2019獨(dú)角獸企業(yè)重金招聘Python工程師標(biāo)準(zhǔn)>>>

域名重定向

用戶認(rèn)證

Nginx訪問(wèn)日志

日志不記錄靜態(tài)文件

日志切割

?域名重定向

配置第二個(gè)域名：

vi /etc/nginx/conf.d/blog.aminglinux.cc.conf 在 server_name 那一行的域名后面再加一個(gè)域名，空格作為分隔。 nginx -t nginx -s reload

?

域名重定向： #通過(guò)設(shè)置Web服務(wù)的配置文件，將原本訪問(wèn)A域名的請(qǐng)求訪問(wèn)到B域名

從a域名跳轉(zhuǎn)到b域名 vi /etc/nginx/conf.d/blog.aminglinux.cc.conf //增加：if ( $host = blog.aminglinux.cc ){rewrite /(.*) http://www.aming.com/$1 permanent;} nginx -t nginx -s reload

測(cè)試是否實(shí)現(xiàn)了重定向：

curl -x127.0.0.1:80 -I blog.aminglinuc.cc/1.txt

補(bǔ)充：

狀態(tài)碼：200（OK） 404（不存在） 304（緩存） 301（永久重定向） 302 （臨時(shí)重定向） #301 permanent 302 redirect如果是域名跳轉(zhuǎn)，用301； 如果不涉及域名跳轉(zhuǎn)用302 rewrite /1.txt /2.txt redirect;

?效果圖：

用戶認(rèn)證

為了站點(diǎn)的安全，可以通過(guò)修改配置文件來(lái)針對(duì)一些重要的目錄（站點(diǎn)后臺(tái)地址）進(jìn)行用戶認(rèn)證

用戶認(rèn)證的目的：

實(shí)現(xiàn)二次認(rèn)證，針對(duì)一些重要的目錄（后臺(tái)地址）

配置用戶認(rèn)證：

vi 配置文件 //添加：location ~ admin.php { auth_basic "Auth"; auth_basic_user_file /etc/nginx/user_passwd; fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.aminglinux.cc$fastcgi_script_name;include fastcgi_params; }

補(bǔ)充：

nginx location優(yōu)先級(jí)：

location / 優(yōu)先級(jí)比 location ~ 要低，也就是說(shuō)，如果一個(gè)請(qǐng)求（如，aming.php）同時(shí)滿足兩個(gè)location location /amin.php location ~ *.php$ 會(huì)選擇下面的 nginx location 文檔： https://github.com/aminglinux/nginx/tree/master/location

Nginx訪問(wèn)日志

• 日志的內(nèi)容是通過(guò)編輯Nginx主配置文件來(lái)定義的。?
• 日志的格式（顯示在日志文件中的內(nèi)容）

log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';

• $remote_addr 客戶端ip（公網(wǎng)ip）
• $http_x_forwarded_for 代理服務(wù)器ip
• $time_local 服務(wù)器本地時(shí)間
• $host 訪問(wèn)主機(jī)名（域名）
• $request_uri 訪問(wèn)的url地址
• $status 狀態(tài)碼
• $http_referer 從哪個(gè)站點(diǎn)跳轉(zhuǎn)到該站點(diǎn)的（直接訪問(wèn)該項(xiàng)為-）
• $http_user_agent 訪問(wèn)方式（通過(guò)XX瀏覽器，或curl方式訪問(wèn)）

自定義一個(gè)格式的日志test

• 為了試驗(yàn)效果，我們可以自定義一個(gè)日志格式，只記錄客戶端ip和狀態(tài)碼的日志格式test ，然后把這個(gè)格式應(yīng)用到www.lcblog.com上去。

log_format test '$remote_addr $status' ;

• 應(yīng)用到blog.abc.com.conf中

access_log /var/log/nginx/host.access.log test;

• 日志中只會(huì)記錄如下，客戶端ip和狀態(tài)碼的信息。

[root@localhost blog.abc.com]# cat /var/log/nginx/host.access.log 192.168.254.1 200 127.0.0.1 301 nginx內(nèi)置變量： https://github.com/aminglinux/nginx/blob/master/rewrite/variable.md

在網(wǎng)頁(yè)上刷新也會(huì)在日志上產(chǎn)生文件

日志不記錄靜態(tài)文件

• 一個(gè)網(wǎng)站里可能包含很多靜態(tài)文件，比如jpg,png,gif,js,css等，如果每一個(gè)訪問(wèn)都記錄日志的話，日志文件會(huì)瘋狂增長(zhǎng)，這就需要配置靜態(tài)文件不記錄日志了，在虛擬主機(jī)配置文件中添加如下內(nèi)容。

location ~* \.(png|jpeg|gif|js|css|bmp|flv)$ #*表示不區(qū)分大小寫{access_log off;}

補(bǔ)充：

• tail -f /data/logs/bbs.access.log ? ? ?-f選型可以動(dòng)態(tài)查看一個(gè)文件的內(nèi)容

• ">"可以清空一個(gè)文件內(nèi)容

• ~* 表示不區(qū)分大小寫的匹配 后面跟正則表達(dá)式.表示任意一個(gè)字符 #不使用正則表達(dá)式的含義，就使用脫義?

