4.36域名重定向4.37用戶認證4.38Nginx訪問日誌4.39日誌不記錄靜態文件4.40日誌切割

時間  2019-12-14
標籤 4.36 域名 重定向 4.37 用戶 認證 4.38nginx nginx 訪問 日誌 4.39日 記錄 靜態 文件 4.40日 切割 欄目 HTTP/TCP 简体版
原文   原文鏈接

域名重定向

用戶認證

Nginx訪問日誌

日誌不記錄靜態文件

日誌切割

 域名重定向

配置第二個域名:php

vi /etc/nginx/conf.d/blog.aminglinux.cc.conf
在 server_name 那一行的域名後面再加一個域名,空格做爲分隔。
nginx -t
nginx -s reload

 

域名重定向: #經過設置Web服務的配置文件,將本來訪問A域名的請求訪問到B域名css

從a域名跳轉到b域名
vi /etc/nginx/conf.d/blog.aminglinux.cc.conf //增長:
    if ( $host = blog.aminglinux.cc )
    {
    	rewrite /(.*)  http://www.aming.com/$1 permanent;
	    }
nginx -t
nginx -s reload

測試是否實現了重定向:html

curl -x127.0.0.1:80 -I blog.aminglinuc.cc/1.txt

補充:linux

狀態碼:200(OK)  404(不存在)   304(緩存) 301(永久重定向)  302 (臨時重定向)
#301 permanent   302 redirect

若是是域名跳轉,用301; 若是不涉及域名跳轉用302
rewrite /1.txt  /2.txt  redirect;

 效果圖:nginx

用戶認證

爲了站點的安全,能夠經過修改配置文件來針對一些重要的目錄(站點後臺地址)進行用戶認證git

用戶認證的目的:github

實現二次認證,針對一些重要的目錄(後臺地址)

配置用戶認證:ajax

vi  配置文件 //添加:

location ~ admin.php 
{ 
	    auth_basic "Auth"; 
    auth_basic_user_file /etc/nginx/user_passwd; 
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /data/wwwroot/bbs.aminglinux.cc$fastcgi_script_name;
    include        fastcgi_params;
}

補充:正則表達式

nginx location優先級:vim

location /  優先級比 location ~ 要低,也就是說,若是一個請求(如,aming.php)同時知足兩個location
location /amin.php
location ~ *.php$
會選擇下面的
nginx location 文檔: https://github.com/aminglinux/nginx/tree/master/location

Nginx訪問日誌

  • 日誌的內容是經過編輯Nginx主配置文件來定義的。 
  • 日誌的格式(顯示在日誌文件中的內容)
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
  • $remote_addr 客戶端ip(公網ip)
  • $http_x_forwarded_for 代理服務器ip
  • $time_local 服務器本地時間
  • $host 訪問主機名(域名)
  • $request_uri 訪問的url地址
  • $status 狀態碼
  • $http_referer 從哪一個站點跳轉到該站點的(直接訪問該項爲-)
  • $http_user_agent 訪問方式(經過XX瀏覽器,或curl方式訪問)

自定義一個格式的日誌test

  • 爲了試驗效果,咱們能夠自定義一個日誌格式,只記錄客戶端ip和狀態碼的日誌格式test ,而後把這個格式應用到www.lcblog.com上去。
log_format  test  '$remote_addr $status' ;
  • 應用到blog.abc.com.conf中
access_log  /var/log/nginx/host.access.log  test;
  • 日誌中只會記錄以下,客戶端ip和狀態碼的信息。
[root@localhost blog.abc.com]# cat /var/log/nginx/host.access.log 
192.168.254.1 200
127.0.0.1 301
nginx內置變量: https://github.com/aminglinux/nginx/blob/master/rewrite/variable.md

在網頁上刷新也會在日誌上產生文件

日誌不記錄靜態文件

  • 一個網站裏可能包含不少靜態文件,好比jpg,png,gif,js,css等,若是每個訪問都記錄日誌的話,日誌文件會瘋狂增加,這就須要配置靜態文件不記錄日誌了,在虛擬主機配置文件中添加以下內容。
location ~* \.(png|jpeg|gif|js|css|bmp|flv)$    #*表示不區分大小寫
    {
    access_log off;
     }

補充:

