On Arch Linux, for some reason, when I try to start nginx with the command "systemctl start nginx", it fails, with this being the output of "systemctl status nginx":
Loaded: loaded (/etc/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since Wed 2013-10-30 16:22:17 EDT; 5s ago
Process: 9835 ExecStop=/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -g pid /run/nginx.pid; -s quit (code=exited, status=126)
Process: 3982 ExecStart=/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -g pid /run/nginx.pid; daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 10967 ExecStartPre=/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -t -q -g pid /run/nginx.pid; daemon on; master_process on; (code=exited, status=126)
Main PID: 3984 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nginx.service
…but when I run
/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -t -q -g "pid /run/nginx.pid; daemon on; master_process on;"
and then
/usr/bin/chroot --userspec=http:http /home/nginx /usr/bin/nginx -g "pid /run/nginx.pid; daemon on; master_process on;"
as root, all it does is return a warning, but works just fine:
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
Why is it doing that?
edit:
After looking in /var/log/messages.log, I found this:
/usr/bin/chroot: failed to run command ‘/usr/bin/nginx’: Permission denied
but ls -l /home/nginx/usr/bin/nginx returns this:
-rwxr-xr-x 1 root root 797040 Oct 25 18:24 nginx
..and every directory leading up to /home/nginx/usr/bin/ is chmodded a+x
Best Answer
I experienced the same problem and it was due to SELinux.
To check if SELinux is running:
To disable SELinux until next reboot:
Restart Nginx and see if the problem persists. If you would like to permanently alter the settings you can edit
/etc/sysconfig/selinux
If SELinux is your problem you can run the following to allow nginx to serve your www directory (make sure you turn SELinux back on before testing this. i.e,
setenforce Enforcing
)If you're still having issues take a look at the boolean flags in
getsebool -a
, in particular you may need to turn onhttpd_can_network_connect
for network accessFor me it was enough to allow http to serve my www directory.