Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home cloud, edge and everything in between administration and orchestration Troubleshooting PHP 7 and NGINX when using TCP sockets with SELinux on Fedora/RHEL/CentOS
Troubleshooting PHP 7 and NGINX when using TCP sockets with SELinux on Fedora/RHEL/CentOS

Anna E Kobylinska 2016-01-08 87 Comments

Troubleshooting PHP 7 and NGINX when using TCP sockets with SELinux on Fedora/RHEL/CentOS

If you are having trouble getting your web server to work or starting services on the system, SELinux could be at fault.

Diagnose problems caused by SELinux

Two major factors can contribute to a service not functioning properly:

  • inappropriate SELinux security labels on files and directories,
  • inappropriate SELinux rules applied to Unix system resources such as TCP sockets.

Get status of the malfunctioning service

First you need to get the status output for the malfunctioning service (or look up the logs). For example, for PHP 7 that delivers a 404 error in NGINX:

# systemctl status -l php70-php-fpm.service
● php70-php-fpm.service - The PHP FastCGI Process Manager
 Loaded: loaded (/usr/lib/systemd/system/php70-php-fpm.service; enabled; vendor preset: disabled)
 Active: failed (Result: exit-code) since Fri 2018-01-08 12:03:16 UTC; 5min ago
 Process: 13468 ExecStart=/opt/remi/php70/root/usr/sbin/php-fpm --nodaemonize (code=exited, status=78)
 Main PID: 13468 (code=exited, status=78)
Jan 08 12:03:18 ip-16-0-0-40 systemd[1]: Starting The PHP FastCGI Process Manager...
Jan 08 12:03:18 ip-16-0-0-40 php-fpm[13468]: [08-Jan-2018 12:03:16] ERROR: unable to bind listening socket for address '127.0.0.1:9002': Permission denied (13)
Jan 08 12:03:18 ip-16-0-0-40 php-fpm[13468]: [08-Jan-2018 12:03:16] ERROR: FPM initialization failed
Jan 08 12:03:18 ip-16-0-0-40 systemd[1]: php70-php-fpm.service: main process exited, code=exited, status=78/n/a
Jan 08 12:03:18 ip-16-0-0-40 systemd[1]: Failed to start The PHP FastCGI Process Manager.
Jan 08 12:03:18 ip-16-0-0-40 systemd[1]: Unit php70-php-fpm.service entered failed state.
Jan 08 12:03:18 ip-16-0-0-40 systemd[1]: php70-php-fpm.service failed.

The system in the above example is unable to bind the TCP listening socket, as evidenced by this line:

ERROR: unable to bind listening socket for address '127.0.0.1:9002': Permission denied (13)

Correct SELinux security labels on the file system

Navigate to the directory containing the configuration files:

cd /etc/opt/remi/php70/php-fpm.d

View SELinux labels:

# ls -laZ
drwxr-xr-x. root root system_u:object_r:etc_t:s0 .
drwxr-xr-x. root root system_u:object_r:etc_t:s0 ..
-rw-r--r--. root root system_u:object_r:etc_t:s0 www.conf
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0 www.website1.tld.conf

Fix the label on the configuration files of php-fpm pools:

chcon -R system_u:object_r:etc_t:s0 www.website1.tld.conf

Troubleshooting access to TCP sockets: build an SELinux module to use TCP sockets

To figure out the changes that are required for SELinux to permit legitimate activities of a service (such as php-fpm or nginx), switch SELinux to permissive mode and build the module it needs using audit2allow, a utility that can generate SELinux allow/dontaudit rules from logs of denied operations (it is contained in policycoreutils-devel). Here’s how to do it.

Step 1. Switch SELinux to permissive

Verify if SELinux is enforcing rules using:

# getenforce

If it is set to enforcing, switch SELinux to the permissive mode using the command:

# setenforce 0

In this mode of operation, SELinux won’t be enforcing its rules, but it will log information about activities it would have prevented if it had been enforcing existing rules.

Step 2. Start the service that failed to load in the SELinux enforcing mode

If the service wasn’t able to run at all because of SELinux, start it:

# service php70-php-fpm restart
 Redirecting to /bin/systemctl restart php70-php-fpm.service

Next, try to trigger the error you saw before. For example, visit the site in a web browser.

