用命令启动 nginx 遇到错误,如下:
$ systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
根据提示,查看一下错误详情:
$ systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2021-06-25 10:52:50 UTC; 33s ago
Process: 16659 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 16658 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 nginx[16659]: nginx: [emerg] BIO_new_file("/etc/nginx/conf.d/ssl/awaimai.com.pem") failed (SSL: error:0200100D:system>
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 nginx[16659]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: nginx.service: Failed with result 'exit-code'.
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
看起来像是 SSL 证书文件的问题,其实上不是,主要还是 Linux 安全策略的问题。
解决方法:关闭 selinux 防火墙,操作:
$ setenforce 0
然后在启动一次,就可以了。
如果再提示文件没权限,复制文件给 nginx 用户组就搞定了。
什么是 SELinux 呢?它是『 Security Enhanced Linux 』的缩写,安全强化的 Linux 的工具。
参考资料: