SElinuxが原因でapacheが起動できない


はじめに

誰が構築したかもわからない設計書がないレガシーなサーバーを再起動したらhttpdが上がってこなくなった。

# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2019-09-18 18:18:12 JST; 3s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 10168 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 10166 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 10166 (code=exited, status=1/FAILURE)

Sep 18 18:18:12 hoge-server systemd[1]: Starting The Apache HTTP Server...
Sep 18 18:18:12 hoge-server httpd[10166]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00.harbor.conf:1
Sep 18 18:18:12 hoge-server httpd[10166]: AH00526: Syntax error on line 112 of /etc/httpd/conf.d/ssl.conf:
Sep 18 18:18:12 hoge-server httpd[10166]: SSLCertificateKeyFile: file '/etc/httpd/ssl/server.key' does not exist or is empty
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Sep 18 18:18:12 hoge-server kill[10168]: kill: cannot find process ""
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service: control process exited, code=exited status=1
Sep 18 18:18:12 hoge-server systemd[1]: Failed to start The Apache HTTP Server.
Sep 18 18:18:12 hoge-server systemd[1]: Unit httpd.service entered failed state.
Sep 18 18:18:12 hoge-server systemd[1]: httpd.service failed.

エラーを調べる

とりあえず怒られ得てる箇所を確認

SSLCertificateKeyFile: file '/etc/httpd/ssl/server.key' does not exist or is empty

ファイルがいないと言われている。が、いる。

# ls -l /etc/httpd/ssl/server.key
-r--------. 1 root root 1679 Nov 14  2016 /etc/httpd/ssl/server.key

Syntax error on line 112 of /etc/httpd/conf.d/ssl.conf:

syntaxが違うと言われている。が、特に問題なさそう

ssl.conf
112 SSLCertificateKeyFile /etc/httpd/ssl/server.key

selinuxが原因だった

悪さしかしない人。っていうか永続で止めてなかったのか。。

selinuxを永続で止める

enforcingdisabledにしてやって再起動すればok

/etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

再起動後、問題なく上がってきた

# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-09-18 18:48:04 JST; 1min 2s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 2639 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─2639 /usr/sbin/httpd -DFOREGROUND
           ├─2951 /usr/sbin/httpd -DFOREGROUND
           ├─2953 /usr/sbin/httpd -DFOREGROUND
           ├─2954 /usr/sbin/httpd -DFOREGROUND
           ├─2956 /usr/sbin/httpd -DFOREGROUND
           └─2957 /usr/sbin/httpd -DFOREGROUND

Sep 18 18:48:03 hoge-server systemd[1]: Starting The Apache HTTP Server...
Sep 18 18:48:04 hoge-server httpd[2639]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00.harbor.conf:1
Sep 18 18:48:04 hoge-server httpd[2639]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::921b:eff:fe30:909d. Set the 'ServerName' directive globally to suppress this message
Sep 18 18:48:04 hoge-server systemd[1]: Started The Apache HTTP Server.