1 現象
給nginx配置負載均衡後,使用/usr/sbin/nginx啓動nginx的話,負載均衡有效;但是給nginx配置好了開機啓動後,重啓機器,nginx正常啓動,但是負載均衡不生效了。kill了nginx進程,再使用/usr/sbin/nginx重新啓動nginx,負載均衡又有效了。
(PS:本人nginx是centos7下yum安裝的)
先查詢狀態systemctl status nginx
2 查找
2.1 查看selinux狀態,看看是不是selinux限制了nginx。
輸入命令
sestatus
查看到
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: disabled Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
2.2 查詢selinux運行模式
輸入命令
getenforce
查看到
Enforcing
3 解決
3.1 臨時關閉selinux
setenforce 0
setenforce 0 #關閉 Selinux
setenforce 1 #開啓 Selinux
3.2 永久關閉selinux,需要重啓才能生效(本人沒驗證過)
編輯配置文件,SELINUX=enforcing 改成 SELINUX=disabled 。
vim /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
3.3 允許nginx白名單
依次輸入以下三行命令
yum install policycoreutils-python cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx semodule -i mynginx.pp