Solve the LNMP environment 7.1 File not found., centoslnmp on CentOS 404
Set the LNMP runtime environment built on CentOS 7 and 7.1 to/srv/www/default in the root directory of the PHP website.
When you start php-fpm with systemctl, the browser reports a 404 error.
File not found.
However, using the root permission to manually start with the php-fpm-D command is normal.
After careful troubleshooting several times, it turns out that SELinux is playing a strange role. Let's take a look at the introduction of SELinux:
Security Enhanced Security-Enhanced Linux (SELinux) is a force Access Control (MAC) Security mechanism in the kernel. SELinux first appeared in CentOS 4 and made significant improvements in subsequent CentOS releases. These improvements mean that the way to solve the problem with SELinux also changes over time. SELinux is more compliant with the minimum permission concept. In the defaultEnforcingIn this case, everything is rejected, followed by a series of exceptional policies that allow access required for each element of the system (Service, program, user) to operate. When a service, program, or user attempts to access or modify a file or resource that it does not need, its request is rejected and this action is recorded. Because SELinux is used in the kernel, SELinux can be used for applications without special writing or rewriting. Of course, if a program pays special attention to the SELinux Error Code mentioned later, its operation may be smoother. If SELinux blocks an action, it reports a standard (at least regular) "Access Denied" error to the application. However, many applications do not test the error codes returned by system functions, so they may not output messages to explain the problem or output error messages.
SELinux has three basic operation modes:EnforcingIs the default mode. In addition, it hasTargetedOrMls. The SELinux rule is widely used.TargetedIs relatively loose.
Enforcing:This default mode enables and implements SELinux security policies on the system, and denies access and records actions.
Permissive:In Permissive mode, SELinux is enabled but security policies are not implemented. Instead, SELinux only sends warnings and records actions. Permissive mode is useful in troubleshooting SELinux problems.
Disabled:SELinux disabled
Run the sestatus command on CentOS 7.1 to view the current running status of SELinux.
SELinux status: enabledSELinuxfs mount: /sys/fs/selinuxSELinux root directory: /etc/selinuxLoaded policy name: targetedCurrent mode: enforcingMode from config file: enforcingPolicy MLS status: enabledPolicy deny_unknown status: allowedMax kernel policy version: 28
We can see that the current Enforcing mode is running.
View the SELinux configuration file
$ cat /etc/selinux/config# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=enforcing# SELINUXTYPE= can take one of these two values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection.SELINUXTYPE=targeted
You can see that the Enforcing mode is also running when the instance is started. Use the setenforce command to switch to the Permissive mode.
$ sudo setenforce 0$ sestatus SELinux status: enabledSELinuxfs mount: /sys/fs/selinuxSELinux root directory: /etc/selinuxLoaded policy name: targetedCurrent mode: permissiveMode from config file: enforcingPolicy MLS status: enabledPolicy deny_unknown status: allowedMax kernel policy version: 28
Reuse
sudo systemctl start php-fpm.service
Start the php-fpm service so that the LNMP service is normal.