0

Platform: CentOS Linux release 7.5.1804

I have a freshly installed apache2 and I need to have it listening on a non-default port to fit the host's firewall policy.

I change the httpd.conf to have

Listen 7800

And when I start the service with

systemctl start httpd

get the error

Jun 20 09:58:46 ian-ui-esb2 httpd[4834]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:7800

I've check that port is not in use using lsof. What's more I've tried starting httpd by hand using

/usr/sbin/httpd

Note: I am doing this as root, so it may be unsurprising that I don't get a permissions error.

And it comes up just fine, and indeed is listening on 7800, I see the welcome page in the browser. I kill off the manually started httpd and the browser fails to connect - so I don't see any doubt that I am indeed running apache on 7800.

The service file is unmodified from the default installation. Has no special user information. I'm not sure what user systemctl would attempt to run httpd as. The processes don't stay up long enough to be sure.

Any idea what's going on?

bodgit
  • 4,751
  • 16
  • 27
djna
  • 315
  • 1
  • 3
  • 9
  • 1
    Possible duplicate of [nginx: no permission to bind port 8090 but it binds to 80 and 8080](https://serverfault.com/questions/566317/nginx-no-permission-to-bind-port-8090-but-it-binds-to-80-and-8080) – user9517 Jun 20 '19 at 15:22

1 Answers1

2

And the interesting answer is that you need to tell CentOS that the port shall be used for http!

semanage port -a -t http_port_t -p tcp 7800

was all that was needed.

djna
  • 315
  • 1
  • 3
  • 9
  • Good work with investigation. As default the selinux is operating in restrictive mode and the port is not usually used for the web ;-). – Kamil J Jun 20 '19 at 13:22