Apache can’t connect to Unix domain socket

Question

I am trying to install a custom web application with Apache HTTPd as frontend web server. But why does Apache report it couldn't access the Unix socket where the application listens?

The web application is configured to listen here:

# ls -l /run/mt_plackup_master.sock
srwxrwxrwx. 1 apache apache 0 Jan 18 21:16 /run/mt_plackup_master.sock

I manually made chown apache:apache and chmod 777 to grant all possible permissions on the socket file.

The apache user is able to access the file:

# su apache -s /bin/sh -c "curl --unix-socket /run/mt_plackup_master.sock --head localhost"
HTTP/1.1 301 Moved Permanently
Location: some_sub_page/
Date: Tue, 18 Jan 2022 20:21:56 GMT
Connection: keep-alive

But Apache serves a HTTP 503 Service unavailable and writes to the error log:

[Tue Jan 18 21:16:32.738727 2022] [proxy:error] [pid 864514:tid 139775709259520] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /run/mt_plackup_master.sock (localhost) failed
[Tue Jan 18 21:16:32.738781 2022] [proxy_http:error] [pid 864514:tid 139775709259520] [client ::1:50532] AH01114: HTTP: failed to make connection to backend: httpd-UDS

This is with Apache 2.4.37 on Rocky Linux.

Update: as requested

# ls -Z /run/mt_plackup_master.sock 
system_u:object_r:var_run_t:s0 /run/mt_plackup_master.sock

Most probably selinux. Run `ls -Z` on the socket and share the output. — Gerald Schneider, Jan 18 '22 at 20:36
and what is the user that runs apache? usually for debian is www-data — djdomi, Jan 18 '22 at 20:59

score 0 · Answer 1 · answered Jan 18 '22 at 21:10

0

I tried

# chcon -t httpd_sys_rw_content_t /run/mt_plackup_master.sock

and it seems to work. Is that the right SELinux context for a web application socket? Any recommendations?

answered Jan 18 '22 at 21:10

Daniel Böhmer

259
1
11

Apache can’t connect to Unix domain socket

1 Answers1