Using different web server ports
By default, web servers listen on the known web server ports (such as ports 80 and 443). Often, administrators might want to have the web server listen on a nondefault port. The SELinux policy might reject this, as it is not standard behavior for a web server to listen on other unrelated ports.
In this recipe, we will tell SELinux that a nondefault port should still be seen as a web server port.
How to do it…
In order to assign a label to a different port, execute the following steps:
To see all the ports that match
http_port_t, usesemanage port -l:~# semanage port -l | grep -w http_port_t http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
Query the SELinux policy to see which port type is assigned to a particular port. For instance, for port
8881, the following command is used:~$ seinfo --portcon=8881If the port is identified as
unreserved_port_t, then we can mark it ashttp_port_t:~# semanage port -a -t http_port_t -p tcp 8881If, however, the...