日志切割

• 系統(tǒng)自帶日志切割工具logrotate。配置文件是/etc/logratate.conf,子配置文件/etc/lograte.d/* ?
• nginx 的日志切割配置文件/etc/logrotate.d/nginx ? ?#yum安裝的nginx，自帶了切割文件

/var/log/nginx/*.log {dailydateextmissingokrotate 52compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript

• 測(cè)試執(zhí)行l(wèi)ogrotate -vf /etc/logrotate.d/nginx ? #-f ?強(qiáng)制切割

借鑒代碼

[root@test01 ~]# setenforce 0 機(jī)器關(guān)機(jī)過(guò)所以，如果沒(méi)有在配置文件里禁用seLinux，每次重啟就會(huì)再次生效 [root@test01 ~]# cd /etc/nginx/conf.d/ [root@test01 conf.d]# [root@test01 conf.d]# vi www.champin.top.conf server {listen 80;server_name www.champin.top blog.champin.top; 域名后面再增加一個(gè)域名server_name后面，空格分隔域名重定向 [root@test01 conf.d]# vi www.champin.top.confserver_name www.champin.top blog.champin.top;if ( $host = www.champin.top ){rewrite /(.*) http://blog.champin.top/$1 permanent;}[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# curl -x127.0.0.1:80 -I www.champin.top/bbs/abc/1.txt 這個(gè)是linux上的測(cè)試。 HTTP/1.1 301 Moved Permanently Server: nginx/1.14.2 Date: Mon, 18 Feb 2019 15:47:17 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: http://blog.champin.top/bbs/abc/1.txt 自動(dòng)跳轉(zhuǎn)到blog.champin.top上 瀏覽器的測(cè)試沒(méi)有截圖[root@test01 conf.d]# vi www.champin.top.conf 如果是內(nèi)部的跳轉(zhuǎn)，1.txt,調(diào)到2.txtrewrite /1.txt /2.txt redirect;[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# curl -x127.0.0.1:80 -I blog.champin.top/1.txt HTTP/1.1 302 Moved Temporarily Server: nginx/1.14.2 Date: Mon, 18 Feb 2019 16:01:13 GMT Content-Type: text/html Content-Length: 161 Location: http://blog.champin.top/2.txt Connection: keep-alive用戶認(rèn)證[root@test01 conf.d]# vi bbs.champin.top.conf server {listen 80;server_name bbs.champin.top;#charset koi8-r;#access_log /var/log/nginx/host.access.log main;location ~ /admin.php 這里存在一個(gè)優(yōu)先級(jí)的問(wèn)題所以也改成 ~ / {auth_basic "Auth"; 命名auth_basic_user_file /etc/nginx/user_passwd;指定用戶密碼配置文件}把location 去掉，變成全局的root /data/wwwroot/bbs.champin.top;index index.html index.htm index.php;[root@test01 conf.d]# yum install -y httpd-tools |less[root@test01 conf.d]# htpasswd -c /etc/nginx/user_passwd user1 第一次使用可以用-c New password: Re-type new password: Adding password for user user1 [root@test01 conf.d]# cat /etc/nginx/user_passwd 看一看生成的用戶和密碼 user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/ [root@test01 conf.d]# htpasswd -m /etc/nginx/user_passwd user2 再次使用就不要用-c了，用-m New password: Re-type new password: Adding password for user user2 [root@test01 conf.d]# cat /etc/nginx/user_passwd user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/ user2:$apr1$knzvn.r.$ID04wDsUEmjZluw0xadH0/[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload 用瀏覽器嘗試訪問(wèn)，輸入user1 然后密碼后，會(huì)直接下載admin.php，說(shuō)明php解析沒(méi)有成功，繼續(xù)編輯配置文件[root@test01 conf.d]# vi bbs.champin.top.conf 配置文件要添加上php解析語(yǔ)句才可以。location ~ /admin.php{auth_basic "Auth";auth_basic_user_file /etc/nginx/user_passwd;root /data/wwwroot/bbs.champin.top;fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.champin.top$fastcgi_script_name;include fastcgi_params;}root /data/wwwroot/bbs.champin.top;index index.html index.htm index.php;[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload 訪問(wèn)日志[root@test01 conf.d]# vi /etc/nginx/nginx.conf 這個(gè)是定義日志的格式log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';log_format main '$remote_addr - 遠(yuǎn)程客戶端的IP地址$remote_user 如果做了用戶認(rèn)證的話，回去記錄用戶 $time_local] 時(shí)間$request" ' 請(qǐng)求的方法，如get等。請(qǐng)求的鏈接。http的版本$status 狀態(tài)碼$body_bytes_sent 請(qǐng)求發(fā)送的大小 $http_referer" ' 請(qǐng)求的referer，從哪里跳轉(zhuǎn)過(guò)來(lái)的。$http_user_agent" 記錄瀏覽器等$http_x_forwarded_for"'; 如果使用代理，會(huì)記錄代理ip[root@test01 conf.d]# vi bbs.champin.top.conf 復(fù)制到最后一行，把#號(hào)去掉，重新定義路徑access_log /data/logs/bbs.access.log main;[root@test01 conf.d]# nginx -t 提示data下面沒(méi)有l(wèi)ogs目錄。 nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: [emerg] open() "/data/logs/bbs.access.log" failed (2: No such file or directory) nginx: configuration file /etc/nginx/nginx.conf test failed[root@test01 conf.d]# mkdir /data/logs 新建一下 [root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload [root@test01 conf.d]# ls /data/logs 看一下有了日志文件了。 