1、selinux引起nginx啓動失敗
問題描述:
修改了nginx的配置文件,綁定了監聽9089端口,重啓nginx的時候失敗了。發現報錯“nginx: [emerg] bind() to 0.0.0.0:9089 failed (13: Permission denied)”:
[root@test101 nginx]# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[root@test101 nginx]# systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 五 2018-07-20 09:27:01 CST; 8s ago
Docs: http://nginx.org/en/docs/
Process: 50264 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 50329 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
Main PID: 50243 (code=exited, status=0/SUCCESS)
7月 20 09:27:01 test101 systemd[1]: Starting nginx - high performance web server...
7月 20 09:27:01 test101 nginx[50329]: nginx: [emerg] bind() to 0.0.0.0:9089 failed (13: Permission denied)
7月 20 09:27:01 test101 systemd[1]: nginx.service: control process exited, code=exited status=1
7月 20 09:27:01 test101 systemd[1]: Failed to start nginx - high performance web server.
7月 20 09:27:01 test101 systemd[1]: Unit nginx.service entered failed state.
7月 20 09:27:01 test101 systemd[1]: nginx.service failed.
解決方法:
發現是因爲selinux狀態是enforcing,關閉了selinux再啓動nginx就好了
[root@test101 nginx]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing #改成disabled就OK了
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
2、OPENSSL引起nginx啓動失敗
問題描述:
在部署深圳電信nginx的時候,啓動失敗了,報錯說找不到OPENSSL_1.0.2:
[root@host-172-0-0-11 conf.d]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
查看報錯原因,發現提示“version `OPENSSL_1.0.2' not found”:
[root@host-172-0-0-11 conf.d]# systemctl status nginx.service
â— nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2018-08-02 11:11:40 CST; 7s ago
Docs: http://nginx.org/en/docs/
Process: 18995 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: Starting nginx - high performance web server...
Aug 02 11:11:40 host-172-51-121-11 nginx[18995]: /usr/sbin/nginx: /lib64/libcrypto.so.10: version `OPENSSL_1.0.2' not found (required by /usr/sbin/nginx)
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: nginx.service: control process exited, code=exited status=1
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: Failed to start nginx - high performance web server.
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: Unit nginx.service entered failed state.
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: nginx.service failed.
查看本機的openssl,發現本機的openssl確實與nginx要求的版本不符合
[root@host-172-51-121-11 conf.d]# rpm -qa openssl
openssl-1.0.1e-60.el7.x86_64
[root@host-172-0-0-11 conf.d]#
解決方法:
重新安裝OPENSSL_1.0.2,然後啓動nginx,成功