I have developped an application in php. One of its functions is to ping an external server.
However, when this action was fired nothing happened. I checked the SELinux log and generated a policy to allow apache daemon to ping (ping works fine if log in as apache user). After installing that policy, no error is shown on SELinux log, but on the httpd log appears a lot of times:
ping: recvmsg: Permission denied
I know it is a SELinux configuration problem (Socket connection maybe?) because if I disable it, it works nice, but this is not an option for me.
I have redirected the output of the ping command to a text file and, after firing the action, this is the result:
PING myhost (myip) 56(84) bytes of data.
--- myhost ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 13002ms
So I am kind of stuck at this point. Anyone can help me?
Thanks a lot.
After a fresh install it all worked. Don't mess with policies, kids.
Related
I've been struggling with this issue for 2 days now and it's starting to be a big problem.
we have 2 LB on which HAproxy is installed,
I've tried to change the certificats on the first one and it fell down and couldn't restart it even when getting back the old haproxy.cfg file.
after a while I tried to restart the server and it did the job. I had my Haproxy running on the failed node. and I successfully changed the ssl certificats on that one.
Then, I tried to do the same on the second, and then it went down and nothing seem to be correcting the problem; not restarting haproxy on the old haproxy.cfg file nor restarting the whole server.
the error I get is like this :
Starting frontend PAGEMAINTENANC_GUN: cannot bind socket [10.168.10.16:80]
Can you please give me some little help?
thank you all in advance.
It seems that I've been trying to bind to an IP address that is not local. That's why the HAproxy fails to start. The solution was to set ip_nonlocal_bind to 1.
To get info:
sysctl net.ipv4.ip_nonlocal_bind
Set net.ipv4.ip_nonlocal_bind to 1
sysctl -w net.ipv4.ip_nonlocal_bind=1
Restart HAproxy works
I’ve used docker some in the past , I’m trying to introduce it at a new environment, but cannot get docker pull working. Keeps failing with 503 response.
What I could use help with is finding the underlying cause of this issue, so I can have the net/it admins fix whatever it is, be it firewall, ssl, proxy authentication, (all the usual suspects running docker/windows in a corporate network, ya know.)
Where can I look to see the root cause of pull failures to help them out? Also any specific diagnostic tests I could run to help figure this out would help.
I am able to hit registry-1.docker.io in general:
e.g.
curl https://registry-1.docker.io/v2/
{“errors”:[{“code”:“UNAUTHORIZED”,“message”:“authentication required”,“detail”:null}]}
I’ve poked through the logs in %localappdata%/docker, but have not been able to find anything.
the only thing I found at all was in dockerd.log:
2021-08-19T13:59:06Z dockerd time=“2021-08-19T13:59:06.656666400Z” level=debug msg="pulling blob “sha256:9da81141e74e38839836e81c2691d3c7ac54bf34272e5d4a636fc032150506a4"”
2021-08-19T13:59:06Z dockerd time=“2021-08-19T13:59:06.994330700Z” level=info msg=“Download failed, retrying (1/5): received unexpected HTTP status: 503 Service Unavailable”
Which does not really help. I know docker registry is not down, so this is not really a 503 from docker.
System info
OS: Windows 10 19043, WSL2 enabled (VM with virtualization enabled, if that matters)
Docker version 20.10.7, build f0df350
repro steps:
docker run -d -p 80:80 docker/getting-started
Unable to find image ‘docker/getting-started:latest’ locally
latest: Pulling from docker/getting-started
540db60ca938: Retrying in X seconds (repeats countdown a few times with increasing wait times )
0ae30075c5da: Retrying in X seconds
9da81141e74e: Retrying in X seconds
b2e41dd2ded0: Waiting
7f40e809fb2d: Waiting
758848c48411: Waiting
23ded5c3e3fe: Waiting
38a847d4d941: Waiting
docker: received unexpected HTTP status: 503 Service Unavailable. (finally)
See ‘docker run --help’.
Thanks.
JS
Answering my own question: I ran docker through fiddler, by setting the docker proxy to localhost:8888. Inspecting the body of the 503 response in fiddler, I was able to see the cause: The corporate firewall rules were blocking executable file transfers.
After a recent automatic update to linux components (CentOS v7 with PLesk 17.8.11) my web (php) applications are no longer enabled to do outbound connections.
Both "curl" requests and PHPMailer fail; curl is returning http code 0 with no content, while PHPMailer says "SMTP Connect() failed".
The same statements/programs work perfectly when run from terminal (root user). In other words, if I write a trivial program executing "curl http://www.example.com" and run it from terminal, it works; if I call it from a browser, it does not work.
The same is true for any program using PHPMailer to send a mail.
SELinux is disabled, so it does not depends on the httpd_can_network_connect SELinux boolean.
Any idea?
I found a solution, but I did not really understood what the real reason was. By default, my CentOS+Plesk server has SELinux disabled: I changed it to "enabled" with SELINUX=permissive, then I changed two SELinux booleans:
setsebool -P httpd_can_network_connect on
setsebool -P httpd_can_sendmail on
Even if SELinux is in warning-only mode, settings those two booleans on made the trick.
Most likely, affected domains are using system PHP, which was updated recently. Correct me if I am wrong.
What would explain broken PHP functionality, because during the update of system PHP package, Apache restart is not triggered by Plesk.
Simply restart Apache in Tools & Settings > Service Management or by using systemctl restart httpd. If the issue still persist after that, try to switch to any of Plesk PHP versions.
So I created a new Cpanel using WHM I set the quota to 50MB and the bandwidth to 50MB as well. And I also uploaded the web files to public_html on cpanel successfully but when I load the website, an error that says This webpage is not available ERR_CONNECTION_TIMED_OUT appear.
Here's the status screenshot.
And here's the screenshot of the files I uploaded.
But still I get the error. Did I missed something?
Since it is connection timed out, definitely it is related to firewall. Do you have any firewall installed like CSF ? If so please try to check if your ISP IP (you can get ISP IP from http://whatismyip.com ) is blocked in the firewall.
Another possiblity is your server is having Selinux enabled. To disable that please try to
setenforce 0
Another possiblity is server is having some default iptables rules
iptables -L -n
If the above command is showing rules, then try to stop it
service iptables stop
Let me know how it goes
Everything was going alright, no edits have been done on the configurations, suddenly the httpd stopped running on start up, and another service made by me as well.
one information that the hard disk reached his full space so I had to delete some files.
the result of chkconfig --list is
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
If httpd fails to start up, you should be able to find an error message in the error-log (/var/log/httpd/error_log or wherever you have configured its errors to). Check what gets logged when you manually try to start the service ("service httpd start") and get back with more information if you don't understand what it is trying to tell you.
If hard disk was full that would be the first reason of apache service not starting. Did you try restarting httpd service after freeing up some sufficient disk space and please also check the httpd error logs in /var/log/httpd/error.log. I think the major problem would have been due to disk space got full.
Try to free up some log files also to free up some more space in /var/log directory.
In my case it was a problem in log configuration:
AH00015: Unable to open logs
(1)Operation not permitted: AH00091: httpd: could not open error log file /usr/teste.localhost-error.log.
I Changed my log path, created the file into my path setted and it worked after restarting.