nginx设置开机启动后配置没生效 | selinux不限制nginx

1 现象

给nginx配置负载均衡后，使用/usr/sbin/nginx启动nginx的话，负载均衡有效；但是给nginx配置好了开机启动后，重启机器，nginx正常启动，但是负载均衡不生效了。kill了nginx进程，再使用/usr/sbin/nginx重新启动nginx，负载均衡又有效了。
（PS:本人nginx是centos7下yum安装的）

 

2 查找

2.1 查看selinux状态，看看是不是selinux限制了nginx。

输入命令

sestatus

查看到

SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

2.2 查询selinux运行模式

输入命令

getenforce

查看到

Enforcing

 

3 解决

3.1 临时关闭selinux

setenforce 0

setenforce 0 #关闭 Selinux
setenforce 1 #开启 Selinux

3.2 永久关闭selinux，需要重启才能生效（本人没验证过）

编辑配置文件，SELINUX=enforcing 改成 SELINUX=disabled 。

vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

3.3 允许nginx白名单

依次输入以下三行命令

yum install policycoreutils-python
cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
semodule -i mynginx.pp

 

参考：https://www.jianshu.com/p/491817981a32