Firewalld on CentOS 7 not letting PHP-FPM (+Apache 2.4) through
Hi everyone,
I recently switched from the prefork MPM to event in an Apache 2.4 installation on a CentOS 7 box. I have allowed http traffic through the firewall Quote:
Quote:
Quote:
Code:
[Fri Nov 20 11:44:11.982158 2015] [proxy_fcgi:error] [pid 3930:tid 140185148798720] (104)Connection reset by peer: [client AAA.BBB.CCC.DDD:33215] AH01074: Failed writing Environment to : Any ideas will be more than appreciated. Thank you all in advance! |
According to the manpage, the "--permanent" only records the desired change. It does NOT make it active:
Code:
Permanent Options Code:
--reload |
Quote:
|
Does firewall-cmd --list-all show the services and ports you enabled?
Possibly you should enable https. And the partial error message you posted almost hints at some kind of permissions problem rather than a firewall problem. |
Quote:
I checked whether https was enabled, and yes it is. Here's the output of firewall-cmd --list-all: Code:
[root@centos7 ~]# firewall-cmd --list-all I also thought it could be a SELinux issue, but SELinux is disabled on this particular host. So I keep running into blind alleys here. Any further help will be more than appreciated. |
I don't know, perhaps in your configuration there is some other port that needs to be opened. I never used php-fpm and I'm not familiar with it's requirements.
Maybe try accessing the site by IP rather than 'localhost'? You might verify that localhost is present in your /etc/hosts file, but if the site works with firewalld off that's probably not it. |
I finally found an answer to this question. I read somewhere (don't remember where) that someone had a similar issue on a cloud VPS (which is my case as well). So I followed the same installation steps in a CentOS 7 virtual machine and to my surprise, everything worked wonderfully right from the start.
As I mentioned today, I was suspicious of firewalld. First thing I checked on the VM was that firewalld was enabled, which it was. Then I listed its services and ports enabled for all zones: Code:
[root@node1 ~]# firewall-cmd --list-all So I went back to my VPS, and did: Code:
firewall-cmd --zone=internal --add-interface=tun6to4 Thank you guys for your time and your insights. I am going to mark this thread as solved and add to your reputation. |
Thanks for posting the solution!
|
All times are GMT -5. The time now is 12:33 PM. |