4.36-域名重定向 4.37-用户认证 4.38-Nginx访问日志 4.39-日志不记录静态文件 4.40-日志切割...

2019独角兽企业重金招聘Python工程师标准>>>

4.36-域名重定向

配置第二个域名：

vi /etc/nginx/conf.d/blog.aminglinux.cc.conf
在 server_name 那一行的域名后面再加一个域名，空格作为分隔。
nginx -t
nginx -s reload

域名重定向：

从a域名跳转到b域名
vi /etc/nginx/conf.d/blog.aminglinux.cc.conf //增加：
    if ( $host = blog.aminglinux.cc )
    {
    	rewrite /(.*)  http://www.aming.com/$1 permanent;
	    }
nginx -t
nginx -s reload

测试：

curl -x127.0.0.1:80 -I blog.aminglinuc.cc/1.txt 

补充：

状态码：200（OK）  404（不存在）   304（缓存） 301（永久重定向）  302 （临时重定向）

如果是域名跳转，用301； 如果不涉及域名跳转用302
rewrite /1.txt  /2.txt  redirect;

 

4.37-用户认证

用户认证的目的：

实现二次认证，针对一些重要的目录（后台地址）

配置用户认证：

vi  配置文件 //添加：

location ~ admin.php 
{ 
	    auth_basic "Auth"; 
    auth_basic_user_file /etc/nginx/user_passwd; 
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /data/wwwroot/bbs.aminglinux.cc$fastcgi_script_name;
    include        fastcgi_params;
}

补充：

nginx location优先级：

location /  优先级比 location ~ 要低，也就是说，如果一个请求（如，aming.php）同时满足两个location
location /amin.php
location ~ *.php$
会选择下面的
nginx location 文档： https://github.com/aminglinux/nginx/tree/master/location

4.38-Nginx访问日志

Nginx访问日志：

就是用户访问网站的记录。

配置访问日志：

主配置文件：
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

虚拟主机配置文件：
	access_log /log/to/path main; 


nginx内置变量： https://github.com/aminglinux/nginx/blob/master/rewrite/variable.md

4.39-日志不记录静态文件

日志里面不记录静态文件：

在访问日志里，过滤掉一些图片、js、css类的请求日志。因为这样的请求日志没有多大用，而且会占用很大的磁盘空间

如何配置？

在虚拟主机配置文件里增加配置：

    location ~* \.(png|jpeg|gif|js|css|bmp|flv)$
    {
    access_log off;
     }

补充：

tail -f /data/logs/bbs.access.log  //-f选型可以动态查看一个文件的内容
> 可以清空一个文件内容
~* 表示不区分大小写的匹配  后面跟正则表达式   .表示任意一个字符

4.40-日志切割

为什么要做日志切割？

/data/logs/ 里面有很多访问日志。 如果日志越来越大，可能有一天会把整个磁盘写满。你可以想象一下一个日志有100G
你如何查看这个日志？ cat  less   tail  vi  

系统里有一个日志切割的服务

logrotate  工具
配置文件： /etc/logrotate.conf
子配置文件：/etc/logrotate.d/* 

Nginx的日志切割配置文件：

/etc/logrotate.d/nginx

内容： /var/log/nginx/.log /data/logs/.log { daily dateext missingok rotate 7 compress delaycompress notifempty create 640 nginx adm sharedscripts postrotate if [ -f /var/run/nginx.pid ]; then kill -USR1 cat /var/run/nginx.pid fi endscript }

测试执行：

logrotate -vf /etc/logrotate.d/nginx

 

 

代码正在整理后做编辑

[root@test01 ~]# setenforce 0  机器关机过所以，如果没有在配置文件里禁用seLinux，每次重启就会再次生效
[root@test01 ~]# cd /etc/nginx/conf.d/
[root@test01 conf.d]# 
[root@test01 conf.d]# vi www.champin.top.conf 

server {
    listen       80;
    server_name  www.champin.top blog.champin.top;   域名后面再增加一个域名server_name后面，空格分隔

