Selinux_Apache

Sometimes we want Apache to listen on a port other than the default 80. To achieve this on a Fedora box, one needs to modify its configuration file /etc/httpd/conf/httpd.conf. Change the port number on the line 'Listen 80' to the number you like. If virtual hosts are used, change the related port number as well, eg. NameVirtualHost *:8000. However, when you restart Apache after configuration changes, you may encounter errors like the following, even if you are root:

Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:8000 (13)Permission denied: make_sock: could not bind to address 0.0.0.0:8000 no listening sockets available, shutting down Unable to open logs [FAILED]

This is due to the SELinux policy which prevents Apache from binding to the port you've selected. You can use this shell command to check whether SELinux is in enforcing mode or permissive mode:

cat /selinux/enforce

Output 1 indicates it's in enforcing mode and 0 permissive mode. To resolve this, you can do either of the following:

1) Switch SELinux to permissive mode You can do so with the following shell command:

echo 0 > /selinux/enforce

or

setenforce 0

However, this is not recommended due to security concerns.

2) Use a port that Apache can currently bind to Try the command:

semanage port -l | grep http

This would output something like the following:

http_cache_port_t        tcp 3128, 8080, 8118, 11211, 10001-10010 http_cache_port_t        udp 3130, 11211 http_port_t                   tcp 80, 443, 488, 8008, 8009, 8443 pegasus_http_port_t    tcp 5988 pegasus_https_port_t   tcp 5989

The list of http_port_t shows that Apache can bind to ports 80, 443, 488, 8008, 8009, 8443. So use a port in this list such as 8008.

3) Add a new port to the http_port_t list You can use the following shell command to add a new port you want to use, say 90

semanage port -a -t http_port_t -p tcp 90

After these changes, restart Apache:

service httpd restart

The previous error should be gone.

其它：

禁用SELINUX

编辑/etc/selinux/config   在 SELINUX=enforcing 前面加个#号注释掉它 #SELINUX=enforcing   然后新加一行 SELINUX=disabled   保存，退出，重启系统

参照：

http://www.appnovation.com/blog/change-apache-port-fedora

http://www.cit.cn/tech/other/linux/2012/0821/6952.html