Problem
I have a web service which is published (by Camel y JBoss Fuse) in http://fuse-01:8888/conversor.The service clients, instead of accessing the service directly, they will use an Apache httpd server as proxy.
I configure the proxy in this way, in /etc/httpd/conf.d:
<VirtualHost *:80>
ServerName fuse-01
DocumentRoot /var/www/fuse-01
<Directory /var/www/fuse-01>
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
# Configuración conversor PDF
ProxyRequests Off
ProxyPreserveHost On
<Location /conversor>
ProxyPass http://localhost:8888/conversor
ProxyPassReverse http://localhost:8888/conversor
</Location>
ErrorLog logs/fuse-01-error_log
CustomLog logs/fuse-01-access_log common
</VirtualHost>
But when I try http://fuse-01/conversor?wsdl I get the following error in the browser:
Error 503By checking Apache logs files I see this in fuse-01-error_log:
Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
[Sun Feb 12 11:28:59 2017] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 192.168.56.103:8888 (fuse-01) failed [Sun Feb 12 11:28:59 2017] [error] ap_proxy_connect_backend disabling worker for (fuse-01)
Solution
Execute the following command:/usr/sbin/setsebool -P httpd_can_network_connect true
SELinux (Security-Enhanced Linux) is a security module for supporting access control security policies.
There are lots of boolean variables which control multiple security aspects of the system, and you can check then all by using:
getsebool -a
Statted from Redhat official doc:
httpd_can_network_connectWhen disabled, this Boolean prevents HTTP scripts and modules from initiating a connection to a network or remote port. Enable this Boolean to allow this access.
No hay comentarios:
Publicar un comentario