2019獨角獸企業(yè)重金招聘Python工程師標準>>>

域名重定向

用戶認證

Nginx訪問日志

日志不記錄靜態(tài)文件

日志切割

?域名重定向

配置第二個域名：

vi /etc/nginx/conf.d/blog.aminglinux.cc.conf 在 server_name 那一行的域名后面再加一個域名，空格作為分隔。 nginx -t nginx -s reload

?

域名重定向： #通過設(shè)置Web服務(wù)的配置文件，將原本訪問A域名的請求訪問到B域名

從a域名跳轉(zhuǎn)到b域名 vi /etc/nginx/conf.d/blog.aminglinux.cc.conf //增加：if ( $host = blog.aminglinux.cc ){rewrite /(.*) http://www.aming.com/$1 permanent;} nginx -t nginx -s reload

測試是否實現(xiàn)了重定向：

curl -x127.0.0.1:80 -I blog.aminglinuc.cc/1.txt

補充：

狀態(tài)碼：200（OK） 404（不存在） 304（緩存） 301（永久重定向） 302 （臨時重定向） #301 permanent 302 redirect如果是域名跳轉(zhuǎn)，用301； 如果不涉及域名跳轉(zhuǎn)用302 rewrite /1.txt /2.txt redirect;

?效果圖：

用戶認證

為了站點的安全，可以通過修改配置文件來針對一些重要的目錄（站點后臺地址）進行用戶認證

用戶認證的目的：

實現(xiàn)二次認證，針對一些重要的目錄（后臺地址）

配置用戶認證：

vi 配置文件 //添加：location ~ admin.php { auth_basic "Auth"; auth_basic_user_file /etc/nginx/user_passwd; fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.aminglinux.cc$fastcgi_script_name;include fastcgi_params; }

補充：

nginx location優(yōu)先級：

location / 優(yōu)先級比 location ~ 要低，也就是說，如果一個請求（如，aming.php）同時滿足兩個location location /amin.php location ~ *.php$ 會選擇下面的 nginx location 文檔： https://github.com/aminglinux/nginx/tree/master/location

Nginx訪問日志

• 日志的內(nèi)容是通過編輯Nginx主配置文件來定義的。?
• 日志的格式（顯示在日志文件中的內(nèi)容）

log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';

• $remote_addr 客戶端ip（公網(wǎng)ip）
• $http_x_forwarded_for 代理服務(wù)器ip
• $time_local 服務(wù)器本地時間
• $host 訪問主機名（域名）
• $request_uri 訪問的url地址
• $status 狀態(tài)碼
• $http_referer 從哪個站點跳轉(zhuǎn)到該站點的（直接訪問該項為-）
• $http_user_agent 訪問方式（通過XX瀏覽器，或curl方式訪問）

自定義一個格式的日志test

• 為了試驗效果，我們可以自定義一個日志格式，只記錄客戶端ip和狀態(tài)碼的日志格式test ，然后把這個格式應用到www.lcblog.com上去。

log_format test '$remote_addr $status' ;

• 應用到blog.abc.com.conf中

access_log /var/log/nginx/host.access.log test;

• 日志中只會記錄如下，客戶端ip和狀態(tài)碼的信息。

[root@localhost blog.abc.com]# cat /var/log/nginx/host.access.log 192.168.254.1 200 127.0.0.1 301 nginx內(nèi)置變量： https://github.com/aminglinux/nginx/blob/master/rewrite/variable.md

在網(wǎng)頁上刷新也會在日志上產(chǎn)生文件

日志不記錄靜態(tài)文件

• 一個網(wǎng)站里可能包含很多靜態(tài)文件，比如jpg,png,gif,js,css等，如果每一個訪問都記錄日志的話，日志文件會瘋狂增長，這就需要配置靜態(tài)文件不記錄日志了，在虛擬主機配置文件中添加如下內(nèi)容。

location ~* \.(png|jpeg|gif|js|css|bmp|flv)$ #*表示不區(qū)分大小寫{access_log off;}

補充：

• tail -f /data/logs/bbs.access.log ? ? ?-f選型可以動態(tài)查看一個文件的內(nèi)容

• ">"可以清空一個文件內(nèi)容

• ~* 表示不區(qū)分大小寫的匹配 后面跟正則表達式.表示任意一個字符 #不使用正則表達式的含義，就使用脫義?