Step 3. Inspect log output of SELinux generated for the service in permissive mode

Check the audit log:

tail /var/log/audit/audit.log | more

You may find messages like this one that reports that php-fpm was denied access to a TCP socket:

type=AVC msg=audit(1529375627.092:172): avc: denied { name_bind } for pid=1822 comm="php-fpm" src=9009 scontext=system_u:system_r:httpd_t: s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1

Based on the output of tail, you know what to look for when building your SELinux module.

Step 4. Pipe relevant messages to audit2allow

Pipe the relevant output of the SELinux audit.log for the service in question to a temporary file for further inspection:

grep php-fpm /var/log/audit/audit.log | audit2allow -M phpfpm > phpfpmlocal.tmp

Inspect the file you created (phpfpmlocal.tmp):

# cat phpfpmlocal.tmp

module phpfpm 1.0;

require {
 type tor_port_t;
 type unreserved_port_t;
 type hugetlbfs_t;
 type httpd_t;
 type httpd_sys_content_t;
 class process execmem;
 class tcp_socket name_bind;
 class dir write;
 class file { write append };
}

#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:dir write;

#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:file append;
allow httpd_t hugetlbfs_t:file write;

#!!!! This avc can be allowed using the boolean 'httpd_execmem'
allow httpd_t self:process execmem;
allow httpd_t tor_port_t:tcp_socket name_bind;

#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow httpd_t unreserved_port_t:tcp_socket name_bind;

Make any edits to the require directive above that seem necessary.

You have two options at this point. You can either build and activate a SELinux module (Step 5, option 2) or enable the corresponding booleans (Step 5 option 1).

Step 5, option 1. Set SELinux booleans

To set the corresponding boolean (following the directions from Step 4), for example:

semanage boolean -m --on nis_enabled

Here, nis_enabled is the boolean that was supplied in the output of audit2allow in Step 4 above. The change persists across reboots.

Step 5, option 2. Build and enable the SELinux module

Re-run audit2allow to build the module:

grep php-fpm /var/log/audit/audit.log | audit2allow -M phpfpmlocal
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i phpfpmlocal.pp

(If there is no policy to be activated based on the audit log snippets you supplied in Step 4., audit2allow will fail to create the module and then the command semodule will also fail.)

Activate the module:

semodule -i phpfpmlocal.pp

(Now you may remove the three phpfpmlocal.* files that were created as the system no longer needs them.)

Step 6. Reactivate SELinux enforcing mode and restart the service

Set enforce back on:

setenforce 1

Verify that SELinux is enforcing:

# getenforce
 Enforcing

Restart the service for which you fixed the rules:

systemctl restart nginx php-fpm

Verify that everything is working as it should for the service:

systemctl status -l php-fpm.service

You have granted php-fpm access to a TCP socket so it happily starts without complaints. However, NGINX may still keep giving you 404 errors for lack of access to the TCP socket.

A TCP socket allows two (or more) services to communicate with one another. For this communication to work, both services need unhindered access to the socket. As a result, you need to repeat the above procedure for NGINX.

Create a custom SELinux module for NGINX to use a TCP socket

Repeat the steps required for SELinux to grant NGINX access tot he TCP socket that PHP-FPM is listening on.

Step 1. Pipe audit.log messages referring to NGINX to audit2allow

Use the audit2allow utility to view relevant messages in the logs:

grep nginx /var/log/audit/audit.log | audit2allow

showing for example this output:

#============= httpd_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# nis_enabled, httpd_can_network_connect
allow httpd_t unreserved_port_t:tcp_socket name_connect;

Pipe relevant SELinux AVC messages to audit2allow to create the SELinux module:

grep nginx /var/log/audit/audit.log | audit2allow -m nginx

The output may look like this:

module nginx 1.0;

require {
 type httpd_t;
 type unreserved_port_t;
 class tcp_socket name_connect;
}

#============= httpd_t ==============

#!!!! This avc can be allowed using one of the these booleans:
# nis_enabled, httpd_can_network_connect
allow httpd_t unreserved_port_t:tcp_socket name_connect;

Generate a local nginx Type Enforcement policy file (nginx.tmp):

grep nginx /var/log/audit/audit.log | audit2allow -m nginx > nginx.tmp
cat nginx.tmp

Use audit2allow to create a custom policy module which allows NGINX access to the TCP socket:

grep nginx /var/log/audit/audit.log | audit2allow -M nginx

To load the policy package into the kernel, execute:

semodule -i nginx.pp

Wrap it up by switching SELinux back to its enforcing mode:

setenforce 1

Restart nginx.

