解决 nginx 问题 [emerg] BIO_new_file failed (SSL: error:0200100D:system>

104 记录 发表评论

用命令启动 nginx 遇到错误,如下:

$ systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

根据提示,查看一下错误详情:

$ systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2021-06-25 10:52:50 UTC; 33s ago
  Process: 16659 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
  Process: 16658 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 nginx[16659]: nginx: [emerg] BIO_new_file("/etc/nginx/conf.d/ssl/awaimai.com.pem") failed (SSL: error:0200100D:system>
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 nginx[16659]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: nginx.service: Failed with result 'exit-code'.
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.

看起来像是 SSL 证书文件的问题,其实上不是,主要还是 Linux 安全策略的问题。

解决方法:关闭 selinux 防火墙,操作:

$ setenforce 0

然后在启动一次,就可以了。

如果再提示文件没权限,复制文件给 nginx 用户组就搞定了。

什么是 SELinux 呢?它是『 Security Enhanced Linux 』的缩写,安全强化的 Linux 的工具。

参考资料:

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

昵称 *