4.36 域名重定向
域名重定向一般指URL转发,是通过服务器的特殊设置,将访问您当前域名的用户引导到您指定的另一个网络地址。 地址转向(也可称“URL转发”)即将一个域名指向到另外一个已存在的站点,英文称为“ URL FORWARDING ”。域名指向可能这个站点原有的域名或网址是比较复杂难记的。
- 虚拟主机配置:
[root@rice01 ~]# vi /etc/nginx/conf.d/blog.riceyoung.com.conf
server {
listen 80;
server_name blog.riceyoung.com blog.riceyoung.net;
// 增加域名 blog.riceyoung.net
if ( $host = blog.riceyoung.com )
{
rewrite /(.*) http://blog.riceyoung.net/$1 permanent;
}
// 增加跳转规则:如果访问 blog.riceyoung.com 则跳转至 http://blog.riceyoung.net
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /data/wwwroot/blog.riceyoung.com;
index index.html index.htm index.php;
}
location ~ \.php$ {
root /data/wwwroot/blog.riceyoung.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/blog.riceyoung.com$fastcgi_script_name;
include fastcgi_params;
}
}
[root@rice01 ~]# nginx -t && nginx -s reload
- 测试域名重定向
编辑本地hosts(C:\Windows\System32\drivers\etc\hosts),加入域名blog.riceyoung.net
[root@rice01 ~]# curl -x127.0.0.1:80 -I blog.riceyoung.com/bbs/abc/1.txt
// 测试跳转结果
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Sat, 16 Feb 2019 19:40:16 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://blog.riceyoung.net/bbs/abc/1.txt
// 测试访问 blog.riceyoung.com/bbs/abc/1.txt,返回结果为访问 http://blog.riceyoung.net/bbs/abc/1.txt
- 其它:
状态码:200(OK) 404(不存在) 304(缓存) 301(永久重定向) 302 (临时重定向);
如果是域名跳转,用301;如果不涉及域名跳转用302,例如:
server {
listen 80;
server_name blog.riceyoung.com blog.riceyoung.net;
if ( $host = blog.riceyoung.com )
{
rewrite /(.*) http://blog.riceyoung.net/$1 permanent;
}
rewrite /1.txt /2.txt redirect;
// 访问1.txt时,跳转到2.txt
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /data/wwwroot/blog.riceyoung.com;
index index.html index.htm index.php;
}
location ~ \.php$ {
root /data/wwwroot/blog.riceyoung.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/blog.riceyoung.com$fastcgi_script_name;
include fastcgi_params;
}
}
4.37 用户认证
用户认证的目的是增加二次认证,针对一些重要的目录(后台地址)。
- 虚拟机配置:
[root@rice01 ~]# htpasswd -c /etc/nginx/user_passwd user1
New password:
Re-type new password:
Adding password for user user1
// 新建user_passwd,创建user1用户和密码
[root@rice01 ~]# htpasswd -m /etc/nginx/user_passwd user2
New password:
Re-type new password:
Adding password for user user2
// 增加user2用户和密码
[root@rice01 ~]# vi /etc/nginx/conf.d/bbs.riceyoung.com.conf
server {
listen 80;
server_name bbs.riceyoung.com;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location ~ admin.php // 优先admin.php的location
{
auth_basic "Auth"; // 定义名称为Auth
auth_basic_user_file /etc/nginx/user_passwd; // 定义认证调用用户和密码的文件路径
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.riceyoung.com$fastcgi_script_name;
include fastcgi_params;
}
root /data/wwwroot/bbs.riceyoung.com;
index index.html index.htm index.php;
// 设置 root 和 index 调用为全局生效
location ~ \.php$ {
root /data/wwwroot/bbs.riceyoung.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.riceyoung.com$fastcgi_script_name;
include fastcgi_params;
}
}
[root@rice01 ~]# rm -f /data/wwwroot/bbs.riceyoung.com/install/index.php
- nginx location的优先级:
location /
优先级比location ~
要低,如果一个请求同时满足两个location
,则会优先选择~的location
。
nginx location 文档: https://github.com/aminglinux/nginx/tree/master/location
4.38 nginx访问日志
主配置文件:
// 定义日志格式,main为格式名称:
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
虚拟主机配置文件:
[root@rice01 conf.d]# mkdir /data/logs
[root@rice01 conf.d]# vi bbs.riceyoung.com.conf
server {
listen 80;
