SELinux and Apache ProxyPass
Today I was having trouble getting a httpd ProxyPass and ProxyPassReverse to work. As a background I'm working in RedHat Enterprise Linux 6.1. It took me a while to figure out what was wrong (longer than it should have) and as it turns out it worked after I disabled SELinux. So my configs were correct in /etc/httpd/conf.d/* and it passed all config tests. I'm sure you don't want to read a whole post of talking so I'll just get right into the grit of the commands. For the rest of the explanation you can use the man pages. I'm assuming a higher level audience in this post though with man pages anyone can learn.
Yay for speed blogging! I feel better now that it's out of the way.
tail -f /var/log/httpd/error_log #shows an error setenforce 0 #config works so enable selinux again setenforce 1 getsebool --help getsebool -a getsebool -a | grep ^httpd cat /var/log/audit/audit.log | audit2allow -v #audit2allow will tell us what entries can be enabled to allow selinux to work setsebool httpd_can_network_relay on #test config so does it work? Yes getenforce #make sure selinux was still on #now save the changes to be permanent for when the machine reboots. setsebool -P httpd_can_network_relay on
Total Comments 0