问题:最近在RHEL 8上安装了Wordpress,安装和运行都比较顺利。只是当试图添加插件或主题的时候,就会报错:
An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.
原因:RHEL8 自带SELinux模块默认禁止HTTPD服务联网访问wordpress.org 来显示插件和主题。
解决办法: sudo setsebool httpd_can_network_connect 1 (可以加参数 -P使它永久生效)
具体解释:
从Wordpress自带的Tools -> Site health 可以看到好几个错误,其中一个是:
Error Your site is unable to reach WordPress.org at 198.143.164.251, and returned the error: cURL error 7:
这个就是问题所在了,无法访问wordpress.org,自然就无法提供主题和插件共选择了。搜索原因发现是由于REHL 8默认的SELinux模块限制原因,导致HTTPD无法联网。SElinux默认工作在enforcing模式,要求严格,有人说可以换到permissive模式就可以了,我不想去尝试这个,毕竟那样就降低了安全等级。
顺便学习了下SELinux配置的内容,查看为什么被拒绝可以使用如下命令:
audit2why < /var/log/audit/audit.log # 需要切换到root用户
然后就显示了一堆错误,比如下面这个就说了本地的httpd试图访问80端口联网被拒绝,原因是下面的几个标志位的某一个没有被正确设置:
type=AVC msg=audit(1610256118.364:15339): avc: denied { name_connect } for pid=434501 comm="my app" dest=80 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow HTTPD scripts and modules to connect to the network using TCP.
Allow access by executing:
# setsebool -P httpd_can_network_connect 1
Description:
Allow HTTPD to connect to port 80 for graceful shutdown
Allow access by executing:
# setsebool -P httpd_graceful_shutdown 1
Description:
Allow httpd to act as a relay
Allow access by executing:
# setsebool -P httpd_can_network_relay 1
Description:
Allow system to run with NIS
Allow access by executing:
# setsebool -P nis_enabled 1
那么就先查看一下这些标志位的当前值吧:
[root@xx]# getsebool -a | grep http
httpd_anon_write --> off
...
httpd_can_network_connect --> off
...
就是它了,不允许httpd访问互联网(只允许接受访问 ),修改它的值使用如下命令:
[root@xx]# setsebool httpd_can_network_connect 1
立即生效,可以访问了。重新写0则关闭该访问。 加参数 -P 则把此设置写入硬盘,重启后也不丢失, 否则重启后就恢复之前的默认设置(OFF)了。