Verify that SELinux is enforcing rules:

# getenforce
 Enforcing

List loaded modules

semodule -l

Congratulations, you are done.


Filed Under: administration and orchestration, cloud, edge and everything in between, cybersecurity and cyber warfare, web servers in the cloud Tagged With: PHP 7, php-fpm, SELinux, TCP socket

Comments

  1. Sokkia Power Level SDL50 says

    2019-04-28 at 3:39 am

    Hello there! I know this is kinda off topic but I was wondering if
    you knew where I could get a captcha plugin for my comment form?
    I’m using the same blog platform as yours and I’m having problems finding one?
    Thanks a lot!

    Reply
    • Cloud Insidr says

      2019-04-28 at 6:09 am

      Hi Juanita Scarberry:

      > I know this is kinda off topic but I was wondering if
      > you knew where I could get a captcha plugin for my comment form?

      Yes, of course!

      1. Really Simple CAPTCHA:
      https://wordpress.org/plugins/really-simple-captcha/

      2. Contact Form 7 Honeypot
      https://wordpress.org/plugins/contact-form-7-honeypot/

      3. Google Captcha (reCAPTCHA) by BestWebSoft
      https://wordpress.org/plugins/google-captcha/

      I hope this helps!

      P.S.: By the way, you should look at this:

      https://securityheaders.com/?q=http%3A%2F%2Flaserslevels.net%2Fdata%2520sheet%2FSokkia-Power-Level-SDL50-Edited-1.pdf&followRedirects=on

      You should urgently fix your website. Here is how to do it:

      Fixing your Web Server’s Security Headers: From Hall of Shame to Hall of Fame
      https://www.cloudinsidr.com/content/fixing-your-web-servers-security-headers-from-hall-of-shame-to-hall-of-fame/

      With kind regards,

      Admin of CloudInsidr

      Reply
  2. Freddie Morrison says

    2019-04-27 at 4:14 pm

    If someone wishes expert views about running a blog, then I would recommend him/her to visit
    this CloudInsidr https://www.cloudinsidr.com
    Keep up the good work.

    Reply
  3. هتل دبی نوروز says

    2019-04-21 at 11:47 pm

    I believe what you typed was very logical.
    However, what about this? what if you typed a catchier title?
    I mean, I don’t wish to tell you how to run your website, however suppose you added a title to possibly
    get folk’s attention? I mean Troubleshooting PHP 7 and NGINX when using TCP sockets with SELinux on Fedora/RHEL/CentOS – Cloud
    Insidr is a little plain. You could peek at Yahoo’s front page and see how they create post titles to grab people to click.
    You might add a related video or a related picture or two to get
    people excited about what you’ve written. Just my opinion, it could make your posts a
    little bit more interesting.

    Reply
  4. Adriene Cosby says

    2019-04-17 at 10:37 am

    What’s up everybody, I pay my first pay quick visit to this blog.
    This web site carries remarkable content and in fact good information designed for readers.

    Reply
  5. RP 460 says

    2019-04-15 at 5:44 am

    Yeah, I liked the article so much that I had write a nice comment here. Keep it up! :-)

    Reply
  6. Fluke Networks MicroScanner Pro Spec Sheet says

    2019-04-14 at 8:18 pm

    This info is invaluable. How can I find out
    more?

    Reply
  7. Datacom Textron LANcat SYSTEM6 says

    2019-04-14 at 12:13 pm

    This post is really a nice one it helps new web viewers,
    who are wishing in favor of blogging.

    Reply
  8. Used Fluke FOM says

    2019-04-14 at 11:53 am

    I got this site from my pal who told me on the topic of this web page and now this
    time I am browsing this web site and reading very informative content here.

    Reply
  9. do i tip furniture movers says

    2019-04-14 at 6:31 am

    Heya i am for the first time here. I came across this board and I find It truly useful & it
    helped me out a lot. I hope to give something back and help others like you helped me.

    Reply
  10. Nereida says

    2019-04-14 at 3:00 am

    whoah this blog is fantastic i really like studying your
    posts. Stay up the great work! You already know, lots of persons are searching around for
    this info, you could help them greatly.

