Filed under centos7
Edit your
/etc/yum.conf file and add

yum clean all
yum makecache
yum update

2019/07/11 17:45 2019/07/11 17:45
Filed under centos7

If you receive an error while restarting IPtables on your virtual machine that includes : raw nat mangle filter [FAILED] or similar, this is a known error with CentOS 5 / CentOS 6 on virtual architectures. You simply need to modify the : /etc/init.d/iptables file.


Next, locate the below text, you can search for 'setting chains' Next add the lines labeled with + to the file, after the line with: case "$i"

vi /etc/init.d/iptables

echo -n $"${IPTABLES}: Setting chains to policy $policy: "
    for i in $tables; do
        echo -n "$i "
        case "$i" in

<!-- 추가된 부분 -->
+           security)

+               $IPTABLES -t filter -P INPUT $policy \
+                   && $IPTABLES -t filter -P OUTPUT $policy \
+                   && $IPTABLES -t filter -P FORWARD $policy \
+                   || let ret+=1
+               ;;

                $IPTABLES -t raw -P PREROUTING $policy \
                    && $IPTABLES -t raw -P OUTPUT $policy \
                    || let ret+=1

2015/11/02 16:33 2015/11/02 16:33
Filed under centos7

CENTOS 6.6 에 NGINX1.8 설치 해서  java 환경 세팅중
502 BAD GATEWay error 가 발생 한다.다음 2 명령어로 깔끔하게 해결 할 수 있다.

나와 같은 에러가 CentOS/RHEL 계열 OS에서 발생한다면 다음 두개의 명령으로 말끔히 해결!

setsebool -P httpd_can_network_connect 1


더욱더 견고하게! fix하고 싶다면...

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

2015/05/20 19:59 2015/05/20 19:59
Filed under centos7


포워딩이 정상적으로 톰켓으로 전달이 안되는 경우

다음과 같은방법으로 해결 가능 하다.

How to fix nginx 502 Bad Gateway error on CentOS/RHEL

I was trying to set up a reverse proxy for Atlassian Jira and Confluence by using nginx, connected to http://localhost:8080. This is the error I was getting in my logs:

2015/02/10 10:59:37 [crit] 21155#0: *12 connect() to failed (13: Permission denied) while connecting to upstream, client: a.b.c.d, server: x.y.z, request: "GET / HTTP/1.1", upstream: "", host: "x.y.z"
2015/02/10 10:59:38 [error] 21155#0: *15 no live upstreams while connecting to upstream, client: a.b.c.d, server: x.y.z, request: "GET / HTTP/1.1", upstream: "http://localhost/", host: "x.y.z"

Turns out it was just a SELinux issue. I’ve fixed the problem by issuing this command:

setsebool -P httpd_can_network_connect 1

If you want, you can even completely disable SELinux this way:

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
This entry was posted in Atlassian, CentOS, nginx.
2015/05/08 01:34 2015/05/08 01:34
Filed under centos7

 ftp접근시 22번 포트를 사용함

After installing vsftpd on CentOS 7 server, let us create a directory to store SSL certificates.

mkdir /etc/ssl/private

Then, create the certificate and key files using the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

You’ll be asked to enter the series of questions such as Country, State Code, Email address, Organization name etc. Enter the details one by one. Here is my sample output:

 Generating a 1024 bit RSA private key
 writing new private key to '/etc/ssl/private/vsftpd.pem'
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 Country Name (2 letter code) [XX]:IN
 State or Province Name (full name) []:TN
 Locality Name (eg, city) [Default City]:Erode
 Organization Name (eg, company) [Default Company Ltd]:Unixmen
 Organizational Unit Name (eg, section) []:Technical
 Common Name (eg, your name or your server's hostname) []:server1.unixmen.local
 Email Address []

In the common name field, you can either use hostname or IP address of your vsftpd server.

Edit vsftpd configuration file /etc/vsftpd/vsftpd.conf,

vi /etc/vsftpd/vsftpd.conf

Add the following lines at the end:




Save and close the file. Restart vsftpd service.

systemctl restart vsftpd

Check FTP Server

Open Filezilla from your client system. Go to File -> Site Manager.

In the Site Manager window, select New Site.

Site Manager_003

Name your new site, or leave it as it is. In my case I name it as My local FTP. Enter the FTP server IP address, and select “Require explicit FTP over TLS” from the Encryption drop down box. In the Logon Type drop downbox, select Ask for password option, and enter your FTP user name. Finally click on the Connect button.

Site Manager_004

You’ll be asked to enter the ftp user password in the next screen.

Enter password_007

Now, you”ll be asked to accept the certificate that is being used to make sure the server can be trusted. In the Certificate window, you may see the list of values which is entered during the certificate generation process. Click Ok to accept the certificate and establish the connection.

Unknown certificate_008

That’s it. Now you’ll be able to access your FTP server.

My local Site - ftpes:--sk@ - FileZilla_009

Note: if you keep getting the error “The data connection could not be established: EHOSTUNREACH – No route to host” after enabling SSL/TLS, disable iptables and try again.

That’s all for now. Cheers!

2015/05/08 00:31 2015/05/08 00:31
Filed under centos7
yum install vsftpd

vi /etc/vsftpd/vsftpd.conf

[root@www ~]#
yum -y install vsftpd
[root@www ~]#
vi /etc/vsftpd/vsftpd.conf

# line 12: no anonymous
# line 82,83: uncomment ( allow ascii mode )

# line 100, 101: uncomment ( enable chroot )

# line 103: uncomment ( specify chroot list )

# line 109: uncomment

# line 114: change ( if use IPv4 )

# line 123: change ( turn to OFF if it's not need )

# add follows to the end

# specify root directory ( if don't specify, users' home directory become FTP home directory)

# use localtime

# turn off for seccomp filter ( if you cannot login, add this line )

[root@www ~]#
vi /etc/vsftpd/chroot_list
# add users you allow to move over their home directory


2015/05/07 22:23 2015/05/07 22:23
Filed under centos7

방화벽 추가

firewall-cmd --permanent --zone=public --add-port=80/tcp

firewall-cmd --permanent --zone=public --add-port=8080/tcp

 firewall-cmd --permanent --zone=public --add-port=21/tcp

방화벽 확인

cat /etc/firewalld/zones/public.xml


방화벽 재시작

systemctl restart firewalld

2015/05/07 22:05 2015/05/07 22:05