由于SElinux的原因,Apache无法启动

首先

重启了一个不知道是谁构建的、没有设计文件的传统服务器后,httpd无法启动。

# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2019-09-18 18:18:12 JST; 3s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 10168 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 10166 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 10166 (code=exited, status=1/FAILURE)

Sep 18 18:18:12 hoge-server systemd[1]: Starting The Apache HTTP Server...
Sep 18 18:18:12 hoge-server httpd[10166]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00.harbor.conf:1
Sep 18 18:18:12 hoge-server httpd[10166]: AH00526: Syntax error on line 112 of /etc/httpd/conf.d/ssl.conf:
Sep 18 18:18:12 hoge-server httpd[10166]: SSLCertificateKeyFile: file '/etc/httpd/ssl/server.key' does not exist or is empty
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Sep 18 18:18:12 hoge-server kill[10168]: kill: cannot find process ""
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service: control process exited, code=exited status=1
Sep 18 18:18:12 hoge-server systemd[1]: Failed to start The Apache HTTP Server.
Sep 18 18:18:12 hoge-server systemd[1]: Unit httpd.service entered failed state.
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service failed.

检查错误

先确认一下可能会被责怪的地方。

SSLCertificateKeyFile: 文件’/etc/httpd/ssl/server.key’ 不存在或为空。

有人说文件不存在,但实际上是存在的。

# ls -l /etc/httpd/ssl/server.key
-r--------. 1 root root 1679 Nov 14  2016 /etc/httpd/ssl/server.key

/etc/httpd/conf.d/ssl.conf 文件的第112行存在语法错误。

被认为有不同的语法。但似乎没有特别的问题。

112 SSLCertificateKeyFile /etc/httpd/ssl/server.key

SELinux是导致问题的根源

这个人只会做坏事。或者说,他从来没有停止过长期做坏事。。

停止 SELinux 的持久化设置

如果将enforcing设置为disabled,然后重新启动,就可以了。

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

重新启动后,顺利启动了。

# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-09-18 18:48:04 JST; 1min 2s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 2639 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─2639 /usr/sbin/httpd -DFOREGROUND
           ├─2951 /usr/sbin/httpd -DFOREGROUND
           ├─2953 /usr/sbin/httpd -DFOREGROUND
           ├─2954 /usr/sbin/httpd -DFOREGROUND
           ├─2956 /usr/sbin/httpd -DFOREGROUND
           └─2957 /usr/sbin/httpd -DFOREGROUND

Sep 18 18:48:03 hoge-server systemd[1]: Starting The Apache HTTP Server...
Sep 18 18:48:04 hoge-server httpd[2639]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00.harbor.conf:1
Sep 18 18:48:04 hoge-server httpd[2639]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::921b:eff:fe30:909d. Set the 'ServerName' directive globally to suppress this message
Sep 18 18:48:04 hoge-server systemd[1]: Started The Apache HTTP Server.