    Reply
  11. http://tinyurl.com/ says

    2019-04-13 at 1:25 pm

    Wonderful blog! I found it while browsing on Yahoo News.
    Do you have any tips on how to get listed in Yahoo News?

    I’ve been trying for a while but I never seem to get
    there! Many thanks

    Reply
    • Cloud Insidr says

      2019-04-13 at 7:59 pm

      Sure, it’s here!

      Yahoo News Submission Guidelines:
      https://help.yahoo.com/kb/account

      Reply
  12. Alycia Fihelly says

    2016-09-12 at 12:33 am

    Great blog here! Also your web site loads up very fast!
    What web host are you using? Can I get your affiliate link to your host?
    I wish my website loaded up as fast as yours lol

    Reply
    • Cloud Insidr says

      2016-09-13 at 5:48 am

      Thanks, we are hosting on our AWS infrastructure. There is no affiliate link, but you can register at aws-portal.amazon.com for a free account to test-drive AWS services for a year free of charge. You only pay if you use services that are not included in the free tier, so I’d be extra careful. So long as you keep an eye on your usage, you can test-drive AWS hosting for free for an entire year. It’s a pretty fair deal.
      Good luck.

      Reply
  13. Jesse Ernst says

    2016-08-30 at 1:38 pm

    It’s hard to find well-informed people for this subject, however, you seem like you know
    what you’re talking about! Thanks

    Reply
  14. Laurinda Mannix says

    2016-08-29 at 10:16 am

    I am curious to find out what blog system you’re utilizing?
    I’m experiencing some minor security issues with my latest website and I’d like to find something more risk-free.
    Do you have any suggestions?

    Reply
    • Cloud Insidr says

      2016-09-13 at 5:53 am

      Where are you hosted and what platform are you using? Is your software up to date?

      Reply
  15. Martin McCourt says

    2016-08-26 at 4:12 am

    Hello there, I found your web site by the use of Google at the same time as looking
    for a similar subject, your web site came up, it appears to
    be like great. I’ve bookmarked it in my google bookmarks.

    Hi there, just became aware of your blog thru Google, and located that it’s truly informative.
    I’ll appreciate in the event you continue this in the future.

    Numerous other people will probably benefit from your writing.
    Cheers!

    Reply
  16. Lyda Washington says

    2016-08-24 at 11:23 am

    I have to thank you for the efforts you have put in penning this
    website. I really hope to see the same high-grade content by you later on as well.
    In fact, your creative writing abilities has inspired
    me to get my own, personal site now ;)

    Reply
  17. Isabelle Webber says

    2016-08-22 at 5:29 pm

    This is a topic that is near to my heart… Many thanks!
    Where are your contact details though?

    Reply
    • Cloud Insidr says

      2016-08-23 at 1:28 pm

      At the bottom is a “Send us a message” form!

      Hope it helps! :-)

      Reply
  18. Hermine Seevers says

    2016-08-22 at 2:43 pm

    Hiya! Quick question that’s completely off topic.
    Do you know how to make my own website mobile friendly? My blog looks weird when viewing from my iphone 4.

    I’m trying to find a template or plugin that might
    be able to fix this problem. If you have any suggestions, please share.

    Thanks!

    Reply
    • Cloud Insidr says

      2016-08-23 at 1:26 pm

      Hi,

      It’s a Genesis framework:

      http://my.studiopress.com/themes/genesis/

      with a Streamline Pro Theme:

      http://my.studiopress.com/themes/streamline/

      Hope it helps! :-)

      Reply
    • Cloud Insidr says

      2016-09-13 at 6:59 am

      You are currently using Drupal and your theme is responsive, so it will adjust to the viewport of a mobile device. The best you can do is test your page load times and optimize for speed. Drupal takes care of the rest.

      Reply
  19. Jim says

    2016-08-17 at 1:46 am

    I have been browsing on-line more than three hours these days, but I never discovered any interesting article like
    yours. It is an amazing article!
    In my opinion, if all webmasters and bloggers made excellent content as you did, the internet wouldl be much more helpful than ever before. http://yahoo.co.uk

    Reply
  20. Akilah Bethune says

    2016-08-07 at 12:45 pm

    Have yoᥙ evеr thߋught aЬout adding а
    littⅼe bit moгᥱ thаn just үоur articles? Ӏ mеɑn, ᴡhat
    yⲟu say iѕ fundamental аnd all. Bսt jսst imagine if үou added
    ѕome great visuals օr video clips to ǥive үour posts mогe,
    “pop”! Yоur content is excellent bսt ᴡith images and clips, thіs
    site couⅼd undeniably be one of the very Ьest
    in its niche. Fantastic blog!