  • tail -f /data/logs/bbs.access.log      -f選型能夠動態查看一個文件的內容

  • ">"能夠清空一個文件內容

  • ~* 表示不區分大小寫的匹配 後面跟正則表達式.表示任意一個字符 #不使用正則表達式的含義,就使用脫義 

日誌切割

  • 系統自帶日誌切割工具logrotate。配置文件是/etc/logratate.conf,子配置文件/etc/lograte.d/*  
  • nginx 的日誌切割配置文件/etc/logrotate.d/nginx    #yum安裝的nginx,自帶了切割文件
/var/log/nginx/*.log {
        daily
        dateext
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                if [ -f /var/run/nginx.pid ]; then
                        kill -USR1 `cat /var/run/nginx.pid`
                fi
        endscript
  • 測試執行logrotate -vf /etc/logrotate.d/nginx   #-f  強制切割

借鑑代碼

[root@test01 ~]# setenforce 0  機器關機過因此,若是沒有在配置文件裏禁用seLinux,每次重啓就會再次生效
[root@test01 ~]# cd /etc/nginx/conf.d/
[root@test01 conf.d]# 
[root@test01 conf.d]# vi www.champin.top.conf 

server {
    listen       80;
    server_name  www.champin.top blog.champin.top;   域名後面再增長一個域名server_name後面,空格分隔

域名重定向
[root@test01 conf.d]# vi www.champin.top.conf
    server_name  www.champin.top blog.champin.top;
    if ( $host = www.champin.top )
    {
        rewrite /(.*) http://blog.champin.top/$1 permanent;
    }

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload

[root@test01 conf.d]# curl -x127.0.0.1:80 -I www.champin.top/bbs/abc/1.txt  這個是linux上的測試。
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 15:47:17 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://blog.champin.top/bbs/abc/1.txt   自動跳轉到blog.champin.top上
瀏覽器的測試沒有截圖

[root@test01 conf.d]# vi www.champin.top.conf  若是是內部的跳轉,1.txt,調到2.txt
 rewrite /1.txt /2.txt redirect;

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload

[root@test01 conf.d]# curl -x127.0.0.1:80 -I blog.champin.top/1.txt
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 16:01:13 GMT
Content-Type: text/html
Content-Length: 161
Location: http://blog.champin.top/2.txt
Connection: keep-alive

用戶認證
 
[root@test01 conf.d]# vi bbs.champin.top.conf 

server {
    listen       80;
    server_name  bbs.champin.top;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;
    
    location ~ /admin.php      這裏存在一個優先級的問題因此也改爲 ~ /                  
    {
        auth_basic "Auth";                          命名
        auth_basic_user_file /etc/nginx/user_passwd;指定用戶密碼配置文件
    }


把location 去掉,變成全局的
        root   /data/wwwroot/bbs.champin.top;
        index  index.html index.htm index.php;


[root@test01 conf.d]# yum install -y httpd-tools |less

[root@test01 conf.d]# htpasswd -c /etc/nginx/user_passwd user1   第一次使用能夠用-c 
New password: 
Re-type new password: 
Adding password for user user1
[root@test01 conf.d]# cat /etc/nginx/user_passwd     看一看生成的用戶和密碼
user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/
[root@test01 conf.d]# htpasswd -m /etc/nginx/user_passwd user2   再次使用就不要用-c了,用-m
New password: 
Re-type new password: 
Adding password for user user2
[root@test01 conf.d]# cat /etc/nginx/user_passwd
user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/
user2:$apr1$knzvn.r.$ID04wDsUEmjZluw0xadH0/

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload                 用瀏覽器嘗試訪問,輸入user1 而後密碼後,會直接下載admin.php,說明php解析沒有成功,繼續編輯配置文件


[root@test01 conf.d]# vi bbs.champin.top.conf 
配置文件要添加上php解析語句才能夠。

location ~ /admin.php
    {
        auth_basic "Auth";
        auth_basic_user_file /etc/nginx/user_passwd;
        root           /data/wwwroot/bbs.champin.top;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /data/wwwroot/bbs.champin.top$fastcgi_script_name;
        include        fastcgi_params;

    }


        root   /data/wwwroot/bbs.champin.top;
        index  index.html index.htm index.php;

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload 


訪問日誌


[root@test01 conf.d]# vi /etc/nginx/nginx.conf   這個是定義日誌的格式
 log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

 log_format  main  '$remote_addr -            遠程客戶端的IP地址
                    $remote_user              若是作了用戶認證的話,回去記錄用戶 
                    $time_local]              時間
                    $request" '               請求的方法,如get等。請求的連接。http的版本
                    $status                   狀態碼
                    $body_bytes_sent          請求發送的大小 
                    $http_referer" '          請求的referer,從哪裏跳轉過來的。
                    $http_user_agent"         記錄瀏覽器等
                    $http_x_forwarded_for"';  若是使用代理,會記錄代理ip

[root@test01 conf.d]# vi bbs.champin.top.conf    複製到最後一行,把#號去掉,從新定義路徑
    access_log  /data/logs/bbs.access.log  main;