域名重定向
[root@test01 conf.d]# vi www.champin.top.conf
    server_name  www.champin.top blog.champin.top;
    if ( $host = www.champin.top )
    {
        rewrite /(.*) http://blog.champin.top/$1 permanent;
    }

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload

[root@test01 conf.d]# curl -x127.0.0.1:80 -I www.champin.top/bbs/abc/1.txt  这个是linux上的测试。
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 15:47:17 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://blog.champin.top/bbs/abc/1.txt   自动跳转到blog.champin.top上
浏览器的测试没有截图

[root@test01 conf.d]# vi www.champin.top.conf  如果是内部的跳转，1.txt,调到2.txt
 rewrite /1.txt /2.txt redirect;

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload

[root@test01 conf.d]# curl -x127.0.0.1:80 -I blog.champin.top/1.txt
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 16:01:13 GMT
Content-Type: text/html
Content-Length: 161
Location: http://blog.champin.top/2.txt
Connection: keep-alive

用户认证
 
[root@test01 conf.d]# vi bbs.champin.top.conf 

server {
    listen       80;
    server_name  bbs.champin.top;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;
    
    location ~ /admin.php      这里存在一个优先级的问题所以也改成 ~ /                  
    {
        auth_basic "Auth";                          命名
        auth_basic_user_file /etc/nginx/user_passwd;指定用户密码配置文件
    }


把location 去掉，变成全局的
        root   /data/wwwroot/bbs.champin.top;
        index  index.html index.htm index.php;


[root@test01 conf.d]# yum install -y httpd-tools |less

[root@test01 conf.d]# htpasswd -c /etc/nginx/user_passwd user1   第一次使用可以用-c 
New password: 
Re-type new password: 
Adding password for user user1
[root@test01 conf.d]# cat /etc/nginx/user_passwd     看一看生成的用户和密码
user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/
[root@test01 conf.d]# htpasswd -m /etc/nginx/user_passwd user2   再次使用就不要用-c了，用-m
New password: 
Re-type new password: 
Adding password for user user2
[root@test01 conf.d]# cat /etc/nginx/user_passwd
user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/
user2:$apr1$knzvn.r.$ID04wDsUEmjZluw0xadH0/

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload                 用浏览器尝试访问，输入user1 然后密码后，会直接下载admin.php，说明php解析没有成功，继续编辑配置文件


[root@test01 conf.d]# vi bbs.champin.top.conf 
配置文件要添加上php解析语句才可以。

location ~ /admin.php
    {
        auth_basic "Auth";
        auth_basic_user_file /etc/nginx/user_passwd;
        root           /data/wwwroot/bbs.champin.top;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /data/wwwroot/bbs.champin.top$fastcgi_script_name;
        include        fastcgi_params;

    }


        root   /data/wwwroot/bbs.champin.top;
        index  index.html index.htm index.php;

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload 


访问日志


[root@test01 conf.d]# vi /etc/nginx/nginx.conf   这个是定义日志的格式
 log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

 log_format  main  '$remote_addr -            远程客户端的IP地址
                    $remote_user              如果做了用户认证的话，回去记录用户 
                    $time_local]              时间
                    $request" '               请求的方法，如get等。请求的链接。http的版本
                    $status                   状态码
                    $body_bytes_sent          请求发送的大小 
                    $http_referer" '          请求的referer，从哪里跳转过来的。
                    $http_user_agent"         记录浏览器等
                    $http_x_forwarded_for"';  如果使用代理，会记录代理ip

[root@test01 conf.d]# vi bbs.champin.top.conf    复制到最后一行，把#号去掉，重新定义路径
    access_log  /data/logs/bbs.access.log  main;



[root@test01 conf.d]# nginx -t   提示data下面没有logs目录。
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/data/logs/bbs.access.log" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

[root@test01 conf.d]# mkdir /data/logs  新建一下
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload 

[root@test01 conf.d]# ls /data/logs      看一下有了日志文件了。
bbs.access.log
[root@test01 conf.d]# cat /data/logs/bbs.access.log   一般是空的，自动刷新网页也可能产生日志
在浏览器里做访问，然后在去查看日志

