分类导航
LinuxWindowsCentOSUbuntuNginxMemcacheApacheRedisDockerBashAzureTomcatLNMPShell数据结构服务器其他

我必须修改以使SELinux允许nginx充当IMAP / POP3代理?

Linux   发布时间:2022-04-01  发布网站:大佬教程  code.js-code.com
大佬教程收集整理的这篇文章主要介绍了我必须修改以使SELinux允许nginx充当IMAP / POP3代理?大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。

概述

默认情况下,如果用作IMAP / POP代理,CentOS 7下的nginx将无法启动.这是因为SE Linux. 如何在不禁用其保护的情况下更改SELinux的配置,以允许nginx按需运行? audit.log type=AVC msg=audit(1429125129.833:2286): avc: denied { name_bind } for pid=26451 comm="ng
认情况下,如果用作IMAP / POP代理,CentOS 7下的Nginx将无法启动.这是因为SE Linux.

如何在不禁用其保护的情况下更改SELinux的配置,以允许Nginx按需运行?

audit.log

type=AVC msg=audit(1429125129.833:2286): avc:  denied  { name_bind } for  pid=26451 comm="Nginx" src=143 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket

Nginx.conf

@H_378_20@mail { auth_http unix:/run/Nginx-mailauth@L_197_10@ck; ssl_prefer_server_ciphers on; ssl_session_cache shared:mail-TLSSL:16m; ssl_session_timeout 10m; ssl_session_tickets on; ssl_certificate /etc/pki/tls/certs/mail.example.com.cer; ssl_certificate_key /etc/pki/tls/private/mail.example.com.key; ssl_session_ticket_key /etc/pki/tls/private/mail.example.com-session_ticket.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #For antimony-webmail imap_capabilities "IMAP4rev1" "ACL" "BINARY" "CATENATE" "CHILDREN" "CONDSTORE" "ENABLE" "ESEARCH" "ID" "IDLE" "LIST-EXTENDED" "LITERAL+" "MULTIAPPEND" "NAMESPACE" server { protocol imap; listen 143; starttls only; } server { protocol imap; listen 993; ssl on; } #For antimony-webmail pop3_capabilities "EXPIRE 31 USER" "TOP" "UIDL" "USER" "XOIP"; server { protocol pop3; listen 110; starttls only; pop3_auth plain; } server { protocol pop3; listen 995; ssl on; pop3_auth plain; } }

systemctl

[root@mail ~]# systemctl start Nginx
Job for Nginx.service Failed. See 'systemctl status Nginx.service' and 'journalctl -xn' for details.
[root@mail ~]# systemctl status Nginx.service
Nginx.service - The Nginx http and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/Nginx.service; disabled)
   Active: Failed (Result: exit-codE) since Wed 2015-04-15 12:12:09 PDT; 5s ago
  Process: 26446 ExecStop=/bin/kill -s QUIT $MAINPID (code=exited,status=0/succesS)
  Process: 25373 ExecReload=/bin/kill -s HUP $MAINPID (code=exited,status=0/succesS)
  Process: 26400 ExecStart=/usr/sbin/Nginx (code=exited,status=0/succesS)
  Process: 26451 ExecStartPre=/usr/sbin/Nginx -t (code=exited,status=1/FAILURE)
 Main PID: 26402 (code=exited,status=0/succesS)

Apr 15 12:12:09 mail.dev.example.com Nginx[26451]: Nginx: the configuration file /etc/Nginx/Nginx.conf Syntax is ok
Apr 15 12:12:09 mail.dev.example.com Nginx[26451]: Nginx: [emerg] bind() to 0.0.0.0:143 Failed (13: Permission denied)
Apr 15 12:12:09 mail.dev.example.com Nginx[26451]: Nginx: configuration file /etc/Nginx/Nginx.conf test Failed
Apr 15 12:12:09 mail.dev.example.com systemd[1]: Nginx.service: control process exited,code=exited status=1
Apr 15 12:12:09 mail.dev.example.com systemd[1]: Failed to start The Nginx http and reverse proxy server.
Apr 15 12:12:09 mail.dev.example.com systemd[1]: Unit Nginx.service entered Failed state.

解决方法

Nginx正在停止绑定到SELinux pop_port_t端口.

可能的是将所需的端口改变为Nginx可以绑定的类型,例如,http_port_t.

# for port in {143,993,110,995} ; do semanage port -m -t http_port_t -p tcp $port ; done && semanage port -l -C
SELinux Port Type              Proto    Port number
http_port_t                    tcp      143,995

大佬总结

以上是大佬教程为你收集整理的我必须修改以使SELinux允许nginx充当IMAP / POP3代理?全部内容,希望文章能够帮你解决我必须修改以使SELinux允许nginx充当IMAP / POP3代理?所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。
标签:3nginxpopselinux代理修改允许充当必须
猜你在找的Linux相关文章
其他相关热搜词更多
phpJavaPython程序员load如何string使用参数jquery开发安装listlinuxiosandroid工具javascriptcap