我登录到RedHat 7.2服务器。 sudo 到 root。在ngixx.conf文件(1.11.7)中,我添加了一个 UDP 流条目,用于将反向代理端口转发到另一台服务器:
stream { server { listen 82 udp; proxy_pass xyz:16700; } }
语法检查通过:
# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
重启服务器失败:
# service nginx restart
日记日志:
Dec 20 04:46:23 esp-ss960-1-lnx-vm systemd[1]: Starting nginx - high performance web server...
Dec 20 04:46:23 esp-ss960-1-lnx-vm nginx[64702]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Dec 20 04:46:23 esp-ss960-1-lnx-vm nginx[64702]: nginx: [emerg] bind() to 0.0.0.0:82 failed (13: Permission denied)
Dec 20 04:46:23 esp-ss960-1-lnx-vm nginx[64702]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 20 04:46:23 esp-ss960-1-lnx-vm systemd[1]: nginx.service: control process exited, code=exited status=1
Dec 20 04:46:23 esp-ss960-1-lnx-vm systemd[1]: Failed to start nginx - high performance web server.
Dec 20 04:46:23 esp-ss960-1-lnx-vm systemd[1]: Unit nginx.service entered failed state.
Dec 20 04:46:23 esp-ss960-1-lnx-vm systemd[1]: nginx.service failed.
++++++++++++++++++++++++++++++++++++++++++
Dec 20 16:22:37 esp-ss960-1-lnx-vm polkitd[543]: Registered Authentication Agent for unix-process:20990:12402078 (system bus name :1.596 [/usr/bin/pkttyagent --notif
Dec 20 16:22:37 esp-ss960-1-lnx-vm systemd[1]: Starting nginx - high performance web server...
-- Subject: Unit nginx.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit nginx.service has begun starting up.
Dec 20 16:22:38 esp-ss960-1-lnx-vm nginx[21007]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Dec 20 16:22:38 esp-ss960-1-lnx-vm nginx[21007]: nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied)
Dec 20 16:22:38 esp-ss960-1-lnx-vm nginx[21007]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 20 16:22:38 esp-ss960-1-lnx-vm systemd[1]: nginx.service: control process exited, code=exited status=1
Dec 20 16:22:38 esp-ss960-1-lnx-vm systemd[1]: Failed to start nginx - high performance web server.
-- Subject: Unit nginx.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit nginx.service has failed.
--
-- The result is failed.
Dec 20 16:22:38 esp-ss960-1-lnx-vm systemd[1]: Unit nginx.service entered failed state.
Dec 20 16:22:38 esp-ss960-1-lnx-vm systemd[1]: nginx.service failed.
Dec 20 16:22:38 esp-ss960-1-lnx-vm polkitd[543]: Unregistered Authentication Agent for unix-process:20990:12402078 (system bus name :1.596, object path /org/freedesk
这里可能有什么问题?谢谢
答案1
SELinux 很可能阻止 nginx 使用新的端口配置启动。您可以通过暂时禁用 SELinuxsetenforce 0并尝试重新启动 nginx 来验证这一点。您可以通过命令检查SELinux是否启用geteneforce。
如果是 SELinux 阻止了 nginx 启动,那么审核日志可能会有一些与此事件相关的条目。基于这些日志条目也许能够为 SElinux 生成正确的规则。这是红帽的一篇好文章允许访问:audit2allow。
当然你可以完全禁用SELinux。这可以通过编辑文件来完成/etc/selinux/config。
答案2
与完全禁用 SELinux 相比,更合适的方法是允许 nginx 利用 SELinux 实现其目的。
setsebool -P httpd_can_network_connect 1
做这项工作。
编辑 - 正确的 SELinux 变量是 httpd_can_network_connect 不是 http_can_network_connect