bbs.access.log [root@test01 conf.d]# cat /data/logs/bbs.access.log 一般是空的，自動(dòng)刷新網(wǎng)頁(yè)也可能產(chǎn)生日志 在瀏覽器里做訪問(wèn)，然后在去查看日志[root@test01 conf.d]# cat /data/logs/bbs.access.log 查看一下日志文件，日志所記錄的字段就是根據(jù)log_format main來(lái)的192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 499 0 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"日志不記錄靜態(tài)文件[root@test01 conf.d]# vi bbs.champin.top.conflocation ~* \.(png|jpeg|gif|js|css|bmp|flv)${access_log off;}[root@test01 conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# > /data/logs/bbs.access.log 清空一下日志。 [root@test01 conf.d]# tail /data/logs/bbs.access.log 空的 再瀏覽器執(zhí)行ctrl+f5強(qiáng)制刷新[root@test01 conf.d]# tail -f /data/logs/bbs.access.log 192.168.28.1 - user1 [19/Feb/2019:01:34:13 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/portal.php?mod=portalcp" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /uc_server/avatar.php?uid=1&size=small HTTP/1.1" 301 5 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /favicon.ico HTTP/1.1" 200 5558 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-" 192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"就沒(méi)有png gif等日志了以下沒(méi)有配置不記錄靜態(tài)文件日志 192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"日志切割系統(tǒng)里有一個(gè)日志切割的服務(wù)或者叫工具 [root@test01 conf.d]# ls /etc/logrotate.conf /etc/logrotate.conf[root@test01 conf.d]# cat !$ cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly# keep 4 weeks worth of backlogs rotate 4# create new (empty) log files after rotating old ones create# use date as a suffix of the rotated file dateext# uncomment this if you want your log files compressed #compress# RPM packages drop log rotation information into this directory include /etc/logrotate.d# no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp {monthlycreate 0664 root utmpminsize 1Mrotate 1 }/var/log/btmp {missingokmonthlycreate 0600 root utmprotate 1 }# system-specific logs may be also be configured here.如果是yum安裝的nginx，已經(jīng)自帶了切割文件 [root@test01 conf.d]# cd /etc/logrotate.d [root@test01 logrotate.d]# ls chrony nginx ppp syslog wpa_supplicant yum [root@test01 logrotate.d]# cat nginx /var/log/nginx/*.log {dailymissingokrotate 52compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript } [root@test01 logrotate.d]# vim nginx /var/log/nginx/*.log /data/logs/*.log {dailydateextmissingokrotate 7compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript }[root@test01 logrotate.d]# logrotate -v /etc/logrotate.d/nginx reading config file /etc/logrotate.d/nginx Allocating hash table for state file, size 15360 BHandling 1 logsrotating pattern: /var/log/nginx/*.log /data/logs/*.log after 1 days (7 rotations) empty log files are not rotated, old logs are removed considering log /var/log/nginx/access.loglog does not need rotating (log has been already rotated)considering log /var/log/nginx/error.loglog does not need rotating (log has been already rotated)considering log /data/logs/bbs.access.loglog does not need rotating (log has been already rotated)not running postrotate script, since no logs were rotated set default create context[root@test01 logrotate.d]# ls /data/logs/ bbs.access.log [root@test01 logrotate.d]# ls /var/log/nginx/ access.log error.log[root@test01 logrotate.d]# logrotate -vf /etc/logrotate.d/nginx reading config file /etc/logrotate.d/nginx Allocating hash table for state file, size 15360 BHandling 1 logsrotating pattern: /var/log/nginx/*.log /data/logs/*.log forced from command line (7 rotations) empty log files are not rotated, old logs are removed considering log /var/log/nginx/access.loglog needs rotating considering log /var/log/nginx/error.loglog needs rotating considering log /data/logs/bbs.access.loglog needs rotating rotating log /var/log/nginx/access.log, log->rotateCount is 7 dateext suffix '-20190219' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' glob finding logs to compress failed glob finding old rotated logs failed rotating log /var/log/nginx/error.log, log->rotateCount is 7 dateext suffix '-20190219' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' glob finding logs to compress failed glob finding old rotated logs failed rotating log /data/logs/bbs.access.log, log->rotateCount is 7 dateext suffix '-20190219' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' glob finding logs to compress failed glob finding old rotated logs failed fscreate context set to unconfined_u:object_r:httpd_log_t:s0 renaming