Today, I want to run the httpd server on a custom port, 8002 on a CentOS 7 server. Of course, all my system has SELinux in enforcing mode.

In order for the httpd to bind on port 8002, we need to add this port to the httpd_port_t port type list.

First let’s confirm that port 8002 is not yet in the http_port_t list:

[root@servera ~]# semanage port -l | grep ^http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

We know from the manual semanage-port(8), to add a port to an SELinux port type list, we run the following command:

[root@servera ~]# semanage port -a -t http_port_t -p tcp 8002
ValueError: Port tcp/8002 already defined
[root@servera ~]# semanage port -l | grep 8002
xen_port_t                     tcp      8002

This is the first time that I encountered this error, and probably it’s got something to do with all the ports that I had added to SELinux port type list were “always” unique. What’s the odd, right?

Anyway, we can see that the port 8002 is already belong to xen_port_t. If we must insist on adding port 8002 to the http_port_t list, we can modify this port instead.

[root@servera ~]# semanage port -m -t http_port_t -p tcp 8002
[root@servera ~]# semanage port -l | grep 8002
http_port_t                    tcp      8002, 80, 81, 443, 488, 8008, 8009, 8443, 9000
xen_port_t                     tcp      8002

Now, assume that the httpd has been configured to listen on port 8002, we can start this service:

[root@servera ~]# systemctl start httpd
[root@servera ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-07-27 15:51:21 AEST; 1min 30s ago
     Docs: man:httpd(8)
 Main PID: 11134 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─11134 /usr/sbin/httpd -DFOREGROUND
           ├─11135 /usr/sbin/httpd -DFOREGROUND
           ├─11136 /usr/sbin/httpd -DFOREGROUND
           ├─11137 /usr/sbin/httpd -DFOREGROUND
           ├─11138 /usr/sbin/httpd -DFOREGROUND
           └─11139 /usr/sbin/httpd -DFOREGROUND

Jul 27 15:51:21 systemd[1]: Starting The Apache HTTP Server...
Jul 27 15:51:21 systemd[1]: Started The Apache HTTP Server.
[root@servera ~]#