A short post to save some of the useful options for firewall-cmd:
Tag Archives: CentOs
Since a long to time I did not post about MQTT … The main reason was I uses MQTT as a protocol to publish data directly from a device but in a centralized environment like SigFox / LoraWan you can’t use it directly on the device. Actually I have some devices communicating with a backend and the question about how to provide these information to the customers of my service are raising. To match this pattern I have to ways : providing and API where the information are pulled by the customer and MQTT where the information are pushed to the customer.
One choice is not against the other one, I had the two kind of customers. For this reason I will describe how we can implement a MQTT server to push sigfox data device as json content.
CentOS 7 have selinux activated, so when you decide to change your default httpd directories you have to give the right selinux permission to these directories otherwize the https server will not be able to access the files.
CentOs 7 have a built-in configuration to close the inactive ssh session. In term of security it is a good thing but when killing a session after 1 minute of inactivity start to be a mess when you have multiple session opened in parallel.
This can be avoid on the client side by configuring a keep-alive period on the client side. To activate a such keepalive, you just have to connect with the following command line:
ssh -o ServerAliveInterval=5 firstname.lastname@example.org
This will configure client to send a NULL packet every 5 seconds to keep the session opened.
If you try to access a remote database with nginx or httpd server, you will have a connection problem with error code (13) even if mysql/mariadb client works well in command line. The reason for that is a security limitation set by default not allowing httpd servers sur connect a remote DB.
To disable this limitation and make all work, just type in the command line :
# setsebool -P httpd_can_network_connect 1
You can list all the existing flags for httpd by using getsebool
# getsebool -a | grep httpd
In case you expect SELinux to be the cause of your problem, you can enable / disable it with the following functions
# setenforce 1 # setenforce 0
If you need to check what is the permission missing for SELinux you can run the audit
# tail -100 /var/log/audit/audit.log | audit2allow