This Season
Tailgating
Tech Know
New Year, New You
Tax Time
 

How to Allow Apache to connect to a remote database under SELinux

SELinux is a great tool that should be used on every publicly accessible web server, and on any corporate server where you have a need to secure the data.

SELinux secures services until you tell it that other services and connections are allowed. Its restrictive by nature and needs to be configured to your needs.

It is fairly common for companies to use a seperate server to house a database, or perhaps shared databases for clients seperate from web hosted machines.

If this sounds like you:
"I have problem getting the PHP/Apache on the linux server to work with the external Mysql database. Connection from PHP scripts to the remote database always fails. We made a small php script that simply tries to connect to the remote database. When running the php script in ssh on the web server it works just fine. But when running it under Apache we get a connection failure no matter what we do. "

Then we will address how to fix this :)

Related Searches:
    Difficulty:
    Easy

    Instructions

    Things You'll Need

    • SSH Access to your server
    • Root access
    Suggest Edits
      • 1

        First we need to verify that SELinux is enabled.

        Code:
        [root@www ~]# getenforce

        You should see something back that looks like
        Enforcing

      • 2

        If you see a different result, try:
        Code:
        [root@www ~]# setenforce 1

        If you get an error, then you do not have SELinux turned on. You will need to go to /etc/selinux/config and edit the file to enable SELinux.

        Once you turn this on (or turn it off for that matter) you will have to reboot the linux server for the chagnes to take effect as they are done during the kernel loading.

      • 3

        Once SELinux is enabled, do the following

        Set SELinux to allow remote connections for HTTP

        Code:
        setsebool -P httpd_can_network_connect=1

      • 4

        Thats it! Your all done. Some people like to reboot to force a reload, but its not necessary unless you want to.

    Tips & Warnings

    • There are other selinux restrictions which can affect the server in the future. You can get the full list with the command 'getsebool -a'

    • Not all distributions or "flavors" of linux use the same build. Some newer versions do not use this boolean and have this behavior set in RBACs instead.

    Suggest item

    Related Searches

    Read Next:

    Comments

    • AminTaheri Oct 14, 2008
      Glad I could help.
    • chrisman Oct 14, 2008
      Thank you so much! This solved my problem instantly!

    You May Also Like

    Follow eHow

    Related Ads

    Tech Know: Improve Your Digital Life With Tech Tipsthumbnail
    Slideshows
    More Photos
    15 Quick Ways to Save $1,000 on Utility Bills
     
    More Photos
    The World's Top 7 Billionaires
     
    More Photos
    New Year, New Career: Jobs in Growth Industries