Firewalld on CentOS 7 not letting PHP-FPM (+Apache 2.4) through
 

Hi everyone,

I recently switched from the prefork MPM to event in an Apache 2.4 installation on a CentOS 7 box. I have allowed http traffic through the firewall

and also enabled 9000/tcp, the port used by php-fpm on localhost (127.0.0.1):

However, when I browse to my virtual host, I get the following error:
Here's what I see in the virtual host log after each request:

I am discarding this being a problem of the virtual host Apache configuration, since when I disable temporarily firewalld I am able to see the site without issues. Thus, I am leaning towards the idea of firewalld being responsible for the 503 error mentioned above, but I don't know what other ports I should open or if there is any other service I should allow through the firewall.

Any ideas will be more than appreciated. Thank you all in advance!

According to the manpage, the "--permanent" only records the desired change. It does NOT make it active:

There is the option reload:

I forgot to add that I reloaded the configuration and even restarted firewalld after making the changes, to no avail :(.

Does firewall-cmd --list-all show the services and ports you enabled?

Possibly you should enable https. And the partial error message you posted almost hints at some kind of permissions problem rather than a firewall problem.

First off, thank you for taking the time to comment on this question. Permissions were my first guess too, but why would disabling the firewall solve a permissions issue?
I checked whether https was enabled, and yes it is. Here's the output of firewall-cmd --list-all:
I even added changed the configuration of php-fpm so that it would listen on all interfaces and not just on localhost (as it is the default), and I'm still getting this error. Surprisingly enough, I have the exact same setup on a Debian 8 box (or maybe not so exact, I am still trying to find a difference) with firewalld enabled -same ports and services- and it works like a charm. I also found out that turning masquerade on and off does not affect the result either.

I also thought it could be a SELinux issue, but SELinux is disabled on this particular host. So I keep running into blind alleys here.

Any further help will be more than appreciated.

I don't know, perhaps in your configuration there is some other port that needs to be opened. I never used php-fpm and I'm not familiar with it's requirements.

Maybe try accessing the site by IP rather than 'localhost'? You might verify that localhost is present in your /etc/hosts file, but if the site works with firewalld off that's probably not it.

I finally found an answer to this question. I read somewhere (don't remember where) that someone had a similar issue on a cloud VPS (which is my case as well). So I followed the same installation steps in a CentOS 7 virtual machine and to my surprise, everything worked wonderfully right from the start.
As I mentioned today, I was suspicious of firewalld. First thing I checked on the VM was that firewalld was enabled, which it was. Then I listed its services and ports enabled for all zones:

It didn't take long to realize that the default zone was set to internal and the network interface was added properly. (Please note that I didn't have to add TCP port 9000).

So I went back to my VPS, and did:

The errors were gone and I was finally able to access my site again.

Thank you guys for your time and your insights. I am going to mark this thread as solved and add to your reputation.

Thanks for posting the solution!