server_name bbs.riceyoung.com;
#charset koi8-r;
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /etc/nginx/user_passwd;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.riceyoung.com$fastcgi_script_name;
include fastcgi_params;
}
root /data/wwwroot/bbs.riceyoung.com;
index index.html index.htm index.php;
location ~ \.php$ {
root /data/wwwroot/bbs.riceyoung.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.riceyoung.com$fastcgi_script_name;
include fastcgi_params;
}
access_log /data/logs/bbs.riceyoung.com.access.log main;
// 定义日志文件路径、文件名、格式名
}
Nginx内置变量:https://github.com/aminglinux/nginx/blob/master/rewrite/variable.md
4.39 日志不记录静态文件
在访问日志里过滤掉一些图片、js、css类的请求日志。因为这样的请求日志没有多大用,而且会占用很大的磁盘空间。
- 虚拟主机配置:
[root@rice01 ~]# vi /etc/nginx/conf.d/bbs.riceyoung.com.conf
server {
listen 80;
server_name bbs.riceyoung.com;
#charset koi8-r;
location ~*\.(png|jpeg|gif|bmp|js|css|flv)$
// ~*表示不区分大小写的匹配,后面跟正则表达式
{
access_log off;
}
// 过滤 png、jpeg、gif、bmp、js、css、flv 的静态请求并关闭其日志记录
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /etc/nginx/user_passwd;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.riceyoung.com$fastcgi_script_name;
include fastcgi_params;
}
root /data/wwwroot/bbs.riceyoung.com;
index index.html index.htm index.php;
location ~ \.php$ {
root /data/wwwroot/bbs.riceyoung.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.riceyoung.com$fastcgi_script_name;
include fastcgi_params;
}
access_log /data/logs/bbs.riceyoung.com.access.log main;
}
- 测试
[root@rice01 ~]# nginx -t && nginx -s reload
[root@rice01 ~]# > /data/logs/bbs.riceyoung.com.access.log
// > 可以清空一个文件的内容
[root@rice01 ~]# tail -f /data/logs/bbs.riceyoung.com.access.log
// -f 选项可以动态查看一个文件的内容
4.40 nginx日志切割
/data/logs/ 里面有很多访问日志,如果日志越来越大,可能有一天会把整个磁盘写满,也不方便查看。
logrotate
的配置文件:
[root@rice01 ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly // 按周切割
# keep 4 weeks worth of backlogs
rotate 4 // 切割4个
# create new (empty) log files after rotating old ones
create // 将旧文件改名并生成新文件
# use date as a suffix of the rotated file
dateext // 使用按日期的后缀
# uncomment this if you want your log files compressed
#compress // 是否压缩
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly // 按月切割
create 0664 root utmp // 创建新文件的权限及属主属组
minsize 1M // 最小1M,大于1M切割
rotate 1 // 切割1个
}
/var/log/btmp {
missingok // 忽略错误
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
- 如果是yum安装的nginx,则自带日志切割的策略文件:
[root@rice01 logrotate.d]# cat /etc/logrotate.d/nginx
/var/log/nginx/*.log {
daily // 每天切割
missingok // 忽略错误
rotate 52 // 切割52个
compress // 压缩
delaycompress // 延后一天压缩
notifempty // 如果为空则不切割
create 640 nginx adm // 创建创建的文件权限为640,属主为nginx,属组为adm
sharedscripts // 执行下面shell的判断语句
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid`
fi
endscript
}
- 自定义:
[root@rice01 logrotate.d]# vi /etc/logrotate.d/nginx
/var/log/nginx/*.log /data/logs/*.log {
daily
dateext
missingok
rotate 7
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid`
fi
endscript
}
- 切割日志:
[root@rice01 ~]# ls /var/log/nginx/
access.log error.log
[root@rice01 ~]# ls /data/logs/
bbs.riceyoung.com.access.log
[root@rice01 ~]# logrotate -v /etc/logrotate.d/nginx // 查看切割过程
[root@rice01 ~]# logrotate -vf /etc/logrotate.d/nginx // 强制切割
[root@rice01 ~]# ls /data/logs /var/log/nginx
/data/logs:
bbs.riceyoung.com.access.log bbs.riceyoung.com.access.log-20190217
/var/log/nginx:
access.log error.log error.log-20190217