    Reply
  21. Gertrude Duffield says

    2016-08-03 at 12:22 am

    Greetings! Very helpful advice in this particular post!

    It is the little changes that make the largest changes.
    Many thanks for sharing!

    Reply
  22. Kim Heberling says

    2016-07-27 at 10:50 pm

    I am actually grateful to the holder of this site who has shared this wonderful post at at this time.

    Reply
  23. Walter T. Bury says

    2016-07-27 at 4:39 pm

    We are a group of volunteers and starting a new scheme in our community.
    Your web site provided us with valuable info to work on.
    You have done an impressive job and our whole community will
    be grateful to you.

    Reply
  24. Jacquelyn Pell says

    2016-07-26 at 9:20 am

    You ought to be a part of a contest for one of the most useful blogs on the
    net. I will highly recommend this blog!

    Reply
  25. Willie M. Bergin says

    2016-07-23 at 4:52 pm

    Hey I am so delighted I found your website, I really found you by mistake, while I was
    searching on Google for something else, Anyways I am here now and would just like to say thanks a lot for a
    remarkable post and a all round exciting blog (I also love the theme/design), I don’t have time to browse it all at
    the moment but I have bookmarked it and also added in your RSS feeds, so when I have time I will be back to read
    a great deal more, Please do keep up the awesome work.

    Reply
  26. Gonzalo Tolbert says

    2016-07-23 at 2:53 pm

    Heya i am for the first time here. I came across this blog and I
    to find it really helpful, it helped me out much.

    I hope to provide one thing again and help others like you aided me.

    Reply
  27. Ruben Pannell says

    2016-07-12 at 11:54 pm

    Hey would you mind letting me know which hosting company you’re working with?

    I’ve loaded your blog in 3 completely different web browsers
    and I must say this blog loads a lot faster then most.
    Can you suggest a good internet hosting provider at a fair price?
    Cheers, I appreciate it! http://www.yahoo.net

    Reply
    • Cloud Insidr says

      2016-07-16 at 3:25 pm

      It runs on AWS (Amazon Web Services) with PHP 7, NGINX, MariaDB etc. :-)

      Reply
  28. Reyes Groth says

    2016-07-06 at 8:45 pm

    Your style is really unique compared to other folks I’ve read stuff from.

    Thanks for posting when you have the opportunity, Guess I will just
    book mark this page.

    Reply
  29. Alissa Wickman says

    2016-07-04 at 4:47 pm

    Hey there! Do you use Twitter? I’d like to follow you if that would be okay.
    I’m undoubtedly enjoying your blog and look forward to new posts.

    Reply
  30. Carroll Puig says

    2016-07-03 at 8:56 am

    Great article! We will be linking to this particularly great article on our site.
    Keep up the great writing.

    Reply
  31. Rosalina Herrington says

    2016-07-03 at 8:28 am

    Just want to say your article is as surprising. The clearness in your post is just excellent and i
    could assume you’re an expert on this subject. Well with your
    permission let me to grab your RSS feed
    to keep updated with forthcoming post. Thanks a million and please
    carry on the enjoyable work.

    Reply
  32. Epifania Krier says

    2016-07-01 at 1:11 am

    I blog frequently and I seriously thank you for your content.

    The article has truly peaked my interest. I’m going to
    take a note of your blog and keep checking for new details about once a week.
    I subscribed to your RSS feed as well.

    Reply
  33. Lidia says

    2016-07-01 at 12:55 am

    Thanks for finally writing about >Troubleshooting PHP
    7 and NGINX when using TCP Sockets with SELinux on CentOS 7 (RHEL/Fedora) | Cloud Insidr <Liked it!

    Reply
  34. Reva Baxley says

    2016-06-28 at 4:12 pm

    Appreciating the persistence you put into your site and
    detailed information you offer. It’s nice to come across
    a blog every once in a while that isn’t the same old rehashed material.

    Great read! I’ve bookmarked your site and
    I’m adding your RSS feeds to my Google account.

