cmd rather than iptables; firewall-cmd --add-service=http --permanent - add the http service to your firewall.
I forgot, unless you run
firewall-cmd --reload
the rules may not be in play.
Ummmm ....
# firewall-cmd --reload FirewallD is not running
I should add this is a minimal CentOS perhaps it's lacks a few packages and I am not aware of which ones
On Fri, Jan 29, 2016 at 11:52 AM, reynierpm@gmail.com reynierpm@gmail.com wrote:
On Fri, Jan 29, 2016 at 11:48 AM, Michael H michael@wemoto.com wrote:
Selinux has been around for a while.
Yes, I know this but ...
setsebool - set selinux boolean
What I am asking is if the command above is part of SELinux since I doesn't use before because it's a VM running on my PC so I not need such security levels.
You should probably be using the firewall-cmd rather than iptables; firewall-cmd --add-service=http --permanent - add the http service to your firewall.
I forgot, unless you run
firewall-cmd --reload
the rules may not be in play.
Ummmm ....
# firewall-cmd --reload FirewallD is not running
On 29/01/16 16:52, reynierpm@gmail.com wrote:
On Fri, Jan 29, 2016 at 11:48 AM, Michael H michael@wemoto.com wrote:
Selinux has been around for a while.
Yes, I know this but ...
setsebool - set selinux boolean
What I am asking is if the command above is part of SELinux since I doesn't use before because it's a VM running on my PC so I not need such security levels.
You should probably be using the firewall-cmd rather than iptables; firewall-cmd --add-service=http --permanent - add the http service to your firewall.
I forgot, unless you run
firewall-cmd --reload
the rules may not be in play.
Ummmm ....
# firewall-cmd --reload FirewallD is not running
systemctl stop iptables systemctl disable iptables
systemctl start firewalld systemctl enable firewalld
firewall-cmd --list-services - confirm you have http, if not repeat the previous commands to add services.
setsebool is a part of selinux. if you don't care about it
setenforce 0
systemctl restart httpd
firewall-cmd --reload
and test.
ensure /etc/httpd/conf.d/[yourvirtualhost].conf has listen *:80
I've setup several web servers this week, if this isn't working, you broke something. We always use minimal installs.
Michael
On Fri, Jan 29, 2016 at 11:56 AM, Michael H michael@wemoto.com wrote:
I've setup several web servers this week, if this isn't working, you broke something. We always use minimal installs.
No problem, it works! Thx
-
Michael H -
reynierpm@gmail.com