18

I have Apache 2.2.15 running on port 80 and want to proxy a servlet engine on localhost port 8983. I have the setup running on another server, but have moved to a CentOS 6 machine. It's not working on the new machine. My virtual host config:

ProxyRequests Off

<Proxy *>
   Order deny,allow
   Allow from all
</Proxy>

ProxyPass / http://localhost:8983/
ProxyPassReverse / http://localhost:8983/

I can access port 8983 if I use a browser and go directly to it (and don't go through the Apache proxy), but can't connect to it if I go to/through the Apache server.

I can change what's being proxied to something like http://slashdot.org and Slashdot gets successfully proxied (so I know it's able to proxy in general).

I turned debug logging on in Apache and this is the transaction:

[Sun Apr 22 16:47:04 2012] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //localhost:8983/
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(1506): [client 184.39.79.7] proxy: http: found worker http://localhost:8983/ for http://localhost:8983/
[Sun Apr 22 16:47:04 2012] [debug] mod_proxy.c(998): Running scheme http handler (attempt 0)
[Sun Apr 22 16:47:04 2012] [debug] mod_proxy_http.c(1962): proxy: HTTP: serving URL http://localhost:8983/
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(2011): proxy: HTTP: has acquired connection for (localhost)
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(2067): proxy: connecting http://localhost:8983/ to localhost:8983
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(2193): proxy: connected / to localhost:8983
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(2444): proxy: HTTP: fam 10 socket created to connect to localhost
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(2455): (13)Permission denied: proxy: HTTP: attempt to connect to [::1]:8983 (localhost) failed
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(2444): proxy: HTTP: fam 2 socket created to connect to localhost
[Sun Apr 22 16:47:04 2012] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8983 (localhost) failed
[Sun Apr 22 16:47:04 2012] [error] ap_proxy_connect_backend disabling worker for (localhost)
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(2029): proxy: HTTP: has released connection for (localhost)
[Sun Apr 22 16:47:04 2012] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //localhost:8983/favicon.ico
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(1506): [client 184.39.79.7] proxy: http: found worker http://localhost:8983/ for http://localhost:8983/favicon.ico
[Sun Apr 22 16:47:04 2012] [debug] mod_proxy.c(998): Running scheme http handler (attempt 0)
[Sun Apr 22 16:47:04 2012] [debug] mod_proxy_http.c(1962): proxy: HTTP: serving URL http://localhost:8983/favicon.ico
[Sun Apr 22 16:47:04 2012] [debug] proxy_util.c(1949): proxy: HTTP: retrying the worker for (localhost)
[Sun Apr 22 16:47:04 2012] [error] proxy: HTTP: disabled connection for (localhost)

I don't know what fam 10 or fam 2 sockets are. Anyone have any ideas about why it's not proxying to my alternate port?

Thanks!

CSchulz
  • 233
  • 3
  • 20
ksclarke
  • 403
  • 1
  • 3
  • 10

3 Answers3

12

I solved my issue :

If I do: sestatus -b | grep httpd

I can see httpd_can_network_connect is off

The solution is to type: togglesebool httpd_can_network_connect

Rémi Becheras
  • 91
  • 1
  • 13
ksclarke
  • 403
  • 1
  • 3
  • 10
  • 4
    Not sure where `togglesebool` comes from (not on my CentOS7-minimal) and the web suggests that even if you do have `togglesebool` __Only the "in memory" values are changed"__. But `setsebool -P httpd_can_network_connect=1` worked for me; -P to make it survive a reboot. Thanks for the hint! – jwd630 Aug 05 '15 at 14:30
11

Here is the solution for your problem:

To turn on this boolean you simple have to use this line (root permissions)

setsebool -P httpd_can_network_connect on

or

sudo setsebool -P httpd_can_network_connect on

Hope that helps. Reference see here: https://wiki.centos.org/TipsAndTricks/SelinuxBooleans

techraf
  • 4,163
  • 8
  • 27
  • 44
Mchoeti
  • 226
  • 3
  • 5
1

Make sure that port 8080 is listening by running the following command

netstat -tlpn

If not, than restart the jenkins server

sudo /etc/init.d/jenkins start

It should work now. Hope it helps

Ajeet Khan
  • 163
  • 1
  • 8