【2018.06.08學習筆記】【linux高級知識 12.10-12.12】

12.10 Nginx訪問日誌

日誌格式，是在nginx.conf下定義的：

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf

user nobody nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
http
{
    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
    ' $host "$request_uri" $status'
    ' "$http_referer" "$http_user_agent"';
}
//combined_realip:可定義的日誌格式名
//$remote_addr:客戶端ip（公網）
//$http_x_forwarded_for:代理服務器ip
//$time_local:服務器本地時間
//$host:訪問主機的域名
//$request_uri:訪問的url地址，域名+後面一串字符就叫url
//$status:狀態碼
//$http_referer：referer
//$http_user_agent：用戶agent

定義好日誌格式後，需在虛擬主機配置文件里加一段配置記錄訪問日誌

server
{
   listen 80;
   server_name test.com test1.com test2.com;
   index index.html index.php;
   root /data/wwwroot/test.com;
  # location /
  # {
  #   auth_basic "Auth";
  #   auth_basic_user_file /usr/local/nginx/conf/htpasswd;
  # }
   if ($host != 'test.com')
   {
      rewrite ^(.*)/(.*)$ http://test.com/$2 permanent;
   }
  access_log /tmp/test.com.log combined_realip;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
//測試驗證訪問日誌的記錄
[root@localhost ~]# curl -x127.0.0.1:80 test.com/1.txt
echo "this is test page!"
[root@localhost ~]# curl -x127.0.0.1:80 test2.com/1.txt
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.0</center>
</body>
</html>
[root@localhost ~]# cat /tmp/test.com.log 
127.0.0.1 - [10/Jun/2018:14:42:47 +0800] test2.com "/" 301 "-" "curl/7.29.0"
127.0.0.1 - [10/Jun/2018:14:43:00 +0800] test.com "/" 403 "-" "curl/7.29.0"
127.0.0.1 - [10/Jun/2018:14:43:27 +0800] test.com "/1.txt" 200 "-" "curl/7.29.0"
127.0.0.1 - [10/Jun/2018:14:43:38 +0800] test2.com "/1.txt" 301 "-" "curl/7.29.0"

12.11 Nginx日誌切割

Nginx不像Apache同樣自帶有日誌切割的工具，咱們要編寫shell腳本實現日誌切割功能：

[root@localhost ~]# vim /usr/local/nginx/conf/vhost/nginx_log_rotate.sh

#! /bin/bash
## 假設nginx的日誌存放路徑爲/data/logs/
d=`date -d "-1 day" +%Y%m%d`    //定義一個時間，是昨天的日期
logdir="/tmp/"    //定義訪問日誌目錄
nginx_pid="/usr/local/nginx/logs/nginx.pid"  //pid文件
cd $logdir   //進入日誌目錄
for log in `ls *.log`   //在日誌目錄裏ls log後綴的文件，在ls的結果序列裏循環操做
do
    mv $log $log-$d   //更名，把原來日誌改爲 帶日期的名字。
done
/bin/kill -HUP `cat $nginx_pid`   //cat pid，就是nginx的進程號。kill -HUP是從新加載配置，而不用重啓服務。
##add cron
#0 0 * * * /bin/bash /usr/local/nginx/conf/vhost/nginx_log_rotate.sh

//執行腳本測試
[root@localhost ~]# ls /tmp/
mysql.sock     systemd-private-3d1fb3a4802645c59cfef8920b56ddf0-chronyd.service-VYHBwZ   test.com.log
pear           systemd-private-3d1fb3a4802645c59cfef8920b56ddf0-vgauthd.service-Nc0aOg
php-fcgi.sock  systemd-private-3d1fb3a4802645c59cfef8920b56ddf0-vmtoolsd.service-1OJc7x

[root@localhost ~]# vim /usr/local/nginx/conf/vhost/nginx_log_rotate.sh 
[root@localhost ~]# sh -x /usr/local/nginx/conf/vhost/nginx_log_rotate.sh 
++ date -d '-1 day' +%Y%m%d
+ d=20180609
+ logdir=/tmp/
+ nginx_pid=/usr/local/nginx/logs/nginx.pid
+ cd /tmp/
++ ls test.com.log
+ for log in '`ls *.log`'
+ mv test.com.log test.com.log-20180609
++ cat /usr/local/nginx/logs/nginx.pid
+ /bin/kill -HUP 4096

[root@localhost ~]# ls /tmp/
mysql.sock     systemd-private-3d1fb3a4802645c59cfef8920b56ddf0-chronyd.service-VYHBwZ   test.com.log
pear           systemd-private-3d1fb3a4802645c59cfef8920b56ddf0-vgauthd.service-Nc0aOg   test.com.log-20180609
php-fcgi.sock  systemd-private-3d1fb3a4802645c59cfef8920b56ddf0-vmtoolsd.service-1OJc7x

//還能夠作任務計劃，天天執行這個腳本
[root[@localhost](https://my.oschina.net/u/570656) ~]# crontab -e
no crontab for root - using an empty one

0 0 * * * /bin/bash /usr/local/nginx/conf/vhost/nginx_los_rotate.sh
// 清理30天前的日誌：
find /tmp/ -name *.log -type f -mtime +30|xargs rm

12.12 靜態文件不記錄日誌和過時時間

在vhost的conf文件里加入配置段：

[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 

{
   listen 80;
   index index.html index.php;
   root /data/wwwroot/test.com;
  # location /
  # {
  #   auth_basic "Auth";
  #   auth_basic_user_file /usr/local/nginx/conf/htpasswd;
  # } 
    
   location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$  //匹配正則表達式，包含gif等文件後綴的url
   {
     expires 7d;  // 過時時間7天
     access_log off;  //關閉訪問日誌功能
   } 
   
   location ~ .*\.(js|css)$
   {
     expires 12h;
     access_log off;
   } 
   
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

//測試驗證不記錄訪問日誌：沒記錄gif和css的訪問日誌。
[root@localhost test.com]# curl -x127.0.0.1:80 test.com/1.txt
echo "this is test page!"
[root@localhost test.com]# curl -x127.0.0.1:80 test.com/1.gif
"this is a gif file"
[root@localhost test.com]# curl -x127.0.0.1:80 test.com/2.css
"this is css file" 
[root@localhost test.com]# cat /tmp/test.com.log
127.0.0.1 - [10/Jun/2018:15:18:14 +0800] test.com "/1.txt" 200 "-" "curl/7.29.0"

//測試過時時間：包含Cache-Control: max-age=43200 
[root@localhost test.com]# curl -x127.0.0.1:80 test.com/2.css -I
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Sun, 10 Jun 2018 07:20:12 GMT
Content-Type: text/css
Content-Length: 20
Last-Modified: Sun, 10 Jun 2018 07:17:26 GMT
Connection: keep-alive
ETag: "5b1cd086-14"
Expires: Sun, 10 Jun 2018 19:20:12 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes