1 现象
给nginx配置负载均衡后,使用/usr/sbin/nginx启动nginx的话,负载均衡有效;但是给nginx配置好了开机启动后,重启机器,nginx正常启动,但是负载均衡不生效了。kill了nginx进程,再使用/usr/sbin/nginx重新启动nginx,负载均衡又有效了。
(PS:本人nginx是centos7下yum安装的)
先查询状态systemctl status nginx
2 查找
2.1 查看selinux状态,看看是不是selinux限制了nginx。
输入命令
sestatus
查看到
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: disabled Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
2.2 查询selinux运行模式
输入命令
getenforce
查看到
Enforcing
3 解决
3.1 临时关闭selinux
setenforce 0
setenforce 0 #关闭 Selinux
setenforce 1 #开启 Selinux
3.2 永久关闭selinux,需要重启才能生效(本人没验证过)
编辑配置文件,SELINUX=enforcing 改成 SELINUX=disabled 。
vim /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
3.3 允许nginx白名单
依次输入以下三行命令
yum install policycoreutils-python cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx semodule -i mynginx.pp