[Lista ArNOG] Apache en Centos
Fernando R. Soto
fsoto en fi.uba.ar
Mie Abr 4 15:35:00 ART 2018
Era el firewall. je
[root en localhost html]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-03-30 18:02:07 -03; 4 days ago
Docs: man:firewalld(1)
Main PID: 745 (firewalld)
CGroup: /system.slice/firewalld.service
└─745 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 30 18:02:04 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 30 18:02:07 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Mar 30 18:02:09 localhost.localdomain firewalld[745]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
[root en localhost html]#
[root en localhost html]# systemctl stop firewalld
De: Fernando R. Soto <fsoto en fi.uba.ar>
Enviado el: miércoles, 4 de abril de 2018 9:37 a.m.
Para: 'lista en arnog.com.ar' <lista en arnog.com.ar>
Asunto: RE: [Lista ArNOG] Apache en Centos
ok, puede ser.
lo raro q ssh está separado y confunde.
por curl 127.0.0.1 carga la página, pero no desde otro equipo
se me hace q es el archivo httpd.conf
tcp 0 0 <http://0.0.0.0:22> 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:25 <http://127.0.0.1:25> 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 64 172.20.0.7:22 <http://172.20.0.7:22> 190.24.15.11:53390 <http://190.24.15.11:53390> ESTABLISHED on (0.25/0/0)
tcp6 0 0 :::80 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN off (0.00/0/0)
De: lista-bounces en arnog.com.ar <mailto:lista-bounces en arnog.com.ar> <lista-bounces en arnog.com.ar <mailto:lista-bounces en arnog.com.ar> > En nombre de Diego Rodriguez
Enviado el: miércoles, 4 de abril de 2018 8:08 a.m.
Para: lista en arnog.com.ar <mailto:lista en arnog.com.ar>
Asunto: Re: [Lista ArNOG] Apache en Centos
Fernando,
Esta escuchando en ambos me parece, al mostrar IPv6 asume IPv4.
Diego F. Rodríguez
STARNETWORKS
Redes y Comunicaciones Moreno S.R.L.
Cel: 15 6660 0035
Tel: 3220 5923
2018-04-03 22:05 GMT-03:00 Fernando R. Soto <fsoto en fi.uba.ar <mailto:fsoto en fi.uba.ar> >:
Gracias Pablo
Ahí lo hice, pero no veo al proceso escuchando en puerto 80
Eso me llama la atención. No es raro eso?
[root en localhost ~]# sudo firewall-cmd --permanent --add-service=http
success
[root en localhost ~]# netstat -noa
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 0.0.0.0:22 <http://0.0.0.0:22> 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:25 <http://127.0.0.1:25> 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 64 172.20.0.7:22 <http://172.20.0.7:22> 190.24.15.11:53390 <http://190.24.15.11:53390> ESTABLISHED on (0.25/0/0)
tcp6 0 0 :::80 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:25 :::* LISTEN off (0.00/0/0)
raw6 0 0 :::58 :::* 7 off (0.00/0/0)
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
De: lista-bounces en arnog.com.ar <mailto:lista-bounces en arnog.com.ar> <lista-bounces en arnog.com.ar <mailto:lista-bounces en arnog.com.ar> > En nombre de Pablo Vargas
Enviado el: martes, 3 de abril de 2018 6:19 p.m.
Para: lista en arnog.com.ar <mailto:lista en arnog.com.ar>
Asunto: Re: [Lista ArNOG] Apache en Centos
Hola Fernando: lo mas probable es que sea el servicio de firewall que viene activado por defecto en RedHat/Centos
# para permitir acceso web al server ( iptables -A INPUT.... )
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
# para listar los servicios conocidos
firewall-cmd --get-services
# permitir puertos especificos
sudo firewall-cmd --permanent --add-port=4444/tcp
Pero si le cambias los puertos al httpd si vas a tener que "pelear" un poco con SELinux, para permitir que apache uso otro puerto que no son los estandar
# ver los puertos que httpd puede usar
sudo semanage port -l | grep -w http_port_t
# permitir que httpd abra otros puertos
sudo semanage port -a -t http_port_t -p tcp 4444
saludos
Pablo
On Fri, Mar 30, 2018 at 4:21 PM, Fernando R. Soto <frsoto en gmail.com <mailto:frsoto en gmail.com> > wrote:
Hola Amigos
Instale un Apache en un centos 7 y no veo q este escuchando el puerto 80 en ipv4
que podrá ser? firewall? archivo conf?
