域名重定向
用户认证
Nginx访问日志
日志不记录静态文件
日志切割
域名重定向
配置第二个域名:
vi /etc/nginx/conf.d/blog.aminglinux.cc.conf
在 server_name 那一行的域名后面再加一个域名,空格作为分隔。
nginx -t
nginx -s reload
域名重定向: #通过设置Web服务的配置文件,将原本访问A域名的请求访问到B域名
从a域名跳转到b域名
vi /etc/nginx/conf.d/blog.aminglinux.cc.conf //增加:
if ( $host = blog.aminglinux.cc )
{
rewrite /(.*) http://www.aming.com/$1 permanent;
}
nginx -t
nginx -s reload
测试是否实现了重定向:
curl -x127.0.0.1:80 -I blog.aminglinuc.cc/1.txt
补充:
状态码:200(OK) 404(不存在) 304(缓存) 301(永久重定向) 302 (临时重定向)
#301 permanent 302 redirect
如果是域名跳转,用301; 如果不涉及域名跳转用302
rewrite /1.txt /2.txt redirect;
效果图:
用户认证
为了站点的安全,可以通过修改配置文件来针对一些重要的目录(站点后台地址)进行用户认证
用户认证的目的:
实现二次认证,针对一些重要的目录(后台地址)
配置用户认证:
vi 配置文件 //添加:
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /etc/nginx/user_passwd;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.aminglinux.cc$fastcgi_script_name;
include fastcgi_params;
}
补充:
nginx location优先级:
location / 优先级比 location ~ 要低,也就是说,如果一个请求(如,aming.php)同时满足两个location
location /amin.php
location ~ *.php$
会选择下面的
nginx location 文档: https://github.com/aminglinux/nginx/tree/master/location
Nginx访问日志
- 日志的内容是通过编辑Nginx主配置文件来定义的。
- 日志的格式(显示在日志文件中的内容)
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
- $remote_addr 客户端ip(公网ip)
- $http_x_forwarded_for 代理服务器ip
- $time_local 服务器本地时间
- $host 访问主机名(域名)
- $request_uri 访问的url地址
- $status 状态码
- $http_referer 从哪个站点跳转到该站点的(直接访问该项为-)
- $http_user_agent 访问方式(通过XX浏览器,或curl方式访问)
自定义一个格式的日志test
- 为了试验效果,我们可以自定义一个日志格式,只记录客户端ip和状态码的日志格式test ,然后把这个格式应用到www.lcblog.com上去。
log_format test '$remote_addr $status' ;
- 应用到blog.abc.com.conf中
access_log /var/log/nginx/host.access.log test;
- 日志中只会记录如下,客户端ip和状态码的信息。
[root@localhost blog.abc.com]# cat /var/log/nginx/host.access.log
192.168.254.1 200
127.0.0.1 301
nginx内置变量: https://github.com/aminglinux/nginx/blob/master/rewrite/variable.md
在网页上刷新也会在日志上产生文件
日志不记录静态文件
- 一个网站里可能包含很多静态文件,比如jpg,png,gif,js,css等,如果每一个访问都记录日志的话,日志文件会疯狂增长,这就需要配置静态文件不记录日志了,在虚拟主机配置文件中添加如下内容。
location ~* \.(png|jpeg|gif|js|css|bmp|flv)$ #*表示不区分大小写
{
access_log off;
}
补充:
-
tail -f /data/logs/bbs.access.log -f选型可以动态查看一个文件的内容
-
">"可以清空一个文件内容
-
~* 表示不区分大小写的匹配 后面跟正则表达式.表示任意一个字符 #不使用正则表达式的含义,就使用脱义
日志切割
- 系统自带日志切割工具logrotate。配置文件是/etc/logratate.conf,子配置文件/etc/lograte.d/*
- nginx 的日志切割配置文件/etc/logrotate.d/nginx #yum安装的nginx,自带了切割文件
/var/log/nginx/*.log {
daily
dateext
missingok
rotate 52
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid`
fi
endscript
- 测试执行logrotate -vf /etc/logrotate.d/nginx #-f 强制切割
借鉴代码
[root@test01 ~]# setenforce 0 机器关机过所以,如果没有在配置文件里禁用seLinux,每次重启就会再次生效
[root@test01 ~]# cd /etc/nginx/conf.d/
[root@test01 conf.d]#
[root@test01 conf.d]# vi www.champin.top.conf
server {
listen 80;
server_name www.champin.top blog.champin.top; 域名后面再增加一个域名server_name后面,空格分隔
域名重定向
[root@test01 conf.d]# vi www.champin.top.conf
server_name www.champin.top blog.champin.top;
if ( $host = www.champin.top )
{
rewrite /(.*) http://blog.champin.top/$1 permanent;
}
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload
[root@test01 conf.d]# curl -x127.0.0.1:80 -I www.champin.top/bbs/abc/1.txt 这个是linux上的测试。
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 15:47:17 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://blog.champin.top/bbs/abc/1.txt 自动跳转到blog.champin.top上
浏览器的测试没有截图
[root@test01 conf.d]# vi www.champin.top.conf 如果是内部的跳转,1.txt,调到2.txt
