...
4) Optional configurations:
Configure SELinux
| Warning | ||
|---|---|---|
| ||
SELinux is a very powerful method of securing the CentOS environment, but it is not "turn key" and requires expertise to configure it correctly. If you do not know how to configure SELinux, please do not use it. A badly configured SELinux install will not work well and result in frustration. If you have any questions or concerns about this - please contact 6connect Support at support@6connect.com. |
| Note | ||
|---|---|---|
| ||
Please remember - if you change the IP address of the your server, then you will need to update SELinux functions accordingly |
Most CentOS install have SELinux enabled by default. One of its protections is to not allow httpd daemon to make network connections, we need to disable this for license checks.
To view the SELinux configuration for http:
| Code Block | ||
|---|---|---|
| ||
/usr/sbin/getsebool -a | grep httpd |
To turn protection off for the httpd daemon for creating network connections:
| Code Block | ||
|---|---|---|
| ||
/usr/sbin/setsebool -P httpd_can_network_connect 1 |
Configure IPTables
IPTables is enabled by default on CentOS. Add a new rule to allow 443 from anywhere. Make sure that this rule is in the chain BEFORE any blanket reject rule:
...