CentOS System Administration

How To Open Port 80 on CentOS7

If you’re planning to host websites on CentOS 7, then you might install a web server software such as Apache or Nginx. A web server like Apache by default works on port 80. That is if you go to the IP address or hostname or domain name of your server from a web browser, then the web server should send you a web page. In a CentOS 7 server, many services like that should be installed. Like the web server works on port 80, a DNS server works on port 53, SSH server works on port 22, a MySQL server works on port 3306 and so on. But you don’t want others to connect to these services. If someone gains access to your SSH server, then he/she may be able to control your server, like stop some services, install some new services, change your password and many unexpected things can happen. That is why a firewall program is used to allow outsiders to connect to specific port and block others. For a web server, the port is 80.

In this article, I will show you how to open port 80 and block all the other ports on CentOS 7 with firewalld. Let’s get started.

Installing a Web Server

In this section, I will show you how to install a web server on CentOS 7. I included this section so that you can have a real life experience on what I am talking about.

The most widely used web server software is Apache. Apache is available on the official package repository of CentOS 7.

To install Apache web server, run the following command:

$ sudo yum install httpd

Press ‘y’ and then press <Enter> to continue.

Apache web server should be installed.

Now run the following command to check whether Apache HTTP server is running or not:

$ sudo systemctl status httpd

As you can see from the screenshot below, the Apache HTTP server is not running.

You can start Apache HTTP server with the following command:

$ sudo systemctl start httpd

You will want the Apache HTTP server to start automatically on system boot. You can add Apache HTTP server to the startup with the following command:

$ sudo systemctl enable httpd

Apache HTTP server is added to the startup.

Now open up a web browser and go to http://localhost

You should see the following page as shown in the screenshot below.

Checking for Open Ports with nmap

First check the IP address of your CentOS 7 server with the following command:

$ ip a

As you can see from the screenshot below, the IP address of my CentOS 7 server is 192.168.10.97

You can check for all the open ports with nmap utility from another computer as follows:

$ nmap -sT 192.168.10.97

As you can see, right now, only the port 22 is open. What we are interested in is opening only port 80 and closing others.

Opening Port 80 and Closing Others

First check all the allowed services with the following command:

$ sudo firewall-cmd --list-all

As you can see I have dhcpv6-client and ssh services allowed from outside. You may have more or less services allowed.

Now you have to disable them one by one.

You can remove the ssh service with the following command:

$ sudo firewall-cmd --remove-service=ssh --permanent

You can remove the dhcpv6-client service with the following command:

$ sudo firewall-cmd --remove-service=dhcpv6-client  --permanent

Now add HTTP service or port 80 with the following command:

$ sudo firewall-cmd --add-service=http --permanent

Once you’re done, restart firewalld with the following command:

$ sudo firewall-cmd --reload

Now if you check the firewalld services again:

$ sudo firewall-cmd --list-all

You should see only http service allowed as marked in the screenshot below.

Now you may do a port scan with nmap from another computer:

$ sudo nmap -sT 192.168.10.97

You should be able to see only port 80 open as shown in the screenshot below.

You can also test whether you can access the web server if you open up a browser and type in the web server’s IP address.

I can access the web server from a browser as you can see from the screenshot below.

So that’s how you open port 80 and block every other ports on CentOS 7. Thanks for reading this article.

About the author

Shahriar Shovon

Shahriar Shovon

Freelancer & Linux System Administrator. Also loves Web API development with Node.js and JavaScript. I was born in Bangladesh. I am currently studying Electronics and Communication Engineering at Khulna University of Engineering & Technology (KUET), one of the demanding public engineering universities of Bangladesh.