[root@test01 conf.d]# nginx -t   提示data下面沒有logs目錄。
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/data/logs/bbs.access.log" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

[root@test01 conf.d]# mkdir /data/logs  新建一下
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload 

[root@test01 conf.d]# ls /data/logs      看一下有了日誌文件了。
bbs.access.log
[root@test01 conf.d]# cat /data/logs/bbs.access.log   通常是空的,自動刷新網頁也可能產生日誌
在瀏覽器裏作訪問,而後在去查看日誌

[root@test01 conf.d]# cat /data/logs/bbs.access.log   查看一下日誌文件,日誌所記錄的字段就是根據
                                                      log_format  main來的
 
192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 499 0 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"



日誌不記錄靜態文件

[root@test01 conf.d]# vi bbs.champin.top.conf
    location ~* \.(png|jpeg|gif|js|css|bmp|flv)$
    {
        access_log off;
    }

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload

[root@test01 conf.d]# > /data/logs/bbs.access.log   清空一下日誌。
[root@test01 conf.d]# tail /data/logs/bbs.access.log   空的
再瀏覽器執行ctrl+f5強制刷新

[root@test01 conf.d]# tail -f /data/logs/bbs.access.log 
192.168.28.1 - user1 [19/Feb/2019:01:34:13 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/portal.php?mod=portalcp" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /uc_server/avatar.php?uid=1&size=small HTTP/1.1" 301 5 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /favicon.ico HTTP/1.1" 200 5558 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"


就沒有png gif等日誌了

如下沒有配置不記錄靜態文件日誌
192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"

日誌切割

系統裏有一個日誌切割的服務或者叫工具
[root@test01 conf.d]# ls /etc/logrotate.conf 
/etc/logrotate.conf

[root@test01 conf.d]# cat !$
cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext



# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
	minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

若是是yum安裝的nginx,已經自帶了切割文件
[root@test01 conf.d]# cd /etc/logrotate.d
[root@test01 logrotate.d]# ls
chrony  nginx  ppp  syslog  wpa_supplicant  yum
[root@test01 logrotate.d]# cat nginx 
/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                if [ -f /var/run/nginx.pid ]; then
                        kill -USR1 `cat /var/run/nginx.pid`
                fi
        endscript
}
[root@test01 logrotate.d]# vim nginx 
/var/log/nginx/*.log /data/logs/*.log {
        daily
        dateext
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                if [ -f /var/run/nginx.pid ]; then
                        kill -USR1 `cat /var/run/nginx.pid`
                fi
        endscript
}


[root@test01 logrotate.d]# logrotate -v /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 B

Handling 1 logs

rotating pattern: /var/log/nginx/*.log /data/logs/*.log  after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.log
  log does not need rotating (log has been already rotated)considering log /var/log/nginx/error.log
  log does not need rotating (log has been already rotated)considering log /data/logs/bbs.access.log
  log does not need rotating (log has been already rotated)not running postrotate script, since no logs were rotated
set default create context

[root@test01 logrotate.d]# ls /data/logs/
bbs.access.log
[root@test01 logrotate.d]# ls /var/log/nginx/
access.log  error.log

[root@test01 logrotate.d]# logrotate -vf /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 B

Handling 1 logs

rotating pattern: /var/log/nginx/*.log /data/logs/*.log  forced from command line (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.log
  log needs rotating
considering log /var/log/nginx/error.log
  log needs rotating
considering log /data/logs/bbs.access.log
  log needs rotating
rotating log /var/log/nginx/access.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
rotating log /var/log/nginx/error.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
rotating log /data/logs/bbs.access.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
fscreate context set to unconfined_u:object_r:httpd_log_t:s0
renaming /var/log/nginx/access.log to /var/log/nginx/access.log-20190219
creating new /var/log/nginx/access.log mode = 0640 uid = 996 gid = 4
fscreate context set to unconfined_u:object_r:httpd_log_t:s0
renaming /var/log/nginx/error.log to /var/log/nginx/error.log-20190219
creating new /var/log/nginx/error.log mode = 0640 uid = 996 gid = 4
fscreate context set to unconfined_u:object_r:default_t:s0
renaming /data/logs/bbs.access.log to /data/logs/bbs.access.log-20190219
creating new /data/logs/bbs.access.log mode = 0640 uid = 996 gid = 4
running postrotate script
set default create context

[root@test01 logrotate.d]# ls /data/logs/
bbs.access.log  bbs.access.log-20190219
[root@test01 logrotate.d]# ls /var/log/nginx/
access.log  access.log-20190219  error.log  error.log-20190219
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程