日志切割

• 系統(tǒng)自帶日志切割工具logrotate。配置文件是/etc/logratate.conf,子配置文件/etc/lograte.d/* ?
• nginx 的日志切割配置文件/etc/logrotate.d/nginx ? ?#yum安裝的nginx，自帶了切割文件

/var/log/nginx/*.log {dailydateextmissingokrotate 52compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript

• 測試執(zhí)行l(wèi)ogrotate -vf /etc/logrotate.d/nginx ? #-f ?強制切割

借鑒代碼

[root@test01 ~]# setenforce 0 機器關(guān)機過所以，如果沒有在配置文件里禁用seLinux，每次重啟就會再次生效 [root@test01 ~]# cd /etc/nginx/conf.d/ [root@test01 conf.d]# [root@test01 conf.d]# vi www.champin.top.conf server {listen 80;server_name www.champin.top blog.champin.top; 域名后面再增加一個域名server_name后面，空格分隔域名重定向 [root@test01 conf.d]# vi www.champin.top.confserver_name www.champin.top blog.champin.top;if ( $host = www.champin.top ){rewrite /(.*) http://blog.champin.top/$1 permanent;}[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# curl -x127.0.0.1:80 -I www.champin.top/bbs/abc/1.txt 這個是linux上的測試。 HTTP/1.1 301 Moved Permanently Server: nginx/1.14.2 Date: Mon, 18 Feb 2019 15:47:17 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: http://blog.champin.top/bbs/abc/1.txt 自動跳轉(zhuǎn)到blog.champin.top上 瀏覽器的測試沒有截圖[root@test01 conf.d]# vi www.champin.top.conf 如果是內(nèi)部的跳轉(zhuǎn)，1.txt,調(diào)到2.txtrewrite /1.txt /2.txt redirect;[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# curl -x127.0.0.1:80 -I blog.champin.top/1.txt HTTP/1.1 302 Moved Temporarily Server: nginx/1.14.2 Date: Mon, 18 Feb 2019 16:01:13 GMT Content-Type: text/html Content-Length: 161 Location: http://blog.champin.top/2.txt Connection: keep-alive用戶認證[root@test01 conf.d]# vi bbs.champin.top.conf server {listen 80;server_name bbs.champin.top;#charset koi8-r;#access_log /var/log/nginx/host.access.log main;location ~ /admin.php 這里存在一個優(yōu)先級的問題所以也改成 ~ / {auth_basic "Auth"; 命名auth_basic_user_file /etc/nginx/user_passwd;指定用戶密碼配置文件}把location 去掉，變成全局的root /data/wwwroot/bbs.champin.top;index index.html index.htm index.php;[root@test01 conf.d]# yum install -y httpd-tools |less[root@test01 conf.d]# htpasswd -c /etc/nginx/user_passwd user1 第一次使用可以用-c New password: Re-type new password: Adding password for user user1 [root@test01 conf.d]# cat /etc/nginx/user_passwd 看一看生成的用戶和密碼 user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/ [root@test01 conf.d]# htpasswd -m /etc/nginx/user_passwd user2 再次使用就不要用-c了，用-m New password: Re-type new password: Adding password for user user2 [root@test01 conf.d]# cat /etc/nginx/user_passwd user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/ user2:$apr1$knzvn.r.$ID04wDsUEmjZluw0xadH0/[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload 用瀏覽器嘗試訪問，輸入user1 然后密碼后，會直接下載admin.php，說明php解析沒有成功，繼續(xù)編輯配置文件[root@test01 conf.d]# vi bbs.champin.top.conf 配置文件要添加上php解析語句才可以。location ~ /admin.php{auth_basic "Auth";auth_basic_user_file /etc/nginx/user_passwd;root /data/wwwroot/bbs.champin.top;fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.champin.top$fastcgi_script_name;include fastcgi_params;}root /data/wwwroot/bbs.champin.top;index index.html index.htm index.php;[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload 訪問日志[root@test01 conf.d]# vi /etc/nginx/nginx.conf 這個是定義日志的格式log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';log_format main '$remote_addr - 遠程客戶端的IP地址$remote_user 如果做了用戶認證的話，回去記錄用戶 $time_local] 時間$request" ' 請求的方法，如get等。請求的鏈接。http的版本$status 狀態(tài)碼$body_bytes_sent 請求發(fā)送的大小 $http_referer" ' 請求的referer，從哪里跳轉(zhuǎn)過來的。$http_user_agent" 記錄瀏覽器等$http_x_forwarded_for"'; 如果使用代理，會記錄代理ip[root@test01 conf.d]# vi bbs.champin.top.conf 復制到最后一行，把#號去掉，重新定義路徑access_log /data/logs/bbs.access.log main;[root@test01 conf.d]# nginx -t 提示data下面沒有l(wèi)ogs目錄。 nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: [emerg] open() "/data/logs/bbs.access.log" failed (2: No such file or directory) nginx: configuration file /etc/nginx/nginx.conf test failed[root@test01 conf.d]# mkdir /data/logs 新建一下 [root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload [root@test01 conf.d]# ls /data/logs 看一下有了日志文件了。 bbs.access.log [root@test01 conf.d]# cat /data/logs/bbs.access.log 一般是空的，自動刷新網(wǎng)頁也可能產(chǎn)生日志 在瀏覽器里做訪問，然后在去查看日志[root@test01 conf.d]# cat /data/logs/bbs.access.log 查看一下日志文件，日志所記錄的字段就是根據(jù)log_format main來的192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 499 0 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"日志不記錄靜態(tài)文件[root@test01 conf.d]# vi bbs.champin.top.conflocation ~* \.(png|jpeg|gif|js|css|bmp|flv)${access_log off;}[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# > /data/logs/bbs.access.log 清空一下日志。 [root@test01 conf.d]# tail /data/logs/bbs.access.log 空的 再瀏覽器執(zhí)行ctrl+f5強制刷新[root@test01 conf.d]# tail -f /data/logs/bbs.access.log 192.168.28.1 - user1 [19/Feb/2019:01:34:13 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/portal.php?mod=portalcp" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /uc_server/avatar.php?uid=1&size=small HTTP/1.1" 301 5 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /favicon.ico HTTP/1.1" 200 5558 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"就沒有png gif等日志了以下沒有配置不記錄靜態(tài)文件日志 192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"日志切割系統(tǒng)里有一個日志切割的服務(wù)或者叫工具 [root@test01 conf.d]# ls /etc/logrotate.conf /etc/logrotate.conf[root@test01 conf.d]# cat !$ cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly# keep 4 weeks worth of backlogs rotate 4# create new (empty) log files after rotating old ones create# use date as a suffix of the rotated file dateext# uncomment this if you want your log files compressed #compress# RPM packages drop log rotation information into this directory include /etc/logrotate.d# no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp {monthlycreate 0664 root utmpminsize 1Mrotate 1 }/var/log/btmp {missingokmonthlycreate 0600 root utmprotate 1 }# system-specific logs may be also be configured here.如果是yum安裝的nginx，已經(jīng)自帶了切割文件 [root@test01 conf.d]# cd /etc/logrotate.d [root@test01 logrotate.d]# ls chrony nginx ppp syslog wpa_supplicant yum [root@test01 logrotate.d]# cat nginx /var/log/nginx/*.log {dailymissingokrotate 52compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript } [root@test01 logrotate.d]# vim nginx /var/log/nginx/*.log /data/logs/*.log {dailydateextmissingokrotate 7compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript }[root@test01 logrotate.d]# logrotate -v /etc/logrotate.d/nginx reading config file /etc/logrotate.d/nginx Allocating hash table for state file, size 15360 BHandling 1 logsrotating pattern: /var/log/nginx/*.log /data/logs/*.log after 1 days (7 rotations) empty log files are not rotated, old logs are removed considering log /var/log/nginx/access.loglog does not need rotating (log has been already rotated)considering log /var/log/nginx/error.loglog does not need rotating (log has been already rotated)considering log /data/logs/bbs.access.loglog does not need rotating (log has been already rotated)not running postrotate script, since no logs were rotated set default create context[root@test01 logrotate.d]# ls /data/logs/ bbs.access.log [root@test01 logrotate.d]# ls /var/log/nginx/ access.log error.log[root@test01 logrotate.d]# logrotate -vf /etc/logrotate.d/nginx reading config file /etc/logrotate.d/nginx Allocating hash table for state file, size 15360 BHandling 1 logsrotating pattern: /var/log/nginx/*.log /data/logs/*.log forced from command line (7 rotations) empty log files are not rotated, old logs are removed considering log /var/log/nginx/access.loglog needs rotating considering log /var/log/nginx/error.loglog needs rotating considering log /data/logs/bbs.access.loglog needs rotating rotating log /var/log/nginx/access.log, log->rotateCount is 7 dateext suffix '-20190219' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' glob finding logs to compress failed glob finding old rotated logs failed rotating log /var/log/nginx/error.log, log->rotateCount is 7 dateext suffix '-20190219' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' glob finding logs to compress failed glob finding old rotated logs failed rotating log /data/logs/bbs.access.log, log->rotateCount is 7 dateext suffix '-20190219' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' glob finding logs to compress failed glob finding old rotated logs failed fscreate context set to unconfined_u:object_r:httpd_log_t:s0 renaming /var/log/nginx/access.log to /var/log/nginx/access.log-20190219 creating new /var/log/nginx/access.log mode = 0640 uid = 996 gid = 4 fscreate context set to unconfined_u:object_r:httpd_log_t:s0 renaming /var/log/nginx/error.log to /var/log/nginx/error.log-20190219 creating new /var/log/nginx/error.log mode = 0640 uid = 996 gid = 4 fscreate context set to unconfined_u:object_r:default_t:s0 renaming /data/logs/bbs.access.log to /data/logs/bbs.access.log-20190219 creating new /data/logs/bbs.access.log mode = 0640 uid = 996 gid = 4 running postrotate script set default create context[root@test01 logrotate.d]# ls /data/logs/ bbs.access.log bbs.access.log-20190219 [root@test01 logrotate.d]# ls /var/log/nginx/ access.log access.log-20190219 error.log error.log-20190219

?

轉(zhuǎn)載于:https://my.oschina.net/u/4080783/blog/3014749

總結(jié)

以上是生活随笔為你收集整理的4.36域名重定向4.37用户认证4.38Nginx访问日志4.39日志不记录静态文件4.40日志切割...的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。