设置反向代理服务器后无法启动 Nginx

设置反向代理服务器后无法启动 Nginx

我正在尝试将我的 Nginx 设置为反向代理服务器。

我在同一台服务器上安装了 Jenkins 和 Nginx。我尝试通过端口 82 而不是端口 8080 访问 Jenkins。

为此,我到目前为止所做的是:

  1. 转到/etc/nginx/conf.d并创建一个新文件,例如:“forward_jenkins.conf”

  2. 的内容forward_jenkins.conf。(这是我在互联网上找到的随机片段。)

    server {
      listen 82;
      server_name foobar.net;
    
      location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
      }
    }
    
  3. 保存文件并启动 Nginx。

以下是我收到的错误:

[root@localhost conf.d]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

我也尝试了以下命令。

[root@localhost conf.d]# nginx -t -c /etc/nginx/conf.d/forward_jenkins.conf
nginx: [emerg] "server" directive is not allowed here in /etc/nginx/conf.d/forward_jenkins.conf:1
nginx: configuration file /etc/nginx/conf.d/forward_jenkins.conf test failed

我没有修改nginx.conf文件中的任何内容:

[root@localhost nginx]# cat nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

这是状态命令的输出。请帮我解决这个问题。

[root@localhost conf.d]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2017-12-11 20:41:37 IST; 6s ago
  Process: 2446 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
  Process: 2445 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

Dec 11 20:41:36 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
Dec 11 20:41:37 localhost.localdomain nginx[2446]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Dec 11 20:41:37 localhost.localdomain nginx[2446]: nginx: [emerg] bind() to 0.0.0.0:82 failed (13: Permission denied)
Dec 11 20:41:37 localhost.localdomain nginx[2446]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 11 20:41:37 localhost.localdomain systemd[1]: nginx.service: control process exited, code=exited status=1
Dec 11 20:41:37 localhost.localdomain systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Dec 11 20:41:37 localhost.localdomain systemd[1]: Unit nginx.service entered failed state.
Dec 11 20:41:37 localhost.localdomain systemd[1]: nginx.service failed.

答案1

现在,我正尝试开启 SELinux 来实现这一点。

我尝试了下面来自互联网的步骤。

yum install policycoreutils-python
semanage port -a -t http_port_t -p tcp 82
semanage port -l | grep ^http_port_t

[root@localhost nginx]# semanage port -l | grep ^http_port_t
http_port_t                    tcp      82, 80, 81, 443, 488, 8008, 8009, 8443, 9000

我可以看到端口 82 已成功添加。

但是,当我尝试从主机访问我的 Jenkins 服务器时http://192.168.5.129:82/,浏览器上出现以下错误。

502错误的网关

笔记:

我能够从http://192.168.5.129:8080/

我还可以通过以下方式访问 Nginxz Web 服务器:http://192.168.5.129:80

当我将其设置为 SELinux Permissive 时,我就可以通过端口 82 访问 Jenkins。

但我正在尝试使用 SELinux 来解决这个问题。


更新:通过输入以下命令解决。

setsebool -P httpd_can_network_connect 1

答案2

需要检查以下几点:防火墙是否允许您从端口 82 和 8080 进入?在没有 NginX 配置的情况下,是否可以从 8080 端口访问 Jenkins?

我要做的是删除您当前的 NginX 安装并从 NginX 官方存储库安装它。我假设您是从 epel-release 安装的,对吗?我不太喜欢那样,因为有时我也遇到过这样的事情。这样,您将获得另一个更简单的 nginx.conf 文件,没有任何服务器指令,因此不那么令人困惑。

我很确定你的配置很好,只是你的 nginx.conf 破坏了它。删除 nginx 并从 nginxs 官方存储库重新安装它可能会解决你的问题。但这是我的 nginx.conf,根据您的设置进行了一些修改:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}


http {
    server_tokens off;

    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip on;
    gzip_min_length 1100;
    gzip_buffers 4 32k;
    gzip_types text/plain application/x-javascript text/xml text/css;
    gzip_vary on;

    include /etc/nginx/conf.d/*.conf;
    #include /etc/nginx/sites-enabled/*.conf;
}

您可以尝试将其复制粘贴到您的 nginx.conf 文件中(确保始终创建文件的备份)。

答案3

似乎是 SELinux 模式的问题。

尝试了下面的方法并且有效。

1.通过运行 getenforce 检查当前的 SELinux 模式。如果显示为 Enforcing,则通过运行 setenforce 0 暂时将模式设置为 Permissive,然后查看您的应用程序是否正常工作。

相关内容