Probe ingresar desde una maquina en la misma red y no carga la página.
[root en Centos7teleco ~]# netstat -ano
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 0.0.0.0:22 <http://0.0.0.0:22> 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:25 <http://127.0.0.1:25> 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:3306 <http://0.0.0.0:3306> 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 64 172.20.0.7:22 <http://172.20.0.7:22> 10.25.14.29:63483 <http://10.25.14.29:63483> ESTABLISHED on (0,24/0/0)
tcp6 0 0 :::80 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN off (0.00/0/0)
tcp6 0 0 ::1:25 :::* LISTEN off (0.00/0/0)
udp 0 0 127.0.0.1:323 <http://127.0.0.1:323> 0.0.0.0:* off (0.00/0/0)
udp6 0 0 ::1:323 :::* off (0.00/0/0)
Active UNIX domain sockets (servers and established)
[root en Centos7teleco ~]# curl 127.0.0.1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<!-- Bootstrap -->
<link href="/noindex/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="noindex/css/open-sans.css" type="text/css" />
<style type="text/css"><!--
body {
font-family: "Open Sans", Helvetica, sans-serif;
font-weight: 100;
color: #ccc;
background: rgba(10, 24, 55, 1);
font-size: 16px;
}
h2, h3, h4 {
font-weight: 200;
}
h2 {
font-size: 28px;
}
.jumbotron {
margin-bottom: 0;
color: #333;
background: rgb(212,212,221); /* Old browsers */
background: radial-gradient(ellipse at center top, rgba(255,255,255,1) 0%,rgba(174,174,183,1) 100%); /* W3C */
}
.jumbotron h1 {
font-size: 128px;
font-weight: 700;
color: white;
text-shadow: 0px 2px 0px #abc,
0px 4px 10px rgba(0,0,0,0.15),
0px 5px 2px rgba(0,0,0,0.1),
0px 6px 30px rgba(0,0,0,0.1);
}
.jumbotron p {
font-size: 28px;
font-weight: 100;
}
.main {
background: white;
color: #234;
border-top: 1px solid rgba(0,0,0,0.12);
padding-top: 30px;
padding-bottom: 40px;
}
.footer {
border-top: 1px solid rgba(255,255,255,0.2);
padding-top: 30px;
}
--></style>
</head>
<body>
<div class="jumbotron text-center">
<div class="container">
<h1>Testing 123..</h1>
<p class="lead">This page is used to test the proper operation of the <a href="http://apache.org">Apache HTTP server</a> after it has been installed. If you can read this page it means that this site is working properly. This server is powered by <a href="http://centos.org">CentOS</a>.</p>
</div>
</div>
<div class="main">
<div class="container">
<div class="row">
<div class="col-sm-6">
<h2>Just visiting?</h2>
<p class="lead">The website you just visited is either experiencing problems or is undergoing routine maintenance.</p>
<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>
<p>For example, if you experienced problems while visiting www.example.com <http://www.example.com> , you should send e-mail to "webmaster en example.com <mailto:webmaster en example.com> ".</p>
</div>
<div class="col-sm-6">
<h2>Are you the Administrator?</h2>
<p>You should add your website content to the directory <tt>/var/www/html/</tt>.</p>
<p>To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>
<h2>Promoting Apache and CentOS</h2>
<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>
<p><a href="http://httpd.apache.org/"><img src="images/apache_pb.gif" alt="[ Powered by Apache ]"></a> <a href="http://www.centos.org/"><img src="images/poweredby.png" alt="[ Powered by CentOS Linux ]" height="31" width="88"></a></p>
</div>
</div>
</div>
</div>
</div>
<div class="footer">
<div class="container">
<div class="row">
<div class="col-sm-6">
<h2>Important note:</h2>
<p class="lead">The CentOS Project has nothing to do with this website or its content,
it just provides the software that makes the website run.</p>
<p>If you have issues with the content of this site, contact the owner of the domain, not the CentOS project.
