前言
今天突然发现alist挂掉打不开了,进机器查看原来是云服务商的物理主机挂掉了。等待服务器商恢复机器以后上去按照顺序启动服务过程中,使用systemctl start nginx启动到nginx忽然发现有如下报错:
[root@ ~]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
然后使用systemctl status nginx查看nginx状态和日志:
[root@ ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 三 2024-05-22 16:15:51 CST; 50s ago
Process: 822 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 814 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
5月 22 16:15:51 172-104-61-56 systemd[1]: Starting The nginx HTTP and reverse proxy server...
5月 22 16:15:51 172-104-61-56 nginx[822]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
5月 22 16:15:51 172-104-61-56 nginx[822]: nginx: [emerg] open() "/var/log/alist.log" failed (13: Permission denied)
5月 22 16:15:51 172-104-61-56 nginx[822]: nginx: configuration file /etc/nginx/nginx.conf test failed
5月 22 16:15:51 172-104-61-56 systemd[1]: nginx.service: control process exited, code=exited status=1
5月 22 16:15:51 172-104-61-56 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
5月 22 16:15:51 172-104-61-56 systemd[1]: Unit nginx.service entered failed state.
5月 22 16:15:51 172-104-61-56 systemd[1]: nginx.service failed.
发现open() "/var/log/alist.log" failed (13: Permission denied)这一错误。
初步排查
初步怀疑是权限问题 于是给前端目录最高权限 chmod -R 777 <前端目录> ,再次用systemctl restart nginx重启nginx还是报权限的错误
继续摸排
继续搜索资料发现 nginix默认用户是nobody与用户目录不一致可能会出现权限的错误,于是修改nginx.conf文件将#user nobody; 改为 user root; 例如:
user root;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
charset utf-8;
#access_log logs/host.access.log main;
location / {
root /root/www/; ## 设置的地方
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
}
然后执行systemctl restart nginx重启nginx,查看日志还是报错。是真给我搞崩溃了。。。。
最后各种查询资料在StackOverflow的一个回答下面发现是SELinux的原因,原文附上:Using NGINX and NGINX Plus with SELinux
解决办法
查看SELinux状态
[root@ ~]# getenforce
enforcing
#运行命令getenforce,验证SELinux状态。返回状态如果是enforcing,表明SELinux已开启。如上所示我的SELinux是开启的。
选择临时关闭或者是永久关闭SELinux
临时关闭SELinux
[root@ ~]# setenforce 0
永久关闭SELinux
运行以下命令编辑SELinux的config文件。
vim /etc/selinux/config
找到SELINUX=enforcing,按i进入编辑模式,将参数修改为SELINUX=disabled
修改完成后,按下键盘Esc键,执行命令:wq,保存并退出文件,重启服务器后即可生效。
或者选择保留SELinux设置并修改资源目录的安全上下文
执行 chcon -t httpd_sys_content_t -R <资源目录> 修改 安全上下文
例如: chcon -t httpd_sys_content_t -R /home/path/site
评论区