由于端口权限被拒绝，无法启动 nginx

我以前能够在 AWS EC2 上启动 nginx，但现在我得到了bind() to 0.0.0.0:3008 failed (13: Permission denied)。当 nginx 响应配置调用 bind() 时，就会发生这种listen 3008 default_server情况/etc/nginx/nginx.conf。

我寻找的可能原因是 AWS 阻止了端口 3008、该端口正在使用中或运行该服务的用户权限不足。

以下两个相关问题的答案都归结为第二或第三种可能性：

https://stackoverflow.com/questions/48478869/cannot-bind-to-some-ports-due-to-permission-denied https://stackoverflow.com/questions/39586692/nginx-error-bind-to-0-0-0-080-failed-permission-denied

对于三个可能原因中的第一个，我通过删除除默认安全组（允许所有流量）之外的所有安全组来检查 AWS 是否阻止了端口 3008。此安全组的入站规则允许端口 3008 上的传入 TCP 流量：

HTTP            TCP 80  0.0.0.0/0
HTTP            TCP 80  ::/0
SSH             TCP 22  0.0.0.0/0
SSH             TCP 22  ::/0
Custom TCP Rule TCP 3000 - 3030 0.0.0.0/0
Custom TCP Rule TCP 3000 - 3030 ::/0
HTTPS           TCP 443 0.0.0.0/0
HTTPS           TCP 443 ::/0
All ICMP - IPv4 All N/A 0.0.0.0/0
All ICMP - IPv4 All N/A ::/0
Custom TCP Rule TCP 8080 - 8084 0.0.0.0/0
Custom TCP Rule TCP 8080 - 8084 ::/0

为了检查端口 3008 是否正在使用，我运行了$ sudo netstat -anp | grep 3008，但没有任何输出。

为了确保权限足够，我在服务文件中添加了User=root和，在服务文件上运行以验证其用户和组是否已经是 root，然后使用 sudo 运行。以下以命令和输出形式提供的详细信息应该可以回答有关上述内容以及发生此问题的整体环境的任何常规问题。提前感谢任何建议。Group=rootls -lsystemctl start

操作系统：

$ uname -a
Linux ip-172-31-40-184.ec2.internal 3.10.0-957.12.1.el7.x86_64 #1 SMP Wed Mar 20 11:34:37 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

尝试启动 nginx：

$ sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

检查nginx的状态：

$ sudo systemctl status nginx
â— nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since mié 2019-09-04 13:59:24 UTC; 32s ago
     Docs: http://nginx.org/en/docs/
  Process: 24450 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)

sep 04 13:59:24 ip-172-31-40-184.ec2.internal systemd[1]: Failed to start nginx - high performance web server.
sep 04 13:59:24 ip-172-31-40-184.ec2.internal systemd[1]: nginx.service failed.

nginx 记录的错误（通过重新启动已修复端口 80 错误）：

$ tail /var/log/nginx/error.log
2019/09/03 19:58:09 [emerg] 17319#17319: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/03 19:58:59 [emerg] 17381#17381: bind() to 0.0.0.0:80 failed (98: Address already in use)
2019/09/03 19:58:59 [emerg] 17381#17381: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/03 21:18:17 [alert] 7491#7491: unlink() "/var/run/nginx.pid" failed (2: No such file or directory)
2019/09/03 21:25:32 [emerg] 11207#11207: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/03 22:30:21 [emerg] 16333#16333: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/03 22:50:51 [emerg] 15980#15980: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/04 01:31:57 [emerg] 9819#9819: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/04 01:32:07 [emerg] 10095#10095: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/04 01:32:12 [emerg] 10264#10264: bind() to 0.0.0.0:3008 failed (13: Permission denied)

nginx 服务文件（手动添加用户和组）：

$ ls -l /usr/lib/systemd/system/nginx.service 
-rw-r--r--. 1 root root 420 sep  3 22:50 /usr/lib/systemd/system/nginx.service

$ cat /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
User=root
Group=root
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

nginx 的配置（包括 /etc/nginx/conf.d/default.conf，其中指定）：

$ cat /etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen 3008 default_server;
        root /home/ec2-user/webapp/debug/build;
        server_name search-demo.net;
        index index.html index.htm;
        location / {
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/search-demo.net-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/search-demo.net-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
}

除下面显示的第一部分外，包含的默认 nginx 配置已被注释掉：

$ cat /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
...
}