Unless you intended to visit CentOS.org, the CentOS Project does not have anything to do with this website,
the content or the lack of it.</p>
<p>For example, if this website is www.example.com <http://www.example.com> , you would find the owner of the example.com <http://example.com> domain at the following WHOIS server:</p>
<p><a href="http://www.internic.net/whois.html">http://www.internic.net/whois.html <http://www.internic.net/whois.html%3c/a%3e%3c/p> </a></p>
</div>
<div class="col-sm-6">
<h2>The CentOS Project</h2>
<p>The CentOS Linux distribution is a stable, predictable, manageable and reproduceable platform derived from
the sources of Red Hat Enterprise Linux (RHEL).<p>
<p>Additionally to being a popular choice for web hosting, CentOS also provides a rich platform for open source communities to build upon. For more information
please visit the <a href="http://www.centos.org/">CentOS website</a>.</p>
</div>
</div>
</div>
</div>
</div>
</body></html>
[root en Centos7teleco ~]#
[root en Centos7teleco ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since lun 2017-11-27 15:54:20 -03; 1 weeks 4 days ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 32581 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Main PID: 1116 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─ 1116 /usr/sbin/httpd -DFOREGROUND
├─32588 /usr/sbin/httpd -DFOREGROUND
├─32589 /usr/sbin/httpd -DFOREGROUND
├─32590 /usr/sbin/httpd -DFOREGROUND
├─32591 /usr/sbin/httpd -DFOREGROUND
└─32592 /usr/sbin/httpd -DFOREGROUND
nov 27 15:54:15 Centos7teleco systemd[1]: Starting The Apache HTTP Server...
nov 27 15:54:20 Centos7teleco httpd[1116]: AH00557: httpd: apr_sockaddr_info_get() failed for Centos7teleco
nov 27 15:54:20 Centos7teleco httpd[1116]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directi...this message
nov 27 15:54:20 Centos7teleco systemd[1]: Started The Apache HTTP Server.
dic 04 03:31:01 Centos7teleco httpd[32581]: AH00557: httpd: apr_sockaddr_info_get() failed for Centos7teleco
dic 04 03:31:01 Centos7teleco httpd[32581]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' direct...this message
dic 04 03:31:01 Centos7teleco systemd[1]: Reloaded The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root en Centos7teleco ~]#
top - 16:42:14 up 11 days, 48 min, 1 user, load average: 0,15, 0,05, 0,06
Tasks: 188 total, 2 running, 186 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0,7 us, 0,7 sy, 0,0 ni, 98,7 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem : 8010576 total, 6863232 free, 273320 used, 874024 buff/cache
KiB Swap: 8257532 total, 8257532 free, 0 used. 7121664 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1039 root 0 -20 0 0 0 S 0,0 0,0 0:00.09 kworker/1:1H
1109 root 20 0 105996 4116 3140 S 0,0 0,1 0:17.80 sshd
1116 root 20 0 433368 15196 8716 S 0,0 0,2 0:38.46 httpd
1117 root 20 0 562392 18600 5880 S 0,0 0,2 1:31.10 tuned
1208 mysql 20 0 113260 1596 1300 S 0,0 0,0 0:00.01 mysqld_safe
_______________________________________________
Lista mailing list
Lista en arnog.com.ar <mailto:Lista en arnog.com.ar>
http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
_______________________________________________
Lista mailing list
Lista en arnog.com.ar <mailto:Lista en arnog.com.ar>
http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://mailmancabase.interdotnet.com.ar/pipermail/lista/attachments/20180404/1e22b8ce/attachment-0001.html>
Más información sobre la lista de distribución Lista