在进行letsencrypt证书续签后,使用`systemctlrestartnginx`导致nginx重启失败,原因是旧服务进程未正确关闭,造成端口被占用。解决方案是修改nginx.service文件,调整ExecReload和ExecStop命令,使用`nginx-sreload`和`nginx-squit`来平滑重启和停止服务。完成修改并重新加载systemd后,nginx成功重启。
一、问题场景
进行let's encrypt证书续签之后,nginx重启报错,提示如下:
[Mon Feb 20 10:23:40 CST 2023] Run reload cmd: /bin/systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
本篇博客主要是讲解解决方案。
二、问题环境
| 软件 | 版本 |
|---|---|
| Centos | 7 |
| nginx | 1.22.1 |
三、问题原因
主要是因为证书续签的时候,是使用了命令systemctl restart nginx。这里命令底层是如何实现的,我们可以看看/lib/systemd/system/nginx.service的内容,如下:
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target
可以看到,里面是kill了服务,但是实际会导致pid文件被删除,但是服务还存留,所以重启失败。如下:
[root@hecs-213607 ~]# systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2023-02-20 10:23:44 CST; 1min 10s ago
Docs: http://nginx.org/en/docs/
Process: 3599 ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf (code=exited, status=1/FAILURE)
Process: 3597 ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 29870 (code=exited, status=0/SUCCESS)
Feb 20 10:23:43 hecs-213607 nginx[3599]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Feb 20 10:23:43 hecs-213607 nginx[3599]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Feb 20 10:23:43 hecs-213607 nginx[3599]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Feb 20 10:23:43 hecs-213607 nginx[3599]: nginx: [emerg] bind() to 0.0.0.0:18880 failed (98: Address already in use)
Feb 20 10:23:43 hecs-213607 nginx[3599]: nginx: [emerg] bind() to [::]:18880 failed (98: Address already in use)
Feb 20 10:23:44 hecs-213607 nginx[3599]: nginx: [emerg] still could not bind()
Feb 20 10:23:44 hecs-213607 systemd[1]: nginx.service: control process exited, code=exited status=1
Feb 20 10:23:44 hecs-213607 systemd[1]: Failed to start nginx - high performance web server.
Feb 20 10:23:44 hecs-213607 systemd[1]: Unit nginx.service entered failed state.
Feb 20 10:23:44 hecs-213607 systemd[1]: nginx.service failed.
所以,需要改变这里的重启方式。当然,针对目前这个情况,最快的方式就是干掉nginx服务,然后启动nginx。命令如下:
ps -ef|grep nginx|grep -v grep|awk '{print $2}'|xargs kill -9
/usr/local/nginx/sbin/nginx
四、解决方案
修改/lib/systemd/system/nginx.service的内容,调整ExecReload和ExecStop,调整后内容如下:
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPost=/bin/sleep 0.1
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
TimeoutStartSec=120
LimitNOFILE=1000000
LimitNPROC=1000000
LimitCORE=1000000
[Install]
WantedBy=multi-user.target
然后重新加载systemd,如下:
systemctl daemon-reload
五、结果
执行命令systemctl restart nginx,任务没有报错。
六、总结
根据实际调用的命令解决问题!!!
PS:随缘求赞、关注
如果我的文章对大家产生了帮忙,可以在文章底部点个赞或者收藏;
如果有好的讨论,可以留言;
如果想继续查看我以后的文章,可以点击关注
扫一扫
631
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
