I'm testing a centos 6.9 SO in a VPS and I install apache and then, when I try to access to port 80, I can't access. I review the firewall and see this:
# Generated by iptables-save v1.4.7 on Sat Sep 30 01:33:06 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:1972]
After doing some tests, I detect that the problem is [7:1972]
Somebody know what it is?
Doubt with iptables
Re: Doubt with iptables
Your diagnosis is wrong: those numbers are packet and byte counters. Otherwise you have no firewall at all and everything is wide open.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 107
- Joined: 2016/05/23 11:57:12
Re: Doubt with iptables
Is Apache even listening on port 80?gbernabe wrote:I'm testing a centos 6.9 SO in a VPS and I install apache and then, when I try to access to port 80, I can't access. I review the firewall and see this:
# Generated by iptables-save v1.4.7 on Sat Sep 30 01:33:06 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:1972]
After doing some tests, I detect that the problem is [7:1972]
Somebody know what it is?
Install nmap and run it on the VM'ed server and see what ports are active. Look for port 80.
Did you specify which port to listen too and the interface in the apache config file?
Post your output of nmap and also take a look at your config file for apache.
Ryzen x1800 * Asus x370 Pro * CentOS 7.4 64bit / Icewarp /
Re: Doubt with iptables
No need to install nmap.
will show what ports httpd is listening on.
Code: Select all
netstat -avpn | grep httpd
-
- Posts: 8
- Joined: 2017/10/02 06:16:50
Re: Doubt with iptables
Personally i think running a website out of the root user in my opinion is bad practice it is always better to have apache serve websites on a per user directory basis
Enable the userdir module and set the directory from public_html to www or whatever you want to call it
Then
Enable the userdir module and set the directory from public_html to www or whatever you want to call it
Then
chmod 711 /home/*
chgrp apache /home/*/www
chmod 750 /home/*/www
chmod g+s /home/*/www
This will set it to where if you have another user account on the server it will serve from the specified Virtual Hosts web directory and you can even set it to serve the main web directory from a different account by setting the main ip in the Virtual host. personally i think this is more secure then serving it straight from the root directory any files uploaded to the web directory will automatically be assigned to apache so it can be served so basically just upload and go
Then you have to allow The port for the website using
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
service iptables save
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
is what i have mine set too
-
- Posts: 8
- Joined: 2017/10/02 06:16:50
Re: Doubt with iptables
As for the Virtual host that bit is easy
cd /etc/httpd/conf/
nano httpd.conf
go to the bottom where it says Virtual host
and replace "user" with the user account you wish to serve the website from
and ServerAdmin would be Webmaster@yourdomain.com Or whatever you want the email to be
Then save and restart httpd
Remember to comment out userdir disabled and change it from public_html to whatever you want to serve it from
not saying this is how you should do it just giving you some helpful advice and this would make it much easier in the long run if you wanted to manage more than one website at a time if your server has more than 1 ip and you have more than one user account on the server.
cd /etc/httpd/conf/
nano httpd.conf
go to the bottom where it says Virtual host
Replace 0.0.0.0 witht eh main ip of the server<VirtualHost 0.0.0.0:80>
ServerAdmin Webmaster email address
DocumentRoot /home/user/www
ServerName domain.serving.from
ErrorLog /home/user/www/logs/error.log
CustomLog /home/user/www/logs/access.log common
</VirtualHost>
and replace "user" with the user account you wish to serve the website from
and ServerAdmin would be Webmaster@yourdomain.com Or whatever you want the email to be
Then save and restart httpd
Remember to comment out userdir disabled and change it from public_html to whatever you want to serve it from
not saying this is how you should do it just giving you some helpful advice and this would make it much easier in the long run if you wanted to manage more than one website at a time if your server has more than 1 ip and you have more than one user account on the server.