发表新帖
发表新帖

PDO connection works from command line, but not through Apache?

前端 未结
关注
4 1180
佛祖请我去吃肉
佛祖请我去吃肉 2020-12-16 17:40

I have a very simple test script:
相关标签:
4条回答
  • 隐瞒了意图╮
    2020-12-16 18:18

    If this is a Red Hat-derived distribution (RHEL, CentOS, Fedora, ScientificLinux) running SELinux (or any non Red Hat derivative using SELinux), the default policy setting at time of this writing is to prohibit Apache from making external connections to other servers or databases. As root, you must enable the following two SELinux booleans. Use the -P option to persist the change across a reboot.

    setsebool -P httpd_can_network_connect=1
setsebool -P httpd_can_network_connect_db=1

    Note that httpd_can_network_connect may not be necessary. Try it first turning on only httpd_can_network_connect_db.

    0 讨论(0)
  • 离开以前
    2020-12-16 18:20

    I had the same problem for PHP ftp ftp_connect and had to set the 

    setsebool -P httpd_can_network_connect=1

    It's confusing because other things like fil_get_contents and curl work through PHP and apache just fine before setting that.

    0 讨论(0)
  • 猫巷女王i
    2020-12-16 18:23

    In addition the using the above accepted answer

    setsebool -P httpd_can_network_connect=1
setsebool -P httpd_can_network_connect_db=1

    I had to also change the security context of a file that httpd was trying to access.

    A php script run through apache was trying to access a certificate file that was outside the normal document root of httpd. Changing the file permissions to allow httpd access was not enough to allow httpd access to that file. I had to change to security context as well, so before the change:

    [admin]$ ls -Z ../../certs/rds-ca-2015-root-us-east-1-BUNDLE.pem 
-rw-r--r--. admin apache unconfined_u:object_r:unlabeled_t:s0 ../../certs/rds-ca-2015-root-us-east-1-BUNDLE.pem

    Change context using:

    sudo chcon -v --type=httpd_sys_content_t ../../certs/rds-ca-2015-root-us-east-1-BUNDLE.pem```

    to get:

    [admin]$ ls -Z ../../certs/rds-ca-2015-root-us-east-1-BUNDLE.pem 
-rw-r--r--. admin apache unconfined_u:object_r:httpd_sys_content_t:s0 ../../certs/rds-ca-2015-root-us-east-1-BUNDLE.pem

    Now all is good. A good resource to look at is /var/log/audit/audit.log and pay close attention to errors. In my case the error that pointed to the direction of a resolution was:

    type=AVC msg=audit(1509047616.042:4049): avc:  denied  { read } for  pid=17096 comm="httpd" name="rds-ca-2015-root-us-east-1-BUNDLE.pem" dev="xvdb" ino=262146 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file
    0 讨论(0)
  • 旧巷少年郎
    2020-12-16 18:24

    Same issue but different cause here
    My solution was just a simple apt-get install php-mysql away

    Be sure to check for pdo_mysql in your phpinfo()
    Found it on this post : PDOException “could not find driver”

    I wonder why CLI worked in such conditions O_o Maybe something installed incorrectly, or got overriden ? Well, now, it works fine !

    0 讨论(0)
 看不清?
提交回复
热议问题