FAQ Series | PHP connection MySQL exception when SELinux is enabled

Colleagues report a strange phenomenon, one of the simplest test PHP code, in the test environment is normal, but in a formal environment, no matter how (TCP/IP, UNIX sockets) can not connect to MySQL.
I assisted to view the next, it is true, whether the specified IP, port TCP/IP connection, or a UNIX socket connection, the error message is similar:

Could not Connect:can ' t connect to MySQL server on ' MySQL. SERVER ' (13)

No matter how you modify MySQL's authorization, or adjust the settings for MySQL in php.ini, or modify the MySQL listening network, it will not work.
And if you manually connect MySQL with the command line, everything is fine.

The problem seems to be that PHP (with Apache) is not allowed to connect to MySQL, but there are no restrictions on firewalls. To think about it, only the selinux factor will cause the problem.

Getsebool-a|grep-i httpd

You can see that the license mode for the HTTPD process is set here, and then take a closer look and have an option:

Getsebool-a|grep-i Httpd_can_network_connecthttpd_can_network_connect--off

Now it's clear that SELinux restricts httpd access to the outside. To turn it on:

Setsebool-p httpd_can_network_connect=1

If you are unfamiliar with SELinux, you can also directly modify the system configuration file/etc/sysconfig/selinux, global shutdown:

# This  file controls the state of selinux on the system.# selinux=  can take one of these three values:#      enforcing - selinux security policy is enforced.#      permissive - selinux prints warnings instead of enforcing.#      disabled - no selinux policy is loaded. #SELINUX =enforcing# Change the setting to disabledselinux=disabled# selinuxtype= can take one of these two  values:#     targeted - targeted processes are protected,#      mls - multi level security protection. Selinuxtype=targeted 

Then restart the operating system to take effect.
Alternatively, direct execution of the command can take effect online:

[Email protected]~]# setenforce 0setenforce:selinux is disabled

--------------------------------------Split Line--------------------------------------

http://zhishuedu.comTraining is a professional quality training brand jointly launched by senior MySQL expert Ye Jinlong and Wu Bingxi, with MySQL dba combat optimization and Python devops Development course, which is the most conscientious and The most quality training courses.

This article is from the "Lao Ye teahouse" blog, please be sure to keep this source http://imysql.blog.51cto.com/1540006/1879758

FAQ Series | PHP connection MySQL exception when SELinux is enabled