apache not accepting incoming connections from outside of localhost

前端 未结 11 905
逝去的感伤
逝去的感伤 2020-12-04 05:59

I\'ve booted up a CentOS server on rackspace and executed yum install httpd\'d. Then services httpd start. So, just the barebones.

I can ac

相关标签:
11条回答
  • 2020-12-04 06:53

    SELinux prevents Apache (and therefore all Apache modules) from making remote connections by default.

    # setsebool -P httpd_can_network_connect=1
    
    0 讨论(0)
  • 2020-12-04 06:55

    this is what worked for us to get the apache accessible from outside:

    sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    sudo service iptables restart
    
    0 讨论(0)
  • 2020-12-04 06:57

    If you are using RHEL/CentOS 7 (the OP was not, but I thought I'd share the solution for my case), then you will need to use firewalld instead of the iptables service mentioned in other answers.

    firewall-cmd --zone=public --add-port=80/tcp --permanent
    firewall-cmd --reload
    

    And then check that it is running with:

    firewall-cmd --permanent --zone=public --list-all
    

    It should list 80/tcp under ports

    0 讨论(0)
  • 2020-12-04 07:01

    CentOS 7 uses firewalld by default now. But all the answers focus on iptables. So I wanted to add an answer related to firewalld.

    Since firewalld is a "wrapper" for iptables, using antonio-fornie's answer still seems to work but I was unable to "save" that new rule. So I wasn't able to connect to my apache server as soon as a restart of the firewall happened. Luckily it is actually much more straightforward to make an equivalent change with firewalld commands. First check if firewalld is running:

    firewall-cmd --state
    

    If it is running the response will simply be one line that says "running".

    To allow http (port 80) connections temporarily on the public zone:

    sudo firewall-cmd --zone=public --add-service=http
    

    The above will not be "saved", next time the firewalld service is restarted it'll go back to default rules. You should use this temporary rule to test and make sure it solves your connection issue before moving on.

    To permanently allow http connections on the public zone:

    sudo firewall-cmd --zone=public --permanent --add-service=http
    

    If you do the "permanent" command without doing the "temporary" command as well, you'll need to restart firewalld to get your new default rules (this might be different for non CentOS systems):

     sudo systemctl restart firewalld.service
    

    If this hasn't solved your connection issues it may be because your interface isn't in the "public zone". The following link is a great resource for learning about firewalld. It goes over in detail how to check, assign, and configure zones: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7

    0 讨论(0)
  • 2020-12-04 07:01

    Set apache to list to a specific interface and port something like below:

    Listen 192.170.2.1:80
    

    Also check for Iptables and TCP Wrappers entries that might be interfering on the host with outside hosts accessing that port

    Binding Docs For Apache

    0 讨论(0)
提交回复
热议问题