    Reply
  35. Roosevelt Folingsby says

    2016-06-28 at 1:40 pm

    hey there and thank you for your information – I’ve certainly picked up
    anything new from right here. I did however expertise a
    few technical points using this website, as I experienced to reload the
    web site lots of times previous to I could get it to load properly.
    I had been wondering if your web host is OK? Not that I’m complaining, but sluggish loading instances times will sometimes affect your placement in google and could damage your high-quality score if advertising and marketing with Adwords.
    Anyway I am adding this RSS to my email and can look out for a lot more of your respective fascinating content.
    Make sure you update this again soon.

    Reply
  36. Julianne Kuhn says

    2016-06-24 at 7:06 pm

    Hello everyone, it’s my first pay a quick visit at this web site, and
    article is truly fruitful in favor of me,
    keep up posting these types of content.

    Reply
  37. Wilmer Boyd says

    2016-06-23 at 7:25 pm

    My coder is trying to persuade me to move to .net from PHP.
    I have always disliked the idea because of the expenses. But he’s tryiong none the less.
    I’ve been using WordPress on a variety of websites for about a year and am nervous about switching to another platform.
    I have heard excellent things about blogengine.net. Is there a way I can import all my
    wordpress content into it? Any kind of help would be greatly appreciated!

    Reply
  38. Ricky Schneider says

    2016-06-23 at 3:57 pm

    Great post! We will be linking to this great content on our site.
    Keep up the great writing.

    Reply
  39. Blake S. says

    2016-06-23 at 9:55 am

    I’m really enjoying the theme/design of your web site.

    Do you ever run into any internet browser compatibility issues?
    A couple of my blog readers have complained about my website not working
    correctly in Explorer but looks great in Firefox.

    Do you have any recommendations to help fix this issue?

    Reply
  40. Vida Maclanachan says

    2016-06-23 at 2:04 am

    I’ve read several good stuff here. Definitely price bookmarking for revisiting.
    I wonder how a lot attempt you put to create the sort of magnificent informative
    website.

    Reply
  41. Herman Brookes says

    2016-06-19 at 11:22 pm

    TҺanks for sharing уoᥙr thօughts aƅout php 7.
    Regards

    Reply
  42. Wilma Zimpel says

    2016-06-19 at 9:43 pm

    I like the helpful info you provide in your articles.
    I’ll bookmark your weblog and check again here regularly.
    I am quite certain I’ll learn a lot of new stuff right here!
    Best of luck for the next!

    Reply
  43. Brigette Conklin says

    2016-06-19 at 6:45 am

    Great post. I was checking continuously this blog and I’m impressed!
    Very useful information specifically the last part :) I care
    for such info a lot. I was looking for this certain info
    for a very long time. Thank you and best of luck.

    Reply
  44. August Vaude says

    2016-06-18 at 10:09 pm

    I have read so many articles or reviews on the topic of
    the blogger lovers but this post is actually a pleasant article, keep
    it up.

    Reply
  45. Kerri Cheyne says

    2016-06-18 at 9:52 am

    Wow that was unusual. I just wrote an very
    long comment but after I clicked submit my comment didn’t show up.

    Grrrr… well I’m not writing all that over again. Regardless, just wanted to say great blog!

    Reply
  46. Hannelore McCrae says

    2016-06-17 at 10:23 pm

    I got this web site from my buddy who shared with me on the topic of this web
    page and at the moment this time I am visiting this web page and
    reading very informative posts at this place.

    Reply
  47. Ron Armbruster says

    2016-06-16 at 8:10 am

    A motivating discussion is worth comment. I think that you ought to write more about this subject matter, it may not be a taboo matter but generally folks don’t discuss these issues.
    To the next! Best wishes!!

    Reply
  48. Chuck Wieck says

    2016-06-16 at 4:10 am

    It’s an amazing article іn support of all the internet uѕers; thеу will get advantage from it I am sure.

    Reply
  49. Steffen McDonnell says

    2016-06-16 at 3:40 am

    My brother suggested I might like this website.

    He was totally right. This post truly made my day. You cann’t imagine just how much time
    I had spent for this information! Thanks!

    Reply
  50. Eugenio Cheong says

    2016-06-15 at 11:39 pm

    Hello i am kavin, its my first time to commenting anywhere, when i read this paragraph i thought i could also make comment due to this good piece of writing.

    Reply
  51. Sherrie Schweizer says

    2016-06-15 at 5:09 pm

    Hi, this weekend is good in support of me, as this
    occasion i am reading this enormous educational piece of writing here at my residence.

