炫意html5
最早CSS3和HTML5移动技术网站之一

解决 nginx 问题 [emerg] BIO_new_file failed (SSL: error:0200100D:system>

用命令启动 nginx 遇到错误,如下:

$ systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

根据提示,查看一下错误详情:

$ systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2021-06-25 10:52:50 UTC; 33s ago
Process: 16659 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 16658 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 nginx[16659]: nginx: [emerg] BIO_new_file("/etc/nginx/conf.d/ssl/awaimai.com.pem") failed (SSL: error:0200100D:system>
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 nginx[16659]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: nginx.service: Failed with result 'exit-code'.
Jun 25 10:52:50 centos-s-1vcpu-2gb-sgp1-01 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.

看起来像是 SSL 证书文件的问题,其实上不是,主要还是 Linux 安全策略的问题。

解决方法:关闭 selinux 防火墙,操作:

$ setenforce 0

然后在启动一次,就可以了。

如果再提示文件没权限,复制文件给 nginx 用户组就搞定了。

什么是 SELinux 呢?它是『 Security Enhanced Linux 』的缩写,安全强化的 Linux 的工具。

参考资料:

  • 第十七章、程序管理与 SELinux 初探
  • NGINX SSL certificate permission SSL error :0200100D:system

炫意HTML5 » 解决 nginx 问题 [emerg] BIO_new_file failed (SSL: error:0200100D:system>

Java基础教程Android基础教程