我在 CentOS 7 服务器上安装了 httpd,但systemctl start httpd.service失败了。
为了httpd在 CentOS 7 上正确启动,需要输入哪些特定的命令序列?
错误信息
从底部完整结果中提取的精确错误消息如下:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain.
Set the 'ServerName' directive globally to suppress this message
另外,根据 @DopeGhoti 的建议,日志的内容是:
[root@localhost ~]# vi /var/log/httpd/error_log
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
如何
httpd安装:1.) 安装 Apache:
sudo yum -y install httpd
2.) 启用 Apache 作为 CentOS 服务,以便它在重新启动时自动重新启动:
sudo systemctl enable httpd.service
3.) 配置Firewalld
sudo firewall-cmd --zone=public --add-service=http
sudo firewall-cmd --list-all
sudo firewall-cmd --zone=public --permanent --add-service=http
4.) 为服务器命名:
vi /etc/httpd/conf/httpd.conf
//Uncomment the ServerName line and give it the IP of the machine:
ServerName 192.168.1.5:80
错误信息:
httpd使用上述命令安装后,httpd无法启动,如下:
[root@localhost ~]# systemctl start httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@localhost ~]# systemctl status httpd.service -l
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2017-06-06 11:31:32 PDT; 15min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 32268 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 32267 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 32267 (code=exited, status=1/FAILURE)
Jun 06 11:31:32 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Jun 06 11:31:32 localhost.localdomain httpd[32267]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Jun 06 11:31:32 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jun 06 11:31:32 localhost.localdomain kill[32268]: kill: cannot find process ""
Jun 06 11:31:32 localhost.localdomain systemd[1]: httpd.service: control process exited, code=exited status=1
Jun 06 11:31:32 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
Jun 06 11:31:32 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
Jun 06 11:31:32 localhost.localdomain systemd[1]: httpd.service failed.
[root@localhost ~]# systemctl status httpd.service -l
[root@localhost ~]# vi /var/log/httpd/error_log
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
~
"/var/log/httpd/error_log" 10L, 675C
@JeffSchaller的建议
在 @JeffSchaller 建议考虑 SELinux 后,我发现setenforce 0以 root 身份输入会导致以下结果:
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[root@localhost ~]# setenforce 0
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[root@localhost ~]# systemctl start httpd.service -l
[root@localhost ~]# systemctl status httpd.service -l
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-06-06 12:28:38 PDT; 22s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 32577 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Main PID: 32690 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─32690 /usr/sbin/httpd -DFOREGROUND
├─32691 /usr/sbin/httpd -DFOREGROUND
├─32692 /usr/sbin/httpd -DFOREGROUND
├─32693 /usr/sbin/httpd -DFOREGROUND
├─32694 /usr/sbin/httpd -DFOREGROUND
└─32695 /usr/sbin/httpd -DFOREGROUND
Jun 06 12:28:38 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Jun 06 12:28:38 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
[root@localhost ~]#
答案1
Apache 无法启动,错误提示
(13)权限被拒绝:AH00091:httpd:无法打开错误日志文件/var/www/mytestdeployment/error.log。
AH00015:无法打开日志
由于 SELinux 处于强制模式,因此它阻止 Apache 写入非标准日志目录。为了保持丹·沃尔什哭泣和医学代码富有成效,我们可以将 httpd_log_t 策略应用于该目录:
semanage fcontext -a -t httpd_log_t "/var/www/mytestdeployment(/.*)?"
restorecon -Rv /var/www/mytestdeployment
并确认:
ls -lZ /var/www/mytestdeployment
如果您没有 semanage 实用程序,可以使用以下命令安装它:
yum install policycoreutils-python
答案2
从您的错误日志中,我们看到以下情况:
(13)Permission denied: AH00091: httpd: could not open error log file /var/www/mytestdeployment/error.log.
AH00015: Unable to open logs
对我来说,这意味着您尝试写入日志的目录/var/www/mytestdeployment不存在。
运行sudo mkdir -p /var/www/mytestdeployment并尝试再次启动该服务。
如果该目录已经存在,则其权限集将阻止写入;检查该目录的权限以确保 apache 可以在其中写入日志。
我建议,尽管更改您的配置以将日志写入/var/log/httpd/.
答案3
正如我从您之前的屏幕截图中看到的那样,当您禁用 selinux 时,一切都会顺利进行。因此,请确保您创建的每个新文件都具有正确的 selinux 上下文。