1,358   Apache Linux RedHat Weblogic

1,安装weblogic
参考之前的文章:
install-weblogic

2,安装httpd

yum install httpd
httpd -version
Server version: Apache/2.2.3
Server built: Mar 4 2010 09:57:54

3,到weblogic安装目录需找so文件,大概位置/wlserver_10.3/server/plugin,找到对应的linux,对应httpd的版本,这里是/wlserver_10.3/server/plugin/linux/x86_64,mod_wl_22.so,复制到httpd/modules下面

4,httpd配置文件httpd.conf添加mod_wl_22.so

LoadModule weblogic_module modules/mod_wl_22.so

5,启动httpd

 

 

错误解决:

访问发现报一下错误

Failure of server APACHE bridge:
--------------------------------------------------------------------------------
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.

首先排除对端服务是否开启,telnet host:port,显示正常,然后查看httpd后台日志

[Sat May 23 17:50:48 2015] [error] [client 58.248.180.252] ap_proxy: trying GET /favicon.ico at backend host '10.123.100.231/8004; got exception 'CONNECTION_REFUSED [os error=13, line 1735 of ../nsapi/URL.cpp]: Error connecting to host 10.123.100.231:8004 errno = 13'
[Sat May 23 17:50:50 2015] [error] [client 58.248.180.252] ap_proxy: trying GET /favicon.ico at backend host '10.123.100.230/8002; got exception 'CONNECTION_REFUSED [os error=13, line 1735 of ../nsapi/URL.cpp]: Error connecting to host 10.123.100.230:8002 errno = 13'

CONNECTION_REFUSED 链接拒绝,一直百度,也一直被这个错误搞晕了,以为是对端拒绝造成的,方向搞错了,浪费了一整天,各种重装以及换服务器重装。
后来查看服务器系统日志,得到以下信息

May 23 17:50:46 wincenter setroubleshoot: SELinux is preventing the http daemon from connecting to network port 8003 For complete SELinux messages. run sealert -l 9925a900-a059-4ea7-916e-123b3a50daf4
May 23 17:50:48 wincenter setroubleshoot: SELinux is preventing the http daemon from connecting to network port 8004 For complete SELinux messages. run sealert -l 9925a900-a059-4ea7-916e-123b3a50daf4

即让我执行 sealert -l 9925a900-a059-4ea7-916e-123b3a50daf4

[root@VLR-123-189-133 conf.d]# sealert -l 9925a900-a059-4ea7-916e-123b3a50daf4

Summary:

SELinux is preventing the http daemon from connecting to network port 8004

Detailed Description:

SELinux has denied the http daemon from connecting to 8004. An httpd script is
trying to do a network connect to a remote port. If you did not setup httpd to
network connections, this could signal a intrusion attempt.

Allowing Access:

If you want httpd to connect to network ports you need to turn on the
httpd_can_network_network_connect boolean: "setsebool -P
httpd_can_network_connect=1"

The following command will allow this access:

setsebool -P httpd_can_network_connect=1

Additional Information:

Source Context root:system_r:httpd_t
Target Context system_u:object_r:port_t
Target Objects None [ tcp_socket ]
Source httpd
Source Path /usr/sbin/httpd
Port 8004
Host VLR-123-189-133
Source RPM Packages httpd-2.2.3-43.el5
Target RPM Packages
Policy RPM selinux-policy-2.4.6-279.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name httpd_can_network_connect
Host Name wincenter.localdomain
Platform Linux wincenter.localdomain 2.6.18-194.el5xen #1
SMP Tue Mar 16 22:01:26 EDT 2010 x86_64 x86_64
Alert Count 30
First Seen Fri May 22 19:35:14 2015
Last Seen Sat May 23 17:50:48 2015
Local ID 9925a900-a059-4ea7-916e-123b3a50daf4
Line Numbers

Raw Audit Messages

host=VLR-123-189-133 type=AVC msg=audit(1432374648.408:5831): avc: denied { name_connect } for pid=5456 comm="httpd" dest=8004 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

host=VLR-123-189-133 type=SYSCALL msg=audit(1432374648.408:5831): arch=c000003e syscall=42 success=no exit=-13 a0=f a1=7fffb716d4b0 a2=10 a3=7fffb716d48c items=0 ppid=5440 pid=5456 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=789 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)

其实最关键是这句啦

The following command will allow this access:

setsebool -P httpd_can_network_connect=1

执行setsebool -P httpd_can_network_connect=1

问题解决了,搞了两天时间啊,一直被这个问题困扰睡不着,今天周六本来不用上班,因为突然有想法就过来继续折腾,真实老天不负有心人啊




Leave a Reply

Your email address will not be published. Required fields are marked *