在nginx/conf.d中增加一个配置文件,内容如下:
upstream mgr_server-sso{
server 127.0.0.1:6080;
}
add_header X-Frame-Options SAMEORIGIN;
server {
listen 8000 default_server;
server_name 127.0.0.1;
location / {
root /usr/local/services/Web;
index index.html index.htm;
try_files $uri $uri/ /index.html =404;
add_header Cache-Control no-store;
}
gzip on;
gzip_min_length 1k;
gzip_buffers 32 4k;
gzip_http_version 1.0;
gzip_comp_level 1;
gzip_proxied any;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /mgr {
proxy_pass http://mgr_server-sso/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
启动nginx,报错如下:
[root@localhost ~]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[root@localhost ~]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
根据提示执行命令 journalctl -xe 查看日志
[root@localhost ~]# journalctl -xe
-- Subject: Unit nginx.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit nginx.service has begun starting up.
Nov 15 10:23:59 localhost.localdomain nginx[82641]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 15 10:23:59 localhost.localdomain nginx[82641]: nginx: [emerg] bind() to 0.0.0.0:6000 failed (13: Permission denied)
Nov 15 10:23:59 localhost.localdomain nginx[82641]: nginx: configuration file /etc/nginx/nginx.conf test failed
Nov 15 10:23:59 localhost.localdomain systemd[1]: nginx.service: control process exited, code=exited status=1
Nov 15 10:23:59 localhost.localdomain systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
-- Subject: Unit nginx.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit nginx.service has failed.
--
-- The result is failed.
Nov 15 10:23:59 localhost.localdomain systemd[1]: Unit nginx.service entered failed state.
Nov 15 10:23:59 localhost.localdomain systemd[1]: nginx.service failed.
Nov 15 10:23:59 localhost.localdomain dbus[710]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 15 10:23:59 localhost.localdomain polkitd[731]: Unregistered Authentication Agent for unix-process:82631:9823970 (system bus name :1.527, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Nov 15 10:24:00 localhost.localdomain dbus[710]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 15 10:24:00 localhost.localdomain setroubleshoot[82647]: SELinux is preventing /usr/sbin/nginx from name_bind access on the tcp_socket port 6000. For complete SELinux messages run: sealert -l 30a4312e-b3ee-469f-ab78-710b1d2422d9
Nov 15 10:24:00 localhost.localdomain python[82647]: SELinux is preventing /usr/sbin/nginx from name_bind access on the tcp_socket port 6000.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that nginx should be allowed name_bind access on the port 6000 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'nginx' --raw | audit2allow -M my-nginx
# semodule -i my-nginx.pp
查看日志,并且日志给了解决方案,执行命令
sealert -l 30a4312e-b3ee-469f-ab78-710b1d2422d9
再次启动nginx成功!
如果遇到其它问题,可以执行命令 journalctl -xe 查看日志 ,一般日志中都会有对应的解决方案