What should I do if php cannot connect to memcache?

Solution to the problem that php cannot connect to memcache: first check "/var/log/messages"; then run "[liang@www ~]$ sudo /usr/sbin/setsebool -P... "Just give the order.

The operating environment of this article: CentOS 5.4 i386 system, PHP7.1 version, DELL G3 computer

php cannot connect to memcached

After installing and configuring memcached, telnet can connect, but php cannot connect. memadmin also prompts that it cannot connect to the server. Finally I found a solution online.

********************

SELinux causes PHP to be unable to use fsockopen to connect to the Memcached server

The thing is Like this:

First of all, there is a problem with the server hard disk:-(, I replaced the hard disk, then reinstalled the system (CentOS 5.4 i386), then installed various programs and restored various data. The last step Memcache.php is used to monitor Memcache status. However, it is found that the tool cannot connect to the Memcached server. After checking, the Memcached server has started normally, can be connected normally using telnet, and the application program (PHP program) using Memcached also works normally. Looking at the memcache.php code, we found that it uses fsockopen to connect to the Memcached server, so we suspected a problem with the Socket extension. However, we checked and found that we can use fsockopen on the command line to connect to any port at any address, indicating that there is no problem with the Socket extension. But in httpd When using fsockopen, I can only connect to the 80, 8080, and 443 ports of the local machine, and the connection to other ports fails.

I checked the httpd log and found no problems. I searched online and found no similar problems. I was depressed. ……

Then I thought about whether it was a SELinux problem. I grep /var/log/audit/audit.log and found the following clues:

[liang@www ~]$ sudo grep denied /var/log/audit/audit.log
type=AVC msg=audit(1280882021.681:780): avc:  denied  { name_connect } for  pid=3822 comm="httpd" dest=11211 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1280885410.800:805): avc:  denied  { name_connect } for  pid=3790 comm="httpd" dest=11211 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket

It seems that SELinux is causing the problem again. Continue to check and find that /var/log/messages has the following error message:

Aug  4 08:11:59 www setroubleshoot: SELinux is preventing the http daemon from connecting to the itself or the relay ports For complete SELinux messages. run sealert -l 23d1381f-9d4b-439a-9ad6-d52f1025f247

It is indeed a problem caused by SELinux. Continue to check according to the prompts:

[liang@www ~]$ sealert -l 23d1381f-9d4b-439a-9ad6-d52f1025f247
Summary:
SELinux is preventing the http daemon from connecting to the itself or the relay
ports
Detailed Description:
SELinux has denied the http daemon from connecting to itself or the relay ports.
An httpd script is trying to do a network connect to an http/ftp port. If you
did not setup httpd to network connections, this could signal a intrusion
attempt.
Allowing Access:
If you want httpd to connect to httpd/ftp ports you need to turn on the
httpd_can_network_relay boolean: "setsebool -P httpd_can_network_relay=1"
The following command will allow this access:
setsebool -P httpd_can_network_relay=1
Additional Information:
Source Context                user_u:system_r:httpd_t
Target Context                system_u:object_r:http_cache_port_t
Target Objects                None [ tcp_socket ]

————————Omit some output————————

The error message is very clear: SELinux blocks the httpd connection. The modification method is also given. Just run the following command as root:

[liang@www ~]$ sudo /usr/sbin/setsebool -P httpd_can_network_relay=1

Note that there is no output after the command is successfully run. To check whether the setting is successful, you can run the getsebool command or directly view the log:

[liang@www ~]$ /usr/sbin/getsebool httpd_can_network_relay
httpd_can_network_relay –> on
[liang@www ~]$ sudo tail /var/log/messages
Aug  4 10:50:23 www setsebool: The httpd_can_network_relay policy boolean was changed to 1 by root

Set successfully . Refresh memcache.php and find that it is working normally. Job done!

This article is purely a work note. But I hope it can also help friends who encounter the same problem.

Recommended learning: "PHP Video Tutorial"

The above is the detailed content of What should I do if php cannot connect to memcache?. For more information, please follow other related articles on the PHP Chinese website!