由于SElinux的原因,Apache无法启动
首先
重启了一个不知道是谁构建的、没有设计文件的传统服务器后,httpd无法启动。
# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-09-18 18:18:12 JST; 3s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 10168 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 10166 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 10166 (code=exited, status=1/FAILURE)
Sep 18 18:18:12 hoge-server systemd[1]: Starting The Apache HTTP Server...
Sep 18 18:18:12 hoge-server httpd[10166]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00.harbor.conf:1
Sep 18 18:18:12 hoge-server httpd[10166]: AH00526: Syntax error on line 112 of /etc/httpd/conf.d/ssl.conf:
Sep 18 18:18:12 hoge-server httpd[10166]: SSLCertificateKeyFile: file '/etc/httpd/ssl/server.key' does not exist or is empty
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Sep 18 18:18:12 hoge-server kill[10168]: kill: cannot find process ""
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service: control process exited, code=exited status=1
Sep 18 18:18:12 hoge-server systemd[1]: Failed to start The Apache HTTP Server.
Sep 18 18:18:12 hoge-server systemd[1]: Unit httpd.service entered failed state.
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service failed.
检查错误
先确认一下可能会被责怪的地方。
SSLCertificateKeyFile: 文件’/etc/httpd/ssl/server.key’ 不存在或为空。
有人说文件不存在,但实际上是存在的。
# ls -l /etc/httpd/ssl/server.key
-r--------. 1 root root 1679 Nov 14 2016 /etc/httpd/ssl/server.key
/etc/httpd/conf.d/ssl.conf 文件的第112行存在语法错误。
被认为有不同的语法。但似乎没有特别的问题。
112 SSLCertificateKeyFile /etc/httpd/ssl/server.key
SELinux是导致问题的根源
这个人只会做坏事。或者说,他从来没有停止过长期做坏事。。
停止 SELinux 的持久化设置
如果将enforcing设置为disabled,然后重新启动,就可以了。
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
重新启动后,顺利启动了。
# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-09-18 18:48:04 JST; 1min 2s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 2639 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─2639 /usr/sbin/httpd -DFOREGROUND
├─2951 /usr/sbin/httpd -DFOREGROUND
├─2953 /usr/sbin/httpd -DFOREGROUND
├─2954 /usr/sbin/httpd -DFOREGROUND
├─2956 /usr/sbin/httpd -DFOREGROUND
└─2957 /usr/sbin/httpd -DFOREGROUND
Sep 18 18:48:03 hoge-server systemd[1]: Starting The Apache HTTP Server...
Sep 18 18:48:04 hoge-server httpd[2639]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00.harbor.conf:1
Sep 18 18:48:04 hoge-server httpd[2639]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::921b:eff:fe30:909d. Set the 'ServerName' directive globally to suppress this message
Sep 18 18:48:04 hoge-server systemd[1]: Started The Apache HTTP Server.
