SElinuxが原因でapacheが起動できない
はじめに
誰が構築したかもわからない設計書がないレガシーなサーバーを再起動したらhttpdが上がってこなくなった。
# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-09-18 18:18:12 JST; 3s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 10168 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 10166 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 10166 (code=exited, status=1/FAILURE)
Sep 18 18:18:12 hoge-server systemd[1]: Starting The Apache HTTP Server...
Sep 18 18:18:12 hoge-server httpd[10166]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00.harbor.conf:1
Sep 18 18:18:12 hoge-server httpd[10166]: AH00526: Syntax error on line 112 of /etc/httpd/conf.d/ssl.conf:
Sep 18 18:18:12 hoge-server httpd[10166]: SSLCertificateKeyFile: file '/etc/httpd/ssl/server.key' does not exist or is empty
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Sep 18 18:18:12 hoge-server kill[10168]: kill: cannot find process ""
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service: control process exited, code=exited status=1
Sep 18 18:18:12 hoge-server systemd[1]: Failed to start The Apache HTTP Server.
Sep 18 18:18:12 hoge-server systemd[1]: Unit httpd.service entered failed state.
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service failed.
エラーを調べる
とりあえず怒られ得てる箇所を確認
SSLCertificateKeyFile: file '/etc/httpd/ssl/server.key' does not exist or is empty
ファイルがいないと言われている。が、いる。
# ls -l /etc/httpd/ssl/server.key
-r--------. 1 root root 1679 Nov 14 2016 /etc/httpd/ssl/server.key
Syntax error on line 112 of /etc/httpd/conf.d/ssl.conf:
syntaxが違うと言われている。が、特に問題なさそう
ssl.conf
112 SSLCertificateKeyFile /etc/httpd/ssl/server.key
selinuxが原因だった
悪さしかしない人。っていうか永続で止めてなかったのか。。
selinuxを永続で止める
enforcingをdisabledにしてやって再起動すればok
/etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
再起動後、問題なく上がってきた
# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-09-18 18:48:04 JST; 1min 2s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 2639 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─2639 /usr/sbin/httpd -DFOREGROUND
├─2951 /usr/sbin/httpd -DFOREGROUND
├─2953 /usr/sbin/httpd -DFOREGROUND
├─2954 /usr/sbin/httpd -DFOREGROUND
├─2956 /usr/sbin/httpd -DFOREGROUND
└─2957 /usr/sbin/httpd -DFOREGROUND
Sep 18 18:48:03 hoge-server systemd[1]: Starting The Apache HTTP Server...
Sep 18 18:48:04 hoge-server httpd[2639]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00.harbor.conf:1
Sep 18 18:48:04 hoge-server httpd[2639]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::921b:eff:fe30:909d. Set the 'ServerName' directive globally to suppress this message
Sep 18 18:48:04 hoge-server systemd[1]: Started The Apache HTTP Server.
Author And Source
この問題について(SElinuxが原因でapacheが起動できない), 我々は、より多くの情報をここで見つけました https://qiita.com/infr_0329/items/8437bb14a45e8495a546著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .