memcache for php - 无法连接 [英] memcache for php - unable to connect

问题描述

我正在运行centos 6.使用apache处理php和nginx来处理脚本图像和css

我已经安装了 memcached 服务器.

PORT="11211"用户="内存缓存"MAXCONN="4096"缓存大小=512"选项=-l 127.0.0.1"

我也安装了 php 模块.

我创建了一个新的 php 文件

 $memcache = 新的内存缓存；$memcache->connect('127.0.0.1', 11211) or die ("Could not connect");

我检查了 memcached 状态，它正在运行.
我总是收到无法连接".
我尝试将值从127.0.0.1"更改为localhost" - 仍然无法正常工作.

$memcache = new Memcache();$memcache->addServer('127.0.0.1', 11211) 或死(无法连接")；var_dump($memcache->getExtendedStats());$memcache->set('key', 'hello world', false, 60);echo $memcache->get('key');//$memcache->connect('127.0.0.1', 11211) or die ("Could not connect");

输出

array(1) { ["127.0.0.1:11211"]=> bool(false) }

connect 和 addServer 有什么不同?哪种方法最好?
但我没有收到 Hello World

关于代码和这个问题的更多更新..

phpinfo 正在显示 memcached.
var_dump($memcache->get('key'));给

bool(false)

为什么我应该使用 addServer 而不是 connect?

关于代码的更多更新

$memcache = 新的内存缓存；$memcache->addServer('localhost', 11211);echo $memcache->getServerStatus('localhost', 11211);输出:1//$memcache->set('key', 'hello world') or die("failed to store data");输出:无法存储数据

更多细节

getsebool httpd_can_network_memcache

它返回关闭

它应该返回吗?

<前>注意:Memcache::connect(): Server 127.0.0.1 (tcp 11211, udp 0) failed with: Permission denied (13)

解决方案

正如评论中指出的那样，您似乎正在运行 Security-Enhanced Linux (SELinux)，它在内核级别增加了额外的安全层.根据我的经验和使用，我发现 SELinux 在某些服务周围添加了一个力场，因此它们无法访问系统上的特定资产.例如，如果我想从 /home/src/web 提供 html 内容，我必须告诉系统 httpd 服务可以访问 /home/中的内容src/web 路径.为此，我将发出以下命令:

$ ->setebool -P httpd_enable_homedirs 1

基本上，要允许服务之间的交叉通信，您必须通过策略允许此类访问，就像刺穿"防火墙以允许访问特定端口一样，除非使用 SELinux，您不会授予对端口的访问权限，而是您授予对系统或服务的另一部分的访问权限.对我们来说幸运的是，有几个内置策略我们可以使用上面的 setsebool 构造，而不是尝试定义我们自己的策略，这可能会很痛苦.有关 SELinux 的更完整说明，请查看 维基百科页面.

现在回答您的具体问题:

为什么我应该使用 addServer 而不是 connect?

addserver() 将允许您将多个 ip(或主机名)添加到假定存在缓存值的列表中，即内存缓存服务器池.而 connect() 将只允许您连接到单个指定的服务器.

getsebool httpd_can_network_memcache，它返回关闭，它应该返回吗?

是的，打开此特定设置似乎将允许您连接到启用 SELinux 的内存缓存服务器，但是在我的生产服务器上，我仍然将它设置为关闭，但设置如下:

$ ->setebool -P httpd_can_network_connect 1

我相信，这两种设置都可以实现目标，但是通过上述设置，如果您在另一台主机上有一个 memcache 服务器，httpd 仍然可以访问它.

这里有一篇不错的文章，关于针孔 SELinux 以允许 httpd 服务访问其他服务.

I m running centos 6. Using apache for handling php and nginx to handle scripts images and css

i have installed memcached server.

PORT="11211"
USER="memcached"
MAXCONN="4096"
CACHESIZE="512"
OPTIONS="-l 127.0.0.1"

i have also installed the module for php.

i created a new php file

 $memcache = new Memcache;
 $memcache->connect('127.0.0.1', 11211) or die ("Could not connect");

i checked the memcached status and it is running.
I am always getting "Could not connect".
I tried to change the value to 'localhost' from '127.0.0.1' - still not working.

$memcache = new Memcache();
$memcache->addServer('127.0.0.1', 11211) or die ("Could not connect");
var_dump($memcache->getExtendedStats());
$memcache->set('key', 'hello world', false, 60);
echo $memcache->get('key');
//$memcache->connect('127.0.0.1', 11211) or die ("Could not connect");

Output

array(1) { ["127.0.0.1:11211"]=> bool(false) }

What does connect and addServer do differently? Which is best way to do?
But i am not getting the Hello World

More updates on the code and on this problem..

phpinfo is showing memcached.
var_dump($memcache->get('key')); gives

bool(false)

why should i use addServer instead of connect?

More update on the code

$memcache = new Memcache;
$memcache->addServer('localhost', 11211);
echo $memcache->getServerStatus('localhost', 11211);
output : 1

//$memcache->set('key', 'hello world') or die("failed to store data");
output : failed to store data

few more details

getsebool httpd_can_network_memcache

it returns off

Should it return on?

Notice: Memcache::connect(): Server 127.0.0.1 (tcp 11211, udp 0) failed with: Permission denied (13)

解决方案

As flushed out in the comments, it appears you are running Security-Enhanced Linux (SELinux) which adds an extra layer of security at the kernel level. In my experience and usage, I found that SELinux adds a force field around certain services so that they cannot access particular assets on the system. For example, if I want to serve html content from /home/src/web, I have to tell the system that it is ok for the httpd service to access content in the /home/src/web path. To do this I would issue the following command:

$ -> setsebool -P httpd_enable_homedirs 1

Basically, to allow cross-communication between services, you have to allow such access via a policy, much like "pinholing" a firewall to allow access to a specific port, except with SELinux you are not granting access to a port, rather you are granting access to another part of the system, or service. Fortunately for us, there are several built in policies which we can use the above setsebool construct, rather than trying to define our own policies, which can be a pain. For a more complete explanation of SELinux check out the wikipedia page.

Now to answer your specific questions:

why should i use addServer instead of connect?

addserver() will allow you to add multiple ips (or hostnames) to a list from which it is assumed that cached values are present, i.e. a pool of memcache servers. Whereas the connect() will only allow you to connect to the single, specified server.

getsebool httpd_can_network_memcache, it returns off, Should it return on?

Yes, it appears that turning on this specific setting will allow you to connect to a memcache server, with SELinux enabled, however on my production servers I still have it set to off, but have the following set:

$ -> setsebool -P httpd_can_network_connect 1

I believe, that either setting will accomplish the objective, however with the above setting, if you have a memcache server on another host, httpd can still access it.

Here is a decent write-up on pinholing SELinux to allow httpd service access to other services.

这篇关于memcache for php - 无法连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！