2

On Arch Linux, for some reason, when I try to start nginx with the command "systemctl start nginx", it fails, with this being the output of "systemctl status nginx":

Loaded: loaded (/etc/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since Wed 2013-10-30 16:22:17 EDT; 5s ago
Process: 9835 ExecStop=/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -g pid /run/nginx.pid; -s quit (code=exited, status=126)
Process: 3982 ExecStart=/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -g pid /run/nginx.pid; daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 10967 ExecStartPre=/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -t -q -g pid /run/nginx.pid; daemon on; master_process on; (code=exited, status=126)
Main PID: 3984 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nginx.service

...but when I run 

/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -t -q -g "pid /run/nginx.pid; daemon on; master_process on;"

and then

/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -g "pid /run/nginx.pid; daemon on; master_process on;"

as root, all it does is return a warning, but works just fine:

nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1

Why is it doing that?

edit: After looking in /var/log/messages.log, I found this:

/usr/bin/chroot: failed to run command ‘/usr/bin/nginx’: Permission denied

but ls -l /home/nginx/usr/bin/nginx returns this:

-rwxr-xr-x 1 root root 797040 Oct 25 18:24 nginx

..and every directory leading up to /home/nginx/usr/bin/ is chmodded a+x

Ivan
  • 61
  • 1
  • 2
  • 5
  • Didn't `systemctl status` show you any log entries? Check all the relevant logs. – Michael Hampton Oct 30 '13 at 20:36
  • Sometimes a service will generate logs that do not show when you run `systemctl status`, especially if they die very early in startup. Look at `/var/log/messages` for hints in these cases. – joe miller Oct 30 '13 at 23:01
  • @MichaelHampton @joemiller I didn't find anything in systemctl status, but I did find this in /var/log/messages: `/usr/bin/chroot: failed to run command ‘/usr/bin/nginx’: Permission denied` – Ivan Oct 31 '13 at 15:23
  • Why using /usr/bin/chroot? You can do similar stuff (user, rootdirectory, workingdirectory) directly with the systemd unit file – Kdecherf Oct 31 '13 at 15:31
  • @Kdecherf nginx is running in a chroot jail. All I did was follow [Arch Linux's Nginx](https://wiki.archlinux.org/index.php/nginx) page's instructions. – Ivan Oct 31 '13 at 15:35

1 Answers1

3

I experienced the same problem and it was due to SELinux.

To check if SELinux is running:

# getenforce

To disable SELinux until next reboot:

# setenforce Permissive

Restart Nginx and see if the problem persists. If you would like to permanently alter the settings you can edit /etc/sysconfig/selinux

If SELinux is your problem you can run the following to allow nginx to serve your www directory (make sure you turn SELinux back on before testing this. i.e, setenforce Enforcing)

# chcon -Rt httpd_sys_content_t /path/to/www

If you're still having issues take a look at the boolean flags in getsebool -a, in particular you may need to turn on httpd_can_network_connect for network access

# setsebool -P httpd_can_network_connect on

For me it was enough to allow http to serve my www directory.

Kurt
  • 141
  • 3
  • This answer is a little bit late, and my nginx setup runs fine today (server reinstallations, etc), but it doesn't seem that Arch Linux has SELinux. `getenforce`/`setenforce` are unknown commands, and `/etc/sysconfig` isn't an existing directory, but I appreciate you trying to answer it. :) – Ivan Oct 07 '14 at 22:25