i was setting up LAMP on virtualbox a couple of nights ago, I’m doing it as part of another project I have on the way. My planned setup was to have the db on a separate server. Setting it up the servers was a breeze in vbox, but I bumped into a problem along the way(more on that later). I installed apache,php and mysql using centos5.3′s vanilla rpms, I didn’t find it necessary to get the latest rpms as I was just gonna use it for poc(proof of concept) purposes.
After changing root’s mysql password I created the database “ordinary_db” with a table named “characters”, these commands were ran to do so(as root logged in mysql):
mysql> create database ordinary_db; (DUH?!)
mysql>create table characters (name VARCHAR(100), class varchar(50), age int, sex char(1), profession VARCHAR(50));
Of course, at least, create a sample entry:
mysql>insert into characters (name ,class ,age ,sex ,profession) values (“zonkie”,”rogue”,10,”M”,”leatherworker”);
Then create a user that would have full access to the database “ordinary_db”:
mysql>grant allon ordinary_db.* to email@example.com identified by ‘ultrahardtoguesspassw0rd’;
The user ‘uniqueusername’ will be connecting from the host ‘stormwind.myhomelab.net’, which is where the web server is residing, using ‘ultrahardtoguesspassw0rd’ as the password(duh). Yeah I know, I should at least show that I have concern for security.
Web server: stormwind.myhomelab.net
Database server: darnassus.myhomelab.net
Now comes the problem I encountered while testing apache/mysql connectivity. Using the mysql command line tool, I was able to connect from stormwind to darnassus’ db. But trying to check apache/mysql connectivity, no cigar. Here’s a nice php script to check for mysql connectivity on your web server. Checked the logs, nothing interesting. Tried connecting using both ip address and hostname, nope. Went out to smoke, tried to think of a reason why this was happening but still I had no idea what was going on. Then it occurred to me, what if it had something to do with selinux. I never played around with selinux, I usually disabled it if it was giving me issues. But for now, and for the sake of security, I’ll leave it on. I googled around (yeah google, hire me! I know how to use your search engine) and found this solution(w00t!):
#setsebool -P httpd_can_network_connect=1
What this does is tell selinux to “Allow HTTPD scripts and modules to connect to the network”. Damn you selinux, I wish hating you was that easy. More information ’bout selinux boleans can be found here.
1st task’s done, next one will be to create a php script to insert data to the db and view it too.