如何更改linux下的Apache端口號
一、修改/etc/httpd/conf/httpd.conf文件中的監聽端口號
Listen 80
把80修改成需要的號,如8000,即
Listen 8000
二、查看SELinux下http相關端口
檢查SELinux是否啟用 # sestatus -v |grep SELinux
SELinux status: enabled #表示啟用
檢查semanage是否安裝 # rpm -qa |grep policycoreutils-python
若未安裝,請先安裝工具包 # yum install policycoreutils-python
# semanage port -l|grep http
http_cache_port_t tcp 3128, 8080, 8118, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
發現8000不在其範圍之內,所以需要另外添加,方法如下:
# semanage port -a -t http_port_t -p tcp 8000
再次查看,
# semanage port -l|grep http
http_cache_port_t tcp 3128, 8080, 8118, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 8000, 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
三、在防火墻中開放新添加的端口
修改/etc/sysconfig/iptables文件,在文件中添加如一行:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8008 -j ACCEPT
四、重啟防火墻和Apache
# service iptables restart
# service httpd restart
五、正常情況下,應該可以通過新端口訪問WEB服務了。
註:
1、第二、三、四步驟是在系統已經開啟SELinux和防火墻的情況下設置的,如果已經關閉此兩個服務,修改端口後直接重啟Apache即可;
2、修改的端口號可以是執行#semanage port -l|grep http後,默認已經有的端口,如8443,這樣可以省略額外添加SELinux端口操作;
3、第三步操作可以圖形界面下完成。
參考資料
1、Permission denied: make_sock: could not bind to address
http://emmune.blogspot.com/2009/07/permission-denied-makesock-could-not.html
不熟悉python、plone、zope,想用apache。80端口已經不在,就征用81端口湊合吧。修改httpd.conf後apachectl start,結果:
(13)Permission denied: make_sock: could not bind to address [::]:81
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81
查一下SELinux下http相關端口 semanage port -l|grep http,結果:
http_cache_port_t tcp 3128, 8080, 8118, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
直接用man semanage最後例子中的一句
# Allow Apache to listen on port 81
semanage port -a -t http_port_t -p tcp 81
然後再apachectl start,OK。使用域名:81能夠訪問啦。
註:semanage
semanage is used to configure certain elements of SELinux policy without
requiring modification to or recompilation from policy sources. This
includes the mapping from Linux usernames to SELinux user identities
(which controls the initial security context assigned
to Linux users when they login and bounds their authorized role set) as
well as security context mappings for various kinds of objects, such as
network ports, interfaces, and nodes(hosts) as well as the file context
mapping. See the EXAMPLES section below
for some examples of common usage. Note that the semanage login command
deals with the mapping from Linux usernames (logins) to SELinux user
identities, while the semanage user command deals with the mapping from
SELinux user identities to authorized role
sets. In most cases, only the former mapping needs to be adjusted by
the administrator; the latter is principally defined by the base policy
and usually does not require modification.
2、linux 下apche無法監聽端口解決辦法
http://www.zzxj.net/blog/fxs_2008/archive/2010/07/05/187.html
想建立一個測試用的虛擬主機,遇到了這個問題:
[root@localhost html]# service httpd start
Starting httpd: httpd: Could not reliably determine the server‘s fully
qualified domain name, using localhost.termwikidev for ServerName
(13)Permission denied: make_sock: could not bind to address [::]:81
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81
no listening sockets available, shutting down
Unable to open logs
解決辦法:
semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 81
這個兩個命令一是查看,一個是添加,添加完再查看一遍,如果有81,則成功。另可能要以root用戶運行。
此外,如果要外網訪問,還要打開linux的防火墻:
[root@localhost html]# vim /etc/sysconfig/iptables
[root@localhost html]# service iptables restart
重啟apache.
相關資料:
starting httpd 13 permission denied make_sock could not bind to
address2010年01月19日 星期二 11:33In Fedora Core 5/6 and RHEL 5. We have made
it easier to customize certain common parts of SELinux. In previous
releases of SELinux if you wanted to change simple things
like which port a daemon could listen to, you would need to write
policy. Now we have the semanage utility.
SELinux assigns types to all network ports on a system. By default all
ports are less then 1024 are labeled reserved_port_t and all ports >
1024 are labeled port_t. If a port is assigned to a particular type
say the http port 80, it has an assigned type of http_port_t. If you
want to look at all the assigned ports in SELinux, you can use the
semanage tool, semanage port -l.
So if you executed
semanage port -l | grep http
http_cache_port_t tcp 3128, 8080, 8118
http_cache_port_t udp 3130
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
Here we see http_port_t is assigned to ports 80, 443, 488, 8008, 8009, 8443
The policy is written to allow httpd_t http_port_t:tcp_socket name_bind;
This means the apache command can "bind" to an port that is labeled http_port_t.
So lets say you want to run httpd on port 81.
So you edit /etc/httpd/http.conf
and change this line
Listen 80
to
Listen 81
Now restart the daemon.
service httpd restart
Stopping httpd: [ OK ]
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:81
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81
no listening sockets available, shutting down
Unable to open logs
[FAILED]
Now the daemon fails to start because it can not bind to port 81.
This generates an AVC that looks like
----
time->Tue Dec 12 17:37:49 2006
type=SYSCALL msg=audit(1165963069.248:852): arch=40000003 syscall=102
success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 a3=9e58b68 items=0
ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts10 comm="httpd" exe="/usr/sbin/httpd"
subj=user_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1165963069.248:852): avc: denied { name_bind } for
pid=21134 comm="httpd" src=81 scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket
To fix this you can use semanage to add the port
semanage port -a -t http_port_t -p tcp 81
service httpd start
Starting httpd: [ OK ]
如何更改linux下的Apache端口號