rewrite /1.txt /2.txt redirect;
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload
[root@test01 conf.d]# curl -x127.0.0.1:80 -I blog.champin.top/1.txt
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 16:01:13 GMT
Content-Type: text/html
Content-Length: 161
Location: http://blog.champin.top/2.txt
Connection: keep-alive
用户认证
[root@test01 conf.d]# vi bbs.champin.top.conf
server {
listen 80;
server_name bbs.champin.top;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location ~ /admin.php 这里存在一个优先级的问题所以也改成 ~ /
{
auth_basic "Auth"; 命名
auth_basic_user_file /etc/nginx/user_passwd;指定用户密码配置文件
}
把location 去掉,变成全局的
root /data/wwwroot/bbs.champin.top;
index index.html index.htm index.php;
[root@test01 conf.d]# yum install -y httpd-tools |less
[root@test01 conf.d]# htpasswd -c /etc/nginx/user_passwd user1 第一次使用可以用-c
New password:
Re-type new password:
Adding password for user user1
[root@test01 conf.d]# cat /etc/nginx/user_passwd 看一看生成的用户和密码
user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/
[root@test01 conf.d]# htpasswd -m /etc/nginx/user_passwd user2 再次使用就不要用-c了,用-m
New password:
Re-type new password:
Adding password for user user2
[root@test01 conf.d]# cat /etc/nginx/user_passwd
user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/
user2:$apr1$knzvn.r.$ID04wDsUEmjZluw0xadH0/
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload 用浏览器尝试访问,输入user1 然后密码后,会直接下载admin.php,说明php解析没有成功,继续编辑配置文件
[root@test01 conf.d]# vi bbs.champin.top.conf
配置文件要添加上php解析语句才可以。
location ~ /admin.php
{
auth_basic "Auth";
auth_basic_user_file /etc/nginx/user_passwd;
root /data/wwwroot/bbs.champin.top;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.champin.top$fastcgi_script_name;
include fastcgi_params;
}
root /data/wwwroot/bbs.champin.top;
index index.html index.htm index.php;
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload
访问日志
[root@test01 conf.d]# vi /etc/nginx/nginx.conf 这个是定义日志的格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format main '$remote_addr - 远程客户端的IP地址
$remote_user 如果做了用户认证的话,回去记录用户
$time_local] 时间
$request" ' 请求的方法,如get等。请求的链接。http的版本
$status 状态码
$body_bytes_sent 请求发送的大小
$http_referer" ' 请求的referer,从哪里跳转过来的。
$http_user_agent" 记录浏览器等
$http_x_forwarded_for"'; 如果使用代理,会记录代理ip
[root@test01 conf.d]# vi bbs.champin.top.conf 复制到最后一行,把#号去掉,重新定义路径
access_log /data/logs/bbs.access.log main;
[root@test01 conf.d]# nginx -t 提示data下面没有logs目录。
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/data/logs/bbs.access.log" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
[root@test01 conf.d]# mkdir /data/logs 新建一下
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload
[root@test01 conf.d]# ls /data/logs 看一下有了日志文件了。
bbs.access.log
[root@test01 conf.d]# cat /data/logs/bbs.access.log 一般是空的,自动刷新网页也可能产生日志
在浏览器里做访问,然后在去查看日志
[root@test01 conf.d]# cat /data/logs/bbs.access.log 查看一下日志文件,日志所记录的字段就是根据
log_format main来的
192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 499 0 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
日志不记录静态文件
[root@test01 conf.d]# vi bbs.champin.top.conf
location ~* \.(png|jpeg|gif|js|css|bmp|flv)$
{
access_log off;
}
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload
[root@test01 conf.d]# > /data/logs/bbs.access.log 清空一下日志。
[root@test01 conf.d]# tail /data/logs/bbs.access.log 空的
再浏览器执行ctrl+f5强制刷新
