How to SELinux allow Apache or PHP-FPM connect remote MySQL

If you have trouble apache or PHP-FPM can not connect to remote MySQSL server, example error on PDO connection on remote server like below

SQLSTATE[HY000] [2002] Permission denied

First you need to check is SELinux enabled with this command:

[root@serverdiary ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          disabled
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

Or you can see on /etc/selinux/config

SELINUX=enforcing

There are 3 options for SELinux:

1. enforcing – SELinux security policy is enforced.
2. permissive – SELinux prints warnings instead of enforcing.
3. disabled – No SELinux policy is loaded.

You can change to permissive, so SELinux only prints warnings instead of enforcing.

[root@serverdiary ~]# setenforce 0
[root@serverdiary ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          disabled
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

Or, if you still want to use option on SElinux config, apply this command as root and restart apache or php-fpm.

setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1

P option means permanent, so after reboot, this option still applied.