Quick tip for anyone struggling with Apache on CentOS 7.

After fresh install of Apache I couldn’t connect to port 80. However I could access web server from terminal without any problem (wget localhost).

Let’s troubleshoot the issue.

Then I checked DNS and httpd.conf and it wasn’t the case. After some googling I’ve found this tip to check iptables.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
 
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
 
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

We see that iptables say:

1
state RELATED,ESTABLISHED

It only allows connections already established by server and not by remote machines.

Then we see exceptions, in this case it’s for ssh:

1
state NEW tcp dpt:ssh

We need to add the same rule for port 80:

1
state NEW tcp dpt:80

We can do it like this:

1
$ sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

This adds new rule to the 4th line.

Don’t forget to save the file, otherwise changes would be lost after reboot:

1
$ service iptables save

Restart iptables:

1
$ service iptables restart

It should work now!