Problem: Apache Not Accepting Port 80 Connections
Apache web server may have issues accepting connections on port 80. This can stop websites from loading and upset visitors. Finding the cause is important to fix this connection problem.
Checking Server Configuration
Verifying Apache Installation and Status
To start troubleshooting, check if Apache is installed on your CentOS server. Run this command:
yum list installed | grep httpdThis shows if Apache is installed. If it's not listed, install it:
yum install httpdCheck the status of the Apache service:
systemctl status httpdThis command shows if Apache is running or stopped. If it's not running, start it:
systemctl start httpdTip: Enable Apache on Boot
To make sure Apache starts automatically when your server reboots, use this command:
systemctl enable httpdThis ensures your web server is always up after system restarts.
Examining Apache Configuration Files
Review the main Apache configuration file, httpd.conf. Open it with a text editor:
nano /etc/httpd/conf/httpd.confLook for the "Listen" directive. It should be set to:
Listen 80This tells Apache to listen on port 80 for incoming connections. If it's not there or set to a different port, add or change this line.
After making changes, save the file and restart Apache:
systemctl restart httpdThese steps help you check that Apache is installed, running, and set to listen on port 80.
Investigating Network Settings
Analyzing Network Connections
To check which ports are open and listening for connections, use the netstat command:
netstat -tulpnThis command shows all TCP and UDP ports that are currently listening. Look for a line similar to:
tcp 0 0 :::80 :::* LISTEN -This indicates that a process (likely Apache) is listening on port 80 for all IP addresses.
If you don't see this line, Apache might not be running or might be set to listen on a different port.
Tip: Verify Apache Process
If you don't see Apache listening on port 80, check if the Apache process is running using the command:
sudo systemctl status httpdThis will show you if Apache is active and running or if there are any errors preventing it from starting.
Examining Firewall Rules
CentOS uses iptables for its firewall. To view the current iptables rules, run:
sudo iptables -LLook for rules that might block incoming traffic on port 80. A typical output might look like:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited In this example, there's no rule allowing traffic on port 80. The last line rejects all other incoming connections, which could be blocking access to your web server.
If you don't see a rule allowing traffic on port 80, this could be the reason for the connection issues.
Resolving the Issue
Modifying Firewall Rules
To fix the connection issue, add a rule to allow incoming connections on port 80. Use this command:
sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPTThis adds a new rule at position 4 in the INPUT chain, allowing new TCP connections on port 80.
After adding the rule, save the iptables configuration:
sudo service iptables saveThis keeps the new rule active after server reboots.
Tip: Verify Firewall Rule
After adding the new rule, verify it's in place by listing all current iptables rules:
sudo iptables -L -n -vLook for a line similar to:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80This confirms the rule was added correctly.
Restarting Apache Service
After modifying the firewall rules, restart Apache to apply the changes:
sudo systemctl restart httpdCheck the status of Apache after the restart:
sudo systemctl status httpdThis command shows if Apache is running without errors. Look for "Active: active (running)" in the output.
If you see errors, review the Apache error logs:
sudo tail -f /var/log/httpd/error_logThis helps identify problems preventing Apache from starting correctly.
Testing the Solution
Confirming External Access
After changing your firewall rules and restarting Apache, test if the server accepts incoming connections on port 80 from external sources.
To test external access:
-
Connect from a remote location:
- Use a different network (mobile data, another Wi-Fi network)
- Ask someone to try accessing your server
-
Use telnet to test port 80 access:
- From a remote machine, run:
telnet your_server_ip 80 - If successful, you'll see a blank screen or a connection message
- If it fails, you'll get a "Connection refused" error
- From a remote machine, run:
-
Test with a web browser:
- Open a web browser on a different device or network
- Enter your server's IP address or domain name in the address bar
- If Apache works correctly, you should see the default Apache test page or your website
If you can access the server externally on port 80, the problem is solved. If not, check your firewall rules and Apache configuration for mistakes.
Tip: Use Online Tools
If you don't have access to a separate network, use online port checking tools. These websites can try to connect to your server's port 80 from their location, helping you verify external access.
Test from multiple locations if possible, as some networks might have their own firewalls or restrictions.
Example: Using curl for HTTP Response
You can use the curl command to check the HTTP response from your server. Run this command from a remote machine:
curl -I http://your_server_ipThis will display the HTTP headers returned by your server, including the status code. A successful connection will typically show a "200 OK" status.
