问题
I have a drupal 8 site on the same physical server as apache solr (5.2.1). Drupal 8 uses the search_api_solr contrib module, which uses Solarium (installed by composer) to talk to the solr server using the http api.
I have successfully installed solr and created a core. I can query the core using cUrl on the linux command line, using various linux users.
I can access the solr admin screen in a browser (over vpn with 192.168 ip or domain resolving to such) and view the core I created on the cli.
However, the drupal solr module cannot connect to the solr server core, and if I create an index using the drupal module, it throws a php error:
[error] Uncaught PHP Exception Solarium\Exception\HttpException: "Solr HTTP error: HTTP request failed, Failed to connect to 127.0.0.1: Permission denied" at modules/search_api_solr/vendor/solarium/solarium/library/Solarium/Core/Client/Adapter/Curl.php line 248
My url is like this: http://127.0.0.1:8983/solr/mycore
I get the same error for
http://192.168.254.78:8983/solr/mycore
or
http://127.0.0.1:8080/solr/mycore << different port!
Why should Solarium not be able to send http to a local ip?
Note that nothing is listening on 8080, so I suspect that this http failure has nothing to do with the solr server.
回答1:
The problem turns out to be that SELinux on this CentOS6 machine is not allowing apache to talk to port 8983.
# setenforce 0
and our error goes away.
# setenforce 1
error is back
Check /var/log/audit.log.
This is what we saw:
type=AVC msg=audit(1457115397.149:224568): avc: denied { name_connect } for pid=4029 comm="httpd" dest=8983 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
Notice scontext is httpd_t (apache) And tcontext is port_t (a port)
Now by default apache can only listen on ports that are http_port_t
SO -- we check to see if our desired port "8983"
But first we need "semanage" which is provided by :
yum install policycoreutils-python
Now check for existing http_port_r's:
# semanage port -l | grep 'http_port_t'
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
Now let's add 8983
# semanage port -a -t http_port_t -p tcp 8983
And check again -- yup 8983 is there
# semanage port -l | grep 'http_port_t'
http_port_t tcp 8983, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
No more error with SELinux enforcing
来源:https://stackoverflow.com/questions/35610545/solarium-gets-permission-denied-when-trying-to-connect-apache-solr-at-local-ip