1,安装weblogic
参考之前的文章:
install-weblogic
2,安装httpd
yum install httpd httpd -version Server version: Apache/2.2.3 Server built: Mar 4 2010 09:57:54
3,到weblogic安装目录需找so文件,大概位置/wlserver_10.3/server/plugin,找到对应的linux,对应httpd的版本,这里是/wlserver_10.3/server/plugin/linux/x86_64,mod_wl_22.so,复制到httpd/modules下面
4,httpd配置文件httpd.conf添加mod_wl_22.so
LoadModule weblogic_module modules/mod_wl_22.so
5,启动httpd
错误解决:
访问发现报一下错误
Failure of server APACHE bridge: -------------------------------------------------------------------------------- No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.
首先排除对端服务是否开启,telnet host:port,显示正常,然后查看httpd后台日志
[Sat May 23 17:50:48 2015] [error] [client 58.248.180.252] ap_proxy: trying GET /favicon.ico at backend host '10.123.100.231/8004; got exception 'CONNECTION_REFUSED [os error=13, line 1735 of ../nsapi/URL.cpp]: Error connecting to host 10.123.100.231:8004 errno = 13' [Sat May 23 17:50:50 2015] [error] [client 58.248.180.252] ap_proxy: trying GET /favicon.ico at backend host '10.123.100.230/8002; got exception 'CONNECTION_REFUSED [os error=13, line 1735 of ../nsapi/URL.cpp]: Error connecting to host 10.123.100.230:8002 errno = 13'
CONNECTION_REFUSED 链接拒绝,一直百度,也一直被这个错误搞晕了,以为是对端拒绝造成的,方向搞错了,浪费了一整天,各种重装以及换服务器重装。
后来查看服务器系统日志,得到以下信息
May 23 17:50:46 wincenter setroubleshoot: SELinux is preventing the http daemon from connecting to network port 8003 For complete SELinux messages. run sealert -l 9925a900-a059-4ea7-916e-123b3a50daf4 May 23 17:50:48 wincenter setroubleshoot: SELinux is preventing the http daemon from connecting to network port 8004 For complete SELinux messages. run sealert -l 9925a900-a059-4ea7-916e-123b3a50daf4
即让我执行 sealert -l 9925a900-a059-4ea7-916e-123b3a50daf4
[root@VLR-123-189-133 conf.d]# sealert -l 9925a900-a059-4ea7-916e-123b3a50daf4 Summary: SELinux is preventing the http daemon from connecting to network port 8004 Detailed Description: SELinux has denied the http daemon from connecting to 8004. An httpd script is trying to do a network connect to a remote port. If you did not setup httpd to network connections, this could signal a intrusion attempt. Allowing Access: If you want httpd to connect to network ports you need to turn on the httpd_can_network_network_connect boolean: "setsebool -P httpd_can_network_connect=1" The following command will allow this access: setsebool -P httpd_can_network_connect=1 Additional Information: Source Context root:system_r:httpd_t Target Context system_u:object_r:port_t Target Objects None [ tcp_socket ] Source httpd Source Path /usr/sbin/httpd Port 8004 Host VLR-123-189-133 Source RPM Packages httpd-2.2.3-43.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-279.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name httpd_can_network_connect Host Name wincenter.localdomain Platform Linux wincenter.localdomain 2.6.18-194.el5xen #1 SMP Tue Mar 16 22:01:26 EDT 2010 x86_64 x86_64 Alert Count 30 First Seen Fri May 22 19:35:14 2015 Last Seen Sat May 23 17:50:48 2015 Local ID 9925a900-a059-4ea7-916e-123b3a50daf4 Line Numbers Raw Audit Messages host=VLR-123-189-133 type=AVC msg=audit(1432374648.408:5831): avc: denied { name_connect } for pid=5456 comm="httpd" dest=8004 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket host=VLR-123-189-133 type=SYSCALL msg=audit(1432374648.408:5831): arch=c000003e syscall=42 success=no exit=-13 a0=f a1=7fffb716d4b0 a2=10 a3=7fffb716d48c items=0 ppid=5440 pid=5456 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=789 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
其实最关键是这句啦
The following command will allow this access: setsebool -P httpd_can_network_connect=1
执行setsebool -P httpd_can_network_connect=1
问题解决了,搞了两天时间啊,一直被这个问题困扰睡不着,今天周六本来不用上班,因为突然有想法就过来继续折腾,真实老天不负有心人啊
Leave a Reply