linux httpd 启动错误问题解决

本文引用地址: http://free.yes81.net/yes81/view-11396.html

搭建了无数lamp环境今天碰到了新问题，apache说文件不存在，可是文件明明存在，又可以涨知识了。

错误信息：

[root@xxx ~]# service httpd restart

Stopping httpd: [FAILED]

Starting httpd: Warning: DocumentRoot [/home/martin] does not exist[ OK ]

原来以为是权限问题，可以修改了权限之后发现还是找不到文件,真是郁闷。

后来经过打开apache错误日志后才知道。

[root@xxx httpd]# tail -f logs/error_log

[Mon May 09 10:46:40 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[Mon May 09 10:46:40 2011] [notice] Digest: generating secret for digest authentication …

[Mon May 09 10:46:40 2011] [notice] Digest: done

[Mon May 09 10:46:40 2011] [notice] Apache/2.2.3 (CentOS) configured
— resuming normal operations

[Mon May 09 10:48:15 2011] [notice] caught SIGTERM, shutting down

[Mon May 09 10:49:29 2011] [notice] SELinux policy
enabled; httpd running as context root:system_r:httpd_t:s0

[Mon May 09 10:49:29 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[Mon May 09 10:49:29 2011] [notice] Digest: generating secret for digest authentication …

[Mon May 09 10:49:29 2011] [notice] Digest: done

[Mon May 09 10:49:30 2011] [notice] Apache/2.2.3 (CentOS) configured — resuming normal operations

[Mon May 09 10:53:53 2011] [notice] caught SIGTERM, shutting down

[Mon May 09 10:53:53 2011] [notice] SELinux policy enabled; httpd running as context root:system_r:httpd_t:s0

[Mon May 09 10:53:53 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[Mon May 09 10:53:53 2011] [notice] Digest: generating secret for digest authentication …

[Mon May 09 10:53:53 2011] [notice] Digest: done

[Mon May 09 10:53:53 2011] [notice] Apache/2.2.3 (CentOS) configured — resuming normal operations
其实这是因为这些系统里激活了SELinux，而用户的apache配置与SELinux的配置策略有抵触产生的，需要设置SELinux文件属性。

可以通过 ls -Z /dir来查看SELinux策略属性

exp:
[root@xxx ~]# ls -Z /root/

-rw——- root root system_u:object_r:user_home_t anaconda-ks.cfg

-rw-r–r– root root root:object_r:user_home_t install.log

-rw-r–r– root root root:object_r:user_home_t install.log.syslog

其中的“user_home_t”就是SELinux策略属性，而需要httpd能访问必须要是“httpd_user_content_t”属性。

执行一下命令修改你的目录属性

chcon -R -t httpd_user_content_t /dir/ #将/dir目录下所有文件属性设置成 “httpd_user_content_t”

接下来重启httpd

[root@xxx httpd]# service httpd restart

Stopping httpd: [ OK ]

Starting httpd: [ OK ]

大功告成。

得到一个结论，一般碰到莫名其妙的问题一定要先看错误日志，linux下大部分软件都有自己的日志，这样定位起来问题才会不花冤枉时间。
当然也可以去禁止掉SELinux。

/usr/sbin/setenforce 0 立刻关闭 SELINUX

/usr/sbin/setenforce 1 立刻启用 SELINUX

linux iptables导致httpd网页打不开

转自：/article/4363794.html

问题：httpd 服务已启动，80端口已开，但是网页就是打不开，重启服务器还是不行

忽然想看看log，记录如下：

[Fri Jul 15 00:41:03 2011] [notice] SELinux policy enabled; httpd running as context root:system_r:httpd_t:s0

[Fri Jul 15 00:41:03 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[Fri Jul 15 00:41:03 2011] [notice] Digest: generating secret for digest authentication ...

[Fri Jul 15 00:41:03 2011] [notice] Digest: done

[Fri Jul 15 00:41:03 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations

看到 suexec，明白了，果断iptables -L ,结果如下：

ACCEPT all -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere icmp any

ACCEPT esp -- anywhere anywhere

ACCEPT ah -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere anywhere udp dpt:ipp

ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

全部干掉，iptables -F ，再打开网页，显示正常

本文出自 “star&storage” 博客，请务必保留此出处/article/4363794.html

SELinux httpd处理

转自：http://blog.sina.com.cn/s/blog_6fb822fa0100n65y.html

SELinux开启后httpd启动不了。

[Thu Nov 08 21:56:40 2007] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0

[Thu Nov 08 21:56:40 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[Thu Nov 08 21:56:40 2007] [notice] Digest: generating secret for digest authentication ...

[Thu Nov 08 21:56:40 2007] [notice] Digest: done

less /var/log/httpd/error_log

[Fri Nov 09 08:40:01 2007] [notice] SELinux policy enabled; httpd running as con

text system_u:system_r:httpd_t:s0

[root@readfor contexts]# cat customizable_types

cvs_data_t

httpd_sys_content_t

httpd_sys_htaccess_t

httpd_sys_script_exec_t

httpd_sys_script_ra_t

httpd_sys_script_ro_t

httpd_sys_script_rw_t

httpd_unconfined_script_exec_t

mount_loopback_t

public_content_rw_t

public_content_t

samba_share_t

swapfile_t

xen_image_t

[root@readfor secret]# chcon -t httpd_sys_content_t /var/www/html/

但是我仍然不清楚为什么要这样。

[root@readfor secret]# service httpd start

Starting httpd: [ OK ]

我本地的问题：

下面这行代码必须和其他load模块放在一块，不能单独拉出来放在配置文件里面， 也不能单独拉出来放在配置文件的最下面：

LoadModule wsgi_module modules/mod_wsgi.so

对于配置，其他的都不用变，只需要把这行代码放到httpd.conf配置文件中相同的LoadModule模块后面就行。

修改后大致内容如下：

LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
LoadModule wsgi_module modules/mod_wsgi.so

#
# The following modules are not loaded by default:
#
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule asis_module modules/mod_asis.so

#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf

#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus