LAMP架構用戶認證、域名跳轉及訪問日誌

時間 2019-11-06

標籤 lamp 架構用戶認證域名訪問日誌欄目系統架構简体版

原文原文鏈接

11月15日任務

11.18 Apache用戶認證

11.19/11.20 域名跳轉

11.21 Apache訪問日誌

apache用戶認證

針對目錄

先確保主配置文件內開啓了虛擬主機服務php

[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf
# Virtual hosts
# Include conf/extra/httpd-vhosts.conf 
刪除Include行首的#，保存退出

編輯虛擬主機配置文件

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把111.com那個虛擬主機編輯成以下內容
<VirtualHost *:80>
    # 指定網頁文件存儲的根目錄
    DocumentRoot "/data/wwwroot/111.com" 
    # 指定服務器的主機名
    ServerName www.111.com  
    # 指定服務器的別名
    ServerAlias www.example.com
    # 指定認證的目錄
    <Directory /data/wwwroot/111.com> 
        # 這個至關於打開認證的開關
        AllowOverride AuthConfig 
        # 自定義認證的名字，做用不大
        AuthName "111.com user auth" 
        # 認證的類型，通常爲Basic
        AuthType Basic 
        # 指定密碼文件所在位置
        AuthUserFile /data/.htpasswd  
        # 指定須要認證的用戶爲所有可用用戶
        require valid-user 
    </Directory>
    # 指定錯誤日誌
    ErrorLog "logs/111.com-error_log"
    # 指定錯誤日誌記錄級別
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

用戶加密 -c 建立 -m md5加密

[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd castiel
# 這裏我簡單設爲了1
New password: 
Re-type new password: 
Adding password for user castiel、

[root@localhost ~]# cat /data/.htpasswd 
castiel:$apr1$iqyfAY.M$zJ12wj68C6BDDIpe41sWQ1

驗證

# 訪問時報401，須要認證
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

# 輸入帳戶密碼成功訪問，狀態碼轉爲200
[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 www.example.com
111.com

[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 www.example.com -I
HTTP/1.1 200 OK
Date: ..., ... 12:58:50 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

針對單個文件的用戶認證

一樣的須要使用htpasswd建立用戶密碼文件html

修改虛擬主機配置文件

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    # 註釋掉原先配置認證的目錄
    # <Directory /data/wwwroot/111.com>
    # 指定特定的文件123.php
    <FilesMatch 123.php>  
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </FilesMatch>
    # </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

驗證

# 訪問其餘網頁無需帳戶密碼便可正常登錄
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com
111.com
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com -I
HTTP/1.1 200 OK
Date: ..., ... 13:01:54 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

# 訪問特定的123.php文件時須要認證
[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 111.com/123.php
123.php
[root@localhost ~]# curl -x 192.168.65.133:80 111.com/123.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

域名跳轉（域名重定向）

基本知識介紹

能夠經過域名來訪問網站，當一個網站的域名更改後，經過對老域名設置域名跳轉功能後，將用戶跳轉到新網址。例如在訪問www.123.com時，對於設置了域名跳轉的網址，瀏覽器將自動跳轉到新網址www.abc.com。apache

網站的SEO：搜索引擎會將網絡中的域名、網址進行記錄，用戶經過搜索引擎搜索網址，搜索引擎將以權重從高到低順序顯示，方便用戶使用。若是不進行域名跳轉，老域名的權重將一直比新域名高，致使沒法找到新域名網址。能夠經過設置新域名的狀態碼爲301，來下降域名的權重。vim

如何配置

先在主配置文件內開啓rewrite模塊瀏覽器

[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
將「#LoadModule rewrite_module modules/mod_rewrite.so」開頭的#去掉後保存退出

修改虛擬主機配置文件服務器

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
...
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        
        #定義rewrite的條件，主機名（域名）不是111.com的才知足
        RewriteCond %{HTTP_HOST} !^111.com$ 
        
        # 定義rewrite規則：當知足條件時，設置跳轉規則，並定義狀態；
        # ^/即DocumentRoot，爲該默認虛擬主機的根路徑
        # $1代替前面匹配的內容
        # 狀態碼爲301(永久重定向)，L表示跳轉結束
        RewriteRule ^/(.*)$ http://111.com/$1 [r=301,L] 
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

修改完成檢驗後從新加載網絡

[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M | grep rewrite
 rewrite_module (shared)
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful

測試，檢驗是否跳轉curl

[root@localhost ~]# curl -x 127.0.0.1:80 111.com -I
HTTP/1.1 301 Moved Permanently
Date: ..., ... 11:45:49 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
Location: http://www.111.com/
Content-Type: text/html; charset=iso-8859-1

關於狀態碼ide

# 200 容許訪問
# 403 禁止訪問 配置文件中設置Require all denied
# 404 找不到網頁
# 301 永久重定向

訪問日誌

訪問日誌記錄了用戶的每個請求測試

默認的訪問日誌

# logs目錄下存儲的訪問日誌
[root@localhost ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log

# 簡單記錄了訪問的ip、時間、位置、狀態碼等信息
[root@localhost ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
192.168.65.133 - - [...:19:25:48 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [...:19:44:37 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 301 227
127.0.0.1 - - [...:19:45:09 +0800] "GET HTTP://111.com/ HTTP/1.1" 301 227
127.0.0.1 - - [...:19:45:49 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 301 -
127.0.0.1 - - [...:19:46:39 +0800] "HEAD HTTP://111.com/index.html HTTP/1.1" 301 -
127.0.0.1 - - [...:19:46:53 +0800] "HEAD HTTP://111.com/index.php HTTP/1.1" 301 -
127.0.0.1 - - [...:19:50:14 +0800] "HEAD HTTP://111.com/index.php HTTP/1.1" 301 -

訪問日誌格式

# 默認使用common那條格式記錄日誌
[root@localhost ~]# grep -n "LogFormat" /usr/local/apache2.4/conf/httpd.conf
284:    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
285:    LogFormat "%h %l %u %t \"%r\" %>s %b" common
289:      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
# Referer表示網頁跳轉前所在的網址。

修改日誌格式

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [r=301,L]
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    
    # 上述的代碼都沒有變化
    # 修改common爲combined，這個是httpf.conf內設置的FormatLog
    CustomLog "logs/111.com-access_log" combined 
</VirtualHost>

重啓服務

[root@localhost logs]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost logs]# /usr/local/apache2.4/bin/apachectl graceful

驗證效果

[root@localhost logs]# curl -x 192.168.65.133:80 111.com -I
HTTP/1.1 200 OK
Date: ..., ... 12:46:25 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

# 查看日誌格式是否變化
[root@localhost logs]# cat /usr/local/apache2.4/logs/111.com-access_log 
...
192.168.65.133 - - [...:20:46:25 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - "-"