    Reply
  52. Penny Strzelecki says

    2016-06-15 at 11:26 am

    Hello would you mind sharing which blog platform you’re
    working with? I’m planning to start my own blog in the near future but I’m having a tough time making a decision between BlogEngine/Wordpress/B2evolution and Drupal.
    The reason I ask is because your design seems different then most blogs and I’m looking for something completely unique.
    P.S Sorry for being off-topic but I had to ask!

    Reply
    • Cloud Insidr says

      2016-06-16 at 9:53 am

      Hi,

      It’s a WordPress blog. Running on Nginx and CentOS 7.2. :-)

      Hope this helps!

      Cheers!

      Reply
  53. Allie Goldfarb says

    2016-06-14 at 12:39 pm

    It’s nearly impossible to find experienced people for this topic, however, you sound like you
    know what you’re talking about! Thanks

    Reply
  54. Sang Bullen says

    2016-06-14 at 6:07 am

    I do trust all of the ideas you have presented in your post.

    They are very convincing and can definitely work.
    Still, the posts are too short for newbies. May just you please prolong them a little
    from subsequent time? Thanks for the post.

    Reply
  55. Ofelia Biraban says

    2016-06-14 at 2:56 am

    Hola! I’ve been reading your weblog for
    a long time now and finally got the courage to go ahead and give you a shout out from Lubbock Tx!
    Just wanted to tell you keep up the good work!

    Reply
  56. Molly Flanders says

    2016-06-13 at 7:32 am

    Howdy! This is my first visit to your blog!
    We are a collection of volunteers and starting a new initiative in a community in the same niche.

    Your blog provided us useful information to work on. You have done a outstanding job!

    Reply
  57. Miranda Pitre says

    2016-06-10 at 1:15 pm

    Generally I do not read articles on blogs, however I wish to say that this one was exceptional! Your writing style has really surprised me. Thank you very much! Great post.

    Miranda Pitre

    Reply
  58. Robyn Kennis says

    2016-05-04 at 4:29 pm

    It’s really a great and helpful piece of information. I’m happy that you simply shared this helpful info with us. Please stay us up to date like this. Thanks for sharing.

    Reply
  59. Gary says

    2016-04-28 at 9:03 am

    —QUOTE—
    Hey there! I know this is somewhat off topic but I was wondering
    which blog platform are you using for this website? I’m getting
    tired of WordPress because I’ve had issues with hackers and I’m looking at options for another platform.
    I would be fantastic if you could point me in the direction of a good platform.
    —UNQUOTE—

    Here is how to keep your web server safe:
    https://www.cloudinsidr.com/content/fixing-your-web-servers-security-headers-from-hall-of-shame-to-hall-of-fame/
    https://www.cloudinsidr.com/content/secure-your-web-server-against-attacks-via-xsrfcsrfxfs-how-to-design-a-content-security-policy/

    You should try activating SELinux:
    https://www.cloudinsidr.com/content/troubleshooting-php-7-tcp-sockets-with-selinux-on-centos-7-rhelfedora/
    https://www.cloudinsidr.com/content/lemp-how-to-set-up-nginx-with-mariadbmysql-and-php-7-x-on-centos-7-rhelfedora/

    Reply
  60. Olivia Klug says

    2016-04-26 at 4:06 pm

    My spouse and I stumbled over here from a different web page and thought I might as well check
    things out. I like what I see so i am just following you.
    Look forward to looking into your web page repeatedly.

    Reply
  61. Waylon Queale says

    2016-04-21 at 2:08 pm

    Hello, I desire to subscribe for this blog to obtain hottest updates, therefore where can i do it please help out.

    Reply
    • Cloud Insidr says

      2016-04-22 at 2:23 pm

      Hi Waylon,

      I already did this for you!

      Please confirm it!

      Reply
  62. a food chain says

    2016-04-17 at 2:34 am

    It’s not my first time to go to see this site, i am visiting this site dailly and take good facts from here
    daily.

    Reply
  63. landscape architect malaysia salary says

    2016-04-13 at 9:15 am

    Hey There. I found your blog using msn. This is a very smartly written article. I’ll be sure to bookmark it
    and come back to learn extra of your useful information. Thanks for the post.
    I will certainly comeback.

    Reply
  64. Tim says

    2016-04-08 at 11:51 am

    This article saved the day for me. There is a type, however:

    grep php-fpm /var/log/audit/audit.log | audit2allow -m phpfpmlocal

    The -m needs to be capitalized for the command to work:

    grep php-fpm /var/log/audit/audit.log | audit2allow -M phpfpmlocal

    thank you for this post!!

    Reply
    • Cloud Insidr says

      2016-04-08 at 12:23 pm

      Hi Tim,

      True, you are right! :-)

      Thanks!

      Reply
  65. landscape architect company in malaysia says

    2016-03-28 at 10:30 pm

    Hi there, just became aware of your blog through Google,
    and found that it is truly informative. I am going to watch out for brussels.
    I will appreciate if you continue this in future. Many people will be benefited from your writing.
    Cheers!

    Reply
  66. Vicky Moreno says

    2016-03-28 at 2:28 am

    Hello, I enjoy reading all of your post. I wanted to write
    a little comment to support you.

    Reply
  67. Anonymous says

    2016-03-10 at 4:47 pm

    Hi! I understand this is kind of off-topic however I needed
    to ask. Does managing a well-established blog like yours
    take a large amount of work? I’m completely new to operating a blog but
    I do write in my journal daily. I’d like to start a blog so I can easily share my experience and views online.
    Please let me know if you have any suggestions or tips for brand new aspiring blog owners.
    Appreciate it!

    Reply
    • insidr says

      2016-03-10 at 5:25 pm

      It depends on the level of your technical know-how and overall experience. Some people find it daunting, others enjoy every minute of it. If you happen to be working in the IT industry, for example as a sysadmin, you have a very different angle than someone who’s altogether new to this whole publishing thing and just got bitten by the blogging bug out of nowhere. Either way, there are solutions that can streamline the process. It very much depends on you and how much of your time you are _willing_ to invest.

      Reply
  68. home automation malaysia says

    2016-03-06 at 11:46 am

    Good write-up. I definitely love this website.
    Thanks!

    Reply
  69. mac hard drive failure says

    2016-03-02 at 9:51 am

    I think this is among the most important info for me. And i am glad reading your article.
    But should remark on some general things, The site style is wonderful, the articles is really great : D.
    Good job, cheers

    Reply
    • insidr says

      2016-03-03 at 4:42 pm

      Thank you!

      Reply
  70. Jeannie Bess says

    2016-03-01 at 12:32 pm

    I have emailed this blog post page to all my associates, because if I like to
    read it, my friends will want to read it,too. Thanks!

    Reply
    • insidr says

      2016-03-01 at 2:28 pm

      Thank you! That’s good to hear:-)

      Reply
  71. Amanda Furman says

    2016-02-29 at 4:04 pm

    Pretty! This has been a really wonderful article.

    Many thanks for supplying this information.

    Reply

Trackbacks

  1. A Web Server in the Cloud: How to Set up a Website from Scratch on a Domain of your Choice | Cloud Insidr says:
    2017-11-08 at 10:20 am

    […] In order to facilitate communications between the web server and php-fpm you can use either Unix sockets or TCP/IP sockets (TCP/IP sockets allow your server to scale more efficiently but have somewhat higher performance requirements). In either case, make sure that SELinux allows access to the interface you chose; here is how to allow access via TCP/IP sockets in SELinux. […]

    Reply
  2. High-Stakes, High-Security LEMP Setup: Nginx with MariaDB/MySQL, and PHP 7.x on CentOS 7 (RHEL/Fedora) with SELinux | cloudinsidr says:
    2016-01-08 at 5:19 am

    […] Troubleshooting PHP 7 TCP Sockets with SELinux on CentOS 7 (RHEL/Fedora) […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Join Cloud Insidrs!

Symantec Code Signing (200x200)

Tag Cloud

automation AWS Azure Azure Active Directory Azure Arc Azure Lighthouse Azure Resource Manager certbot certificate clickjacking cron CSRF cyber security DD-WRT DNS over HTTPS DoH domain firmware Gemalto HPKP HSTS IAM letsencrypt log logs MFA MITM Netgear network router SELinux time stamp tip Whois WiFi x509 XSS
Secure Site with EV (160x600)

Pearson Education (InformIT)

Pearson Education (Peachpit)

Thawte Code Signing (200x200)

  • Content purchasing and syndication