今天在nginx配置upstream代理(四层负载均衡)重启nginx发现绑定端口失败
报错:提示端口绑定失败,权限不足
尝试将user模块改成root用户,重启nginx还是不行,并修改nginx相关目录权限为666,还是以前的报错。
[root@k8s-master2 nginx]# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[root@k8s-master2 nginx]# journalctl -u nginx
Dec 13 14:59:57 k8s-master2 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Dec 13 14:59:57 k8s-master2 nginx[10664]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Dec 13 14:59:57 k8s-master2 nginx[10664]: nginx: [emerg] bind() to 0.0.0.0:16443 failed (13: Permission denied)
Dec 13 14:59:57 k8s-master2 nginx[10664]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 13 14:59:57 k8s-master2 systemd[1]: nginx.service: control process exited, code=exited status=1
Dec 13 14:59:57 k8s-master2 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Dec 13 14:59:57 k8s-master2 systemd[1]: Unit nginx.service entered failed state.
Dec 13 14:59:57 k8s-master2 systemd[1]: nginx.service failed.
Dec 13 15:02:31 k8s-master2 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Dec 13 15:02:31 k8s-master2 nginx[10724]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Dec 13 15:02:31 k8s-master2 nginx[10724]: nginx: [emerg] bind() to 0.0.0.0:6445 failed (13: Permission denied)
Dec 13 15:02:31 k8s-master2 nginx[10724]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 13 15:02:31 k8s-master2 systemd[1]: nginx.service: control process exited, code=exited status=1
Dec 13 15:02:31 k8s-master2 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Dec 13 15:02:31 k8s-master2 systemd[1]: Unit nginx.service entered failed state.
Dec 13 15:02:31 k8s-master2 systemd[1]: nginx.service failed.
查看配置Nginx文件
[root@k8s-master2 nginx]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
stream {
log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.100.148:6443;
server 192.168.100.149:6443;
# Add more servers here if needed
}
server {
listen 6445;
proxy_pass k8s-apiserver;
# Add health check here if needed
}
}
配置文件无误,检查系统其他配置
发现selinux没有关闭,关闭selinux,并重启nginx,nginx运行正常!
[root@k8s-master2 nginx]# setenforce 0
[root@k8s-master2 nginx]# sed -i 's/^SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config
[root@k8s-master2 nginx]# systemctl restart nginx