[root@test01 conf.d]# tail -f /data/logs/bbs.access.log
192.168.28.1 - user1 [19/Feb/2019:01:34:13 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/portal.php?mod=portalcp" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /uc_server/avatar.php?uid=1&size=small HTTP/1.1" 301 5 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /favicon.ico HTTP/1.1" 200 5558 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
就没有png gif等日志了
以下没有配置不记录静态文件日志
192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
日志切割
系统里有一个日志切割的服务或者叫工具
[root@test01 conf.d]# ls /etc/logrotate.conf
/etc/logrotate.conf
[root@test01 conf.d]# cat !$
cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
如果是yum安装的nginx,已经自带了切割文件
[root@test01 conf.d]# cd /etc/logrotate.d
[root@test01 logrotate.d]# ls
chrony nginx ppp syslog wpa_supplicant yum
[root@test01 logrotate.d]# cat nginx
/var/log/nginx/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid`
fi
endscript
}
[root@test01 logrotate.d]# vim nginx
/var/log/nginx/*.log /data/logs/*.log {
daily
dateext
missingok
rotate 7
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid`
fi
endscript
}
[root@test01 logrotate.d]# logrotate -v /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 B
Handling 1 logs
rotating pattern: /var/log/nginx/*.log /data/logs/*.log after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.log
log does not need rotating (log has been already rotated)considering log /var/log/nginx/error.log
log does not need rotating (log has been already rotated)considering log /data/logs/bbs.access.log
log does not need rotating (log has been already rotated)not running postrotate script, since no logs were rotated
set default create context
[root@test01 logrotate.d]# ls /data/logs/
bbs.access.log
[root@test01 logrotate.d]# ls /var/log/nginx/
access.log error.log
[root@test01 logrotate.d]# logrotate -vf /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 B
Handling 1 logs
rotating pattern: /var/log/nginx/*.log /data/logs/*.log forced from command line (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.log
log needs rotating
considering log /var/log/nginx/error.log
log needs rotating
considering log /data/logs/bbs.access.log
log needs rotating
rotating log /var/log/nginx/access.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
rotating log /var/log/nginx/error.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
rotating log /data/logs/bbs.access.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
fscreate context set to unconfined_u:object_r:httpd_log_t:s0
renaming /var/log/nginx/access.log to /var/log/nginx/access.log-20190219
creating new /var/log/nginx/access.log mode = 0640 uid = 996 gid = 4
fscreate context set to unconfined_u:object_r:httpd_log_t:s0
renaming /var/log/nginx/error.log to /var/log/nginx/error.log-20190219
creating new /var/log/nginx/error.log mode = 0640 uid = 996 gid = 4
fscreate context set to unconfined_u:object_r:default_t:s0
renaming /data/logs/bbs.access.log to /data/logs/bbs.access.log-20190219
creating new /data/logs/bbs.access.log mode = 0640 uid = 996 gid = 4
running postrotate script
set default create context
[root@test01 logrotate.d]# ls /data/logs/
bbs.access.log bbs.access.log-20190219
[root@test01 logrotate.d]# ls /var/log/nginx/
access.log access.log-20190219 error.log error.log-20190219