1、selinux引起nginx启动失败

问题描述:

修改了nginx的配置文件,绑定了监听9089端口,重启nginx的时候失败了。发现报错“nginx: [emerg] bind() to 0.0.0.0:9089 failed (13: Permission denied)”:

[root@test101 nginx]# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

[root@test101 nginx]# systemctl status nginx.service
● nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 五 2018-07-20 09:27:01 CST; 8s ago
     Docs: http://nginx.org/en/docs/
  Process: 50264 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 50329 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
 Main PID: 50243 (code=exited, status=0/SUCCESS)

7月 20 09:27:01 test101 systemd[1]: Starting nginx - high performance web server...
7月 20 09:27:01 test101 nginx[50329]: nginx: [emerg] bind() to 0.0.0.0:9089 failed (13: Permission denied)
7月 20 09:27:01 test101 systemd[1]: nginx.service: control process exited, code=exited status=1
7月 20 09:27:01 test101 systemd[1]: Failed to start nginx - high performance web server.
7月 20 09:27:01 test101 systemd[1]: Unit nginx.service entered failed state.
7月 20 09:27:01 test101 systemd[1]: nginx.service failed.

解决方法:

发现是因为selinux状态是enforcing,关闭了selinux再启动nginx就好了

[root@test101 nginx]# vim /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing         #改成disabled就OK了
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

2、OPENSSL引起nginx启动失败

问题描述:

在部署深圳电信nginx的时候,启动失败了,报错说找不到OPENSSL_1.0.2:

[root@host-172-0-0-11 conf.d]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

查看报错原因,发现提示“version `OPENSSL_1.0.2' not found”:

[root@host-172-0-0-11 conf.d]# systemctl status nginx.service
â— nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2018-08-02 11:11:40 CST; 7s ago
     Docs: http://nginx.org/en/docs/
  Process: 18995 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)

Aug 02 11:11:40 host-172-51-121-11 systemd[1]: Starting nginx - high performance web server...
Aug 02 11:11:40 host-172-51-121-11 nginx[18995]: /usr/sbin/nginx: /lib64/libcrypto.so.10: version `OPENSSL_1.0.2' not found (required by /usr/sbin/nginx)
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: nginx.service: control process exited, code=exited status=1
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: Failed to start nginx - high performance web server.
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: Unit nginx.service entered failed state.
Aug 02 11:11:40 host-172-51-121-11 systemd[1]: nginx.service failed.

查看本机的openssl,发现本机的openssl确实与nginx要求的版本不符合

[root@host-172-51-121-11 conf.d]# rpm -qa openssl
openssl-1.0.1e-60.el7.x86_64
[root@host-172-0-0-11 conf.d]#

解决方法:

重新安装OPENSSL_1.0.2,然后启动nginx,成功

3、pid文件丢失,nginx起不来,页面无法访问

该问题见文章《一个因pid文件丢失,nginx的进程起不来,网站页面无法访问的故事》