3.2:Nginx 自定义访问日志
3.2.1:Nginx 内置变量
-
$remote_addr
客户端地址(公网IP,有可能是代理服务器的 IP); -
$args
URL 中的指令参数; -
$document_root
所请求的资源对应的 root 路径; -
d o c u m e n t u r i U R L 中 的 U R I ( 不 包 含 指 令 参 数 ) ; 即 s e r v e r n a m e 、 document_uri URL中的URI(不包含指令参数); 即server_name、 documenturiURL中的URI(不包含指令参数);即servername、document_uri 和 $args 组成完整的 URL;
-
$host
请求的Host; -
$http_user_agent
客户端的浏览器信息; -
$http_cookie
客户端的cookie信息; -
$limit_rate
limit_rate的值(未设置则显示默认值0); -
$remote_port
客户端的请求端口; -
$remote_user
通过basic验证的用户名; -
$request_body_file
nginx作为反向代理时,请求的后端服务器上的本地资源名称; -
$request_method
请求资源所用的method(GET、HEAD、PUT等); -
$request_filename
请求资源在文件系统上的绝对路径; -
$request_uri
请求的完整URI;
$document_uri 和 $args 组成 $request_uri; -
$scheme
请求的协议,如http、https、ftp等; -
$server_protocol
请求资源所用的协议(包括版本),如HTTP/1,0、HTTP/1,1、HTTP/2.0等; -
$server_addr
服务器的IP地址; -
$server_name
server_name指定的虚拟服务器名称; -
$server_port
服务端的监听端口; -
$upstream_cache_status
缓存状态;·MISS 未命中,请求被传送到后端 ·HIT 缓存命中 ·EXPIRED 缓存已经过期请求被传送到后端 ·UPDATING 正在更新缓存,将使用旧的应答 ·STALE 后端将得到过期的应答
-
$proxy_add_x_forwarded_for
KaTeX parse error: Double subscript at position 12: proxy_add_x_̲forwarded_for变量…remote_addr用逗号分开:
- X-Forwarded-For:简称XFF头,它代表客户端,也就是HTTP的请求端真实的IP,只有在通过了HTTP 代理或者负载均衡服务器时才会添加该项。它不是RFC中定义的标准请求头信息。
X-Forwarded-For 的记录格式:client1, proxy1, proxy2
X-Forwarded-For头信息可以有多个,中间用逗号分隔,第一项为真实的客户端ip,剩下的就是曾经经过的代理或负载均衡的ip地址,经过几个就会出现几个。
在默认情况下,Nginx并不会对X-Forwarded-For头做任何的处理,除非用户使用proxy_set_header 参数设置:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
如果没有"X-Forwarded-For" 请求头,则KaTeX parse error: Double subscript at position 12: proxy_add_x_̲forwarded_for等于remote_addr($remote_addr变量的值是客户端的IP);
当Nginx设置X-Forwarded-For于$proxy_add_x_forwarded_for后会有两种情况发生:
1、如果从CDN过来的请求没有设置X-Forwarded-For头(通常这种事情不会发生),而到了我们这里Nginx设置将其设置为$proxy_add_x_forwarded_for的话,X-Forwarded-For的信息应该为CDN的IP,因为相对于Nginx负载均衡来说客户端即为CDN,这样的话,后端的web程序时死活也获得不了真实用户的IP的。
2、CDN设置了X-Forwarded-For,我们这里又设置了一次,且值为$proxy_add_x_forwarded_for的话,那么X-Forwarded-For的内容变成 ”客户端IP,Nginx负载均衡服务器IP“如果是这种情况的话,那后端的程序通过X-Forwarded-For获得客户端IP,则取逗号分隔的第一项即可。
- X-Forwarded-For:简称XFF头,它代表客户端,也就是HTTP的请求端真实的IP,只有在通过了HTTP 代理或者负载均衡服务器时才会添加该项。它不是RFC中定义的标准请求头信息。
-
$http_x_forwarded_for
Nginx中还有一个$http_x_forwarded_for变量,这个变量中保存的内容就是请求中的X-Forwarded-For信息。如果后端获得X-Forwarded-For信息的程序兼容性不好的话(没有考虑到X-Forwarded-For含有多个IP的情况),最好就不要将X-Forwarded-For设置为 KaTeX parse error: Double subscript at position 12: proxy_add_x_̲forwarded_for。应…http_x_forwarded_for或者干脆不设置。
-
$fastcgi_script_name
此变量保存的是请求的 URI,或者是以 / 结尾的 URI(即访问的是默认主页);比如在
location ~ \.php$
中配置root /data/nginx/yqc/www;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
;
当访问的 URI 为/appv1/test.php
时,
$document_root 指向 /data/nginx/yqc/www,
$fastcgi_script_name 指向 /appv1/test.php,
最终 SCRIPT_FILENAME 的值,即请求的 URI 指向的文件系统路径为:/data/nginx/yqc/www/appv1/test.php;$fastcgi_script_name
request URI or, if a URI ends with a slash, request URI with an index file name configured by the fastcgi_index directive appended to it. This variable can be used to set the
SCRIPT_FILENAME
andPATH_TRANSLATED
parameters that determine the script name in PHP. For example, for the “/info/
” request with the following directivesfastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name;
the
SCRIPT_FILENAME
parameter will be equal to “/home/www/scripts/php/info/index.php
”.When using the fastcgi_split_path_info directive, the
$fastcgi_script_name
variable equals the value of the first capture set by the directive.
3.2.2:Nginx 自定义变量
Syntax: set $variable value;
Default: —
Context: server, location, if
示例:
set $name magedu;
echo $name;
set $my_port $server_port;
echo $my_port;
echo "$server_name:$server_port";
3.2.3:自定义默认格式的访问日志
- 定义日志格式:
[root@node106 ~]# vim /apps/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format format1 '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$server_name:$server_port';
include /apps/nginx/conf.d/*.conf;
}
- 调用日志格式:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-yqc-com_access.log format1;
error_log /data/nginx/logs/www-yqc-com_error.log;
limit_rate 1024;
location / {
root /data/nginx/yqc/www;
index index.html;
limit_rate 1024;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
location = /status {
stub_status;
allow 192.168.1.0/24;
allow 127.0.0.1;
deny all;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问并查看日志:
[root@node106 ~]# !tail
tail -f /data/nginx/logs/www-yqc-com_access.log
192.168.1.9 - user1 [02/Dec/2020:18:12:31 +0800] "GET / HTTP/1.1"200 8 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36" "-"www.yqc.com:80
3.2.4:自定义 json 格式的访问日志
定义为 json 格式的访问日志,方便后期配合 ELK 对日志进行收集、统计和分析;
- 定义 json 日志格式:
[root@node106 ~]# vim /apps/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format format1 '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$server_name:$server_port';
log_format format2 '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
include /apps/nginx/conf.d/*.conf;
}
- 调动 json 日志格式:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-yqc-com_access.log format2;
error_log /data/nginx/logs/www-yqc-com_error.log;
limit_rate 1024;
location / {
root /data/nginx/yqc/www;
index index.html;
limit_rate 1024;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
location = /status {
stub_status;
allow 192.168.1.0/24;
allow 127.0.0.1;
deny all;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问并查看日志:
[root@node106 ~]# tail -f /data/nginx/logs/www-yqc-com_access.log
{"@timestamp":"2020-12-02T20:45:10+08:00","host":"192.168.1.106","clientip":"192.168.1.9","size":0,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"www.yqc.com","uri":"/index.html","domain":"www.yqc.com","xff":"-","referer":"-","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36","status":"304"}