[root@test01 conf.d]# cat /data/logs/bbs.access.log   查看一下日志文件，日志所记录的字段就是根据
                                                      log_format  main来的
 
192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 499 0 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"



日志不记录静态文件

[root@test01 conf.d]# vi bbs.champin.top.conf
    location ~* \.(png|jpeg|gif|js|css|bmp|flv)$
    {
        access_log off;
    }

[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload

[root@test01 conf.d]# > /data/logs/bbs.access.log   清空一下日志。
[root@test01 conf.d]# tail /data/logs/bbs.access.log   空的
再浏览器执行ctrl+f5强制刷新

[root@test01 conf.d]# tail -f /data/logs/bbs.access.log 
192.168.28.1 - user1 [19/Feb/2019:01:34:13 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/portal.php?mod=portalcp" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /uc_server/avatar.php?uid=1&size=small HTTP/1.1" 301 5 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /favicon.ico HTTP/1.1" 200 5558 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"


就没有png gif等日志了

以下没有配置不记录静态文件日志
192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"

日志切割

系统里有一个日志切割的服务或者叫工具
[root@test01 conf.d]# ls /etc/logrotate.conf 
/etc/logrotate.conf

[root@test01 conf.d]# cat !$
cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext



# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
	minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

如果是yum安装的nginx，已经自带了切割文件
[root@test01 conf.d]# cd /etc/logrotate.d
[root@test01 logrotate.d]# ls
chrony  nginx  ppp  syslog  wpa_supplicant  yum
[root@test01 logrotate.d]# cat nginx 
/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                if [ -f /var/run/nginx.pid ]; then
                        kill -USR1 `cat /var/run/nginx.pid`
                fi
        endscript
}
[root@test01 logrotate.d]# vim nginx 
/var/log/nginx/*.log /data/logs/*.log {
        daily
        dateext
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                if [ -f /var/run/nginx.pid ]; then
                        kill -USR1 `cat /var/run/nginx.pid`
                fi
        endscript
}


[root@test01 logrotate.d]# logrotate -v /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 B

Handling 1 logs

rotating pattern: /var/log/nginx/*.log /data/logs/*.log  after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.log
  log does not need rotating (log has been already rotated)considering log /var/log/nginx/error.log
  log does not need rotating (log has been already rotated)considering log /data/logs/bbs.access.log
  log does not need rotating (log has been already rotated)not running postrotate script, since no logs were rotated
set default create context

[root@test01 logrotate.d]# ls /data/logs/
bbs.access.log
[root@test01 logrotate.d]# ls /var/log/nginx/
access.log  error.log

[root@test01 logrotate.d]# logrotate -vf /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 B

Handling 1 logs

rotating pattern: /var/log/nginx/*.log /data/logs/*.log  forced from command line (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.log
  log needs rotating
considering log /var/log/nginx/error.log
  log needs rotating
considering log /data/logs/bbs.access.log
  log needs rotating
rotating log /var/log/nginx/access.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
rotating log /var/log/nginx/error.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
rotating log /data/logs/bbs.access.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
fscreate context set to unconfined_u:object_r:httpd_log_t:s0
renaming /var/log/nginx/access.log to /var/log/nginx/access.log-20190219
creating new /var/log/nginx/access.log mode = 0640 uid = 996 gid = 4
fscreate context set to unconfined_u:object_r:httpd_log_t:s0
renaming /var/log/nginx/error.log to /var/log/nginx/error.log-20190219
creating new /var/log/nginx/error.log mode = 0640 uid = 996 gid = 4
fscreate context set to unconfined_u:object_r:default_t:s0
renaming /data/logs/bbs.access.log to /data/logs/bbs.access.log-20190219
creating new /data/logs/bbs.access.log mode = 0640 uid = 996 gid = 4
running postrotate script
set default create context

[root@test01 logrotate.d]# ls /data/logs/
bbs.access.log  bbs.access.log-20190219
[root@test01 logrotate.d]# ls /var/log/nginx/
access.log  access.log-20190219  error.log  error.log-20190219

 

转载于:https://my.oschina.net/u/3708120/blog/3010279