CentOS SELinux configuration for cryoSPARC

If you are running cryoSPARC on CentOS, you may run into an issue where the default CentOS firewall settings will not allow remote access to the cryoSPARC UI that runs at port 38000.

To get around this issue, one user reported that the following command opens the port correctly:

semanage port -a -t http_port_t -p tcp 38000

Please reply in this thread if you find another way to solve the problem or if this works for you.

That’s not the firewall, but PITA SELinux. The problem is unless you are running from desktop linux, you don’t see the SELinux violation alerts so it’s easier to get stumped as to why things aren’t working.

I almost always end up configuring my CentOS systems by setting /etc/selinux/config to permissive or disabled.

If you must leave SELinux on, then the easiest thing to do is step through all the alerts and allow them using:

sealert -a /var/log/audit/audit.log

Ah, thanks for the clarification Craig, very useful to know.


I’m running Redhat 7 and had to use the following commands to open port 38000 in the firewall:

firewall-cmd --permanent --add-port=38000/tcp
firewall-cmd --reload
firewall-cmd --list-ports

38000/tcp should be listed

Hope this helps


Same problem for me.
Tried everything, but still localhost doesn’t work.

Any clue?


I do have the same issue as well. SELinux is disabled and the port is opened I still dont get the interface in the borwser

Hi @marcol, @david.haselbach,

One thing that’s worked for other users is to try and access the url:
instead. It’s unclear why this should make any difference but it has worked. This would only work if you are at the desktop of the machine running cryoSPARC. For access from other machines, you need to have the hostname of the machine running cryosparc instead of localhost or

To verify that your network allows the connection you can also try to ping the cryosparc host, or you can
curl -v http://<cryosparc-host-name>:38000


The localhost alias is defined in the first line of /etc/hosts. Perhaps some people have incorrect hosts files.

head -1 /etc/hosts hostname localhost localhost.localdomain localhost4 localhost4.localdomain4

By the way, to access cryosparc locally or over a SSH tunnel on CentOS, no additional configuration is required. To access remotely, you need only open that one port (38000 by default). I always leave SELinux set to enforcing.

Any actual SELinux policy violations will be reported in the system journal, along with one-time instructions to permit that action. Typically these are useful to guide you to the correct generally policy change, but again, there’s no SELinux configuration required for cryosparc.

I also have cryosparc run under its own user, and all cryosparc associated directories have SELinux type user_home_t.

It still doesn’t work unfortunately neither remotely nor locally. It doesn’t work with the ip either, the hosts file is correct and completely identical to yours and I have installed cryosparc in my own user. SELinux is even disabled.

cryosparc status output?

I’m posting here since this is the thread that is referenced in the install guide. I’m happy to move this post to a different thread if needed.

I had an issue with CentOS 7.4, I could not connect through my browser after starting cryoSPARC. I made the edits to the SELinux as suggested but this didn’t help. When I checked cryosparc status, I noticed that the webapp wasn’t running. When looking at the reference files for webapp, it is noted that node.js 4.4.7 is required. I installed this and was able to launch the interface. I hope that helps anyone still struggling with CentOS.

I’ve had the ~same problem. And opening the port did not help. Solved (at least in case of RedHat / CentOS 6) by linking to a newer libstdc++ library:

Hi all, thanks for posting the solutions to this issue - indeed cryosparc v0.6.5 was not designed to be run on CentOS 6 (it was built and tested on Ubuntu 14 and doesn’t generally work out of the box on anything older)
CryoSPARC v2 however is specifically built on CentOS 6 and works on anything equal or more recent than that, usually without any system configuration.