我正在Oracle Linux 9上配置一个新的Apache Web服务器(根据Oracle,与RedHat/CentOS相当)。httpd
的版本为2.4.51
,php
的版本为8.0.13
。但是,服务无法启动,并出现以下错误(journalctl -xeu
:
httpd.service: Failed with result 'exit-code'.
我查了一下,很多类似的错误都出现在配置文件中。但是apachectl configtest
返回了Syntax OK
,x1m7 n1给予没有输出。
所以我尝试注解掉http.conf
中的一些配置,在注解掉mod-security
相关行后,它抛出了新的错误消息:
httpd.service: Failed with result 'protocol'.
无法从journalctl
检索到其他有用的错误消息。
注解掉php
相关的行也没有帮助,另外,我发现要安装mod_security2
我还有几个其他的“模块”要安装,但是我从aap流下载了这个mod_security2
,为了确保问题不是来自这个模块,我安装了它的文档中所需的模块(除了libapr
和libapr-util because error occurs on building, the
rpmbuild cannot find
doxygen ',尽管我安装了它)。
-----更新----error_log
:
[core:notice] [pid 4944:tid 4944] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[suexec:notice] - - AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)AH00016: Configuration Failed
[core:notice] [pid 4963:tid 4963] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[suexec:notice] - - AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[-:error] - - SecServerSignature: original signature too short. Please set ServerTokens to Full.
[-:notice] - - ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/) configured.
[:notice] [pid 4963:tid 4963] ModSecurity: APR compiled version="1.7.0"; loaded version="1.7.0"
[:notice] [pid 4963:tid 4963] ModSecurity: PCRE compiled version="8.44 "; loaded version="8.44 2020-02-12"
[:notice] [pid 4963:tid 4963] ModSecurity: LUA compiled version="Lua 5.4"
[:notice] [pid 4963:tid 4963] ModSecurity: YAJL compiled version="2.1.0"
[:notice] [pid 4963:tid 4963] ModSecurity: LIBXML compiled version="2.9.12"
[-:notice] - - ModSecurity: Original server signature: Apache
[:notice] [pid 4963:tid 4963] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[lbmethod_heartbeat:notice] - - AH02282: No slotmem from mod_heartmonitor
[-:error] - - SecServerSignature: original signature too short. Please set ServerTokens to Full.
[core:notice] - - AH00094: Command line: 'httpd'
AH00016
似乎与ssl证书有关,所以我也附加了ssl的错误日志。ssl_error_log
:
[ssl:emerg] - - AH02562: Failed to configure certificate www.example.com:443:0 (with chain), check /etc/pki/tls/certs/example-wildcard.crt
[ssl:emerg] - - SSL Library Error: error:8000000D:system library::Permission denied (calling fopen(/etc/pki/tls/certs/example-wildcard.crt, r))
[ssl:emerg] - - SSL Library Error: error:10080002:BIO routines::system lib
[ssl:emerg] - - SSL Library Error: error:0A080002:SSL routines::system lib
我发现一个读取通配符证书的权限被拒绝错误,我注意到这是因为我的所有权错误。我将它更改为应有的权限644
。
顺便说一句,httpd -t
也返回Syntax OK
。现在我重新运行没有root权限的httpd -t
,返回文件权限错误(通过将所有权更改为apache
解决):
# sudo -u apache httpd -t
AH00526: Syntax error on line 39 of /etc/httpd/conf.d/mod_security.conf:
ModSecurity: Failed to open debug log file: /etc/httpd/logs/modsec_debug.log
奇怪的是,当我检查端口侦听器时,我看到:
$ sudo netstat -punta | grep LISTEN
tcp6 0 0 :::443 :::* LISTEN 4964/httpd
tcp6 0 0 :::80 :::* LISTEN 4964/httpd
httpd
启动失败时是否正在侦听?
1条答案
按热度按时间lb3vh1jj1#
可能SELinux拒绝访问,请检查:
恢复配置文件-vF/etc/pki/tls/证书/示例-通配符. crt