Pages

Friday, April 25, 2025

How to Configure Static IP Address Using nmcli in Linux

Configuring a static IP address is a common task for Linux administrators, especially when setting up servers or virtual machines that require consistent network settings. The nmcli command-line tool, part of NetworkManager, provides a powerful and scriptable way to manage network connections without a GUI. In this guide, we’ll walk through the essential nmcli commands to set a static IPv4 address, gateway, DNS, and disable IPv6 for a network interface.

Step-by-Step: Setting a Static IP Address with nmcli

Let’s assume your network interface is named ens33. Here’s how to configure it:

  1. Assign a Static IPv4 Address
    nmcli con mod ens33 ipv4.addresses "172.16.3.150/16"
    This sets the IP address to 172.16.3.150 with a subnet mask of 255.255.0.0 (CIDR /16).
  2. Set the Default Gateway
    nmcli con mod ens33 ipv4.gateway "172.16.0.1"
    This command configures the default gateway for outgoing traffic.
  3. Configure DNS Server
    nmcli con mod ens33 ipv4.dns "8.8.8.8"
    This sets Google’s DNS server for name resolution. You can add multiple DNS servers by separating them with a comma, e.g., "8.8.8.8,8.8.4.4".
  4. Disable IPv6 (Optional)
    nmcli con mod ens33 ipv6.method "disabled"
    If your environment does not use IPv6, disabling it can simplify network troubleshooting and improve security.
  5. Set IPv4 Method to Manual
    nmcli con mod ens33 ipv4.method manual
    This ensures that the interface uses manual (static) configuration instead of DHCP.

Applying the Changes

After making these changes, you need to bring the connection down and back up for the settings to take effect: 

  •  nmcli con down ens33 nmcli con up ens33

Example: Complete Static IP Setup Script

  • nmcli con mod ens33 ipv4.addresses "172.16.3.150/16" 
  • nmcli con mod ens33 ipv4.gateway "172.16.0.1" 
  • nmcli con mod ens33 ipv4.dns "8.8.8.8" 
  • nmcli con mod ens33 ipv6.method "disabled" 
  • nmcli con mod ens33 ipv4.method manual 
  • nmcli con down ens33 nmcli con up ens33

Additional Tips

  • Check Connection Name: Use nmcli con show to list all available connections and confirm your interface name (e.g., ens33).
  • Disable IPv6 for Other Connections: Replace ens33 with your actual interface name as needed.
  • Verify Configuration: After applying changes, use ip addr and nmcli dev show ens33 to verify your settings.

Summary Table: Key nmcli Commands

Command Description
nmcli con mod ens33 ipv4.addresses "IP/CIDR" Set static IP address and subnet
nmcli con mod ens33 ipv4.gateway "GATEWAY" Set default gateway
nmcli con mod ens33 ipv4.dns "DNS" Set DNS server(s)
nmcli con mod ens33 ipv6.method "disabled" Disable IPv6
nmcli con mod ens33 ipv4.method manual Set IPv4 configuration to manual
nmcli con down ens33 Deactivate the connection
nmcli con up ens33 Activate the connection

With these nmcli commands, you can quickly and reliably configure static IP settings on your Linux systems, making network management more efficient and consistent.

Posted by at No comments:
Labels: ,

Installing PHP 8.3 on RHEL-based Systems: A Step-by-Step Guide


PHP stands as a cornerstone of web development, a versatile scripting language and interpreter renowned for its open availability and prevalent use on Linux-based web servers. Keeping your PHP installation up-to-date is crucial for performance, security, and access to the latest features. This guide walks you through the process of installing PHP 8.3 on your Red Hat Enterprise Linux (RHEL) based system, leveraging the EPEL and REMI repositories for a streamlined experience.

Adding the EPEL and REMI Repositories

To gain access to a wider range of software packages, including the latest PHP versions, we'll add the Extra Packages for Enterprise Linux (EPEL) and the Remi Community Repository (REMI) to your system's package manager. Execute the following commands in your terminal:

Bash
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.2.rpm

Note: The dnf command is the package manager used in modern RHEL-based systems like CentOS, Fedora, and AlmaLinux. The -y flag automatically confirms the installation, so proceed with caution.

Installing Yum Utilities

The yum-utils package provides a collection of helpful utilities for managing your DNF repositories and packages. Install it using the following command:

Bash
sudo dnf -y install yum-utils

While the command mentions yum, it's often a symbolic link to dnf on newer systems, so this command works seamlessly.

Enabling the PHP 8.3 Remi Repository

The REMI repository offers more recent PHP versions than the default RHEL repositories. To enable the PHP 8.3 stream from REMI, you'll first need to reset any active PHP modules and then enable the specific PHP 8.3 module:

Bash
sudo dnf module reset php
sudo dnf module install php:remi-8.3

The dnf module reset php command ensures a clean slate by disabling any previously enabled PHP modules. Following this, dnf module install php:remi-8.3 activates the PHP 8.3 module provided by the REMI repository.

With these steps completed, your system is now configured to install PHP 8.3 and its associated packages from the REMI repository. You can now proceed to install PHP 8.3 and any extensions you require using the dnf install php php-<extension-name> command.

Posted by at No comments:
Labels: ,

Fixing “Permission Denied” Errors in Nginx Reverse Proxy Setups with SELinux

Running Nginx as a reverse proxy on a system with SELinux enabled can sometimes lead to frustrating errors like:

[crit] connect() to 172.16.5.32:32400 failed (13: Permission denied) while connecting to upstream, client: 172.16.0.1, server: rplex.adminz.in, request: "GET /web/index.html HTTP/2.0", upstream: "http://172.16.5.32:32400/web/index.html", host: "rplex.adminz.in:8443"

If you’re seeing this, SELinux is likely blocking Nginx from making outbound network connections to your upstream servers. Here’s how you can diagnose and fix the issue.

Understanding the Problem

When SELinux is in enforcing mode, it restricts what processes can do—even if you’re running as root. By default, Nginx (and other web servers running under the httpd_t SELinux context) cannot make arbitrary outbound network connections. This is a security feature, but it can block legitimate reverse proxy setups.

Typical log entries look like this:

[crit] connect() to <backend-ip>:<port> failed (13: Permission denied) while connecting to upstream, ...

Diagnosing SELinux Denials

To confirm SELinux is the culprit:

Check your Nginx error logs for “(13: Permission denied)” messages.

Inspect the SELinux audit logs:

sudo grep nginx /var/log/audit/audit.log | grep denied

If you see denials related to name_connect on a TCP socket, SELinux is blocking the connection.

The Solution: Allow Nginx Network Connections

SELinux controls network permissions for web servers using Boolean flags. The most relevant for Nginx reverse proxies is httpd_can_network_connect.

What does httpd_can_network_connect do?

Enabling this Boolean allows Nginx (and other httpd processes) to make outgoing network connections to any port.

This is required for Nginx to proxy requests to other backend servers, especially if they’re not on standard HTTP/HTTPS ports.

How to Enable It

Make the change persistent with:

setsebool -P httpd_can_network_connect true

The -P flag makes the change survive reboots.

After running this command, restart Nginx:

systemctl restart nginx

This should resolve the “permission denied” errors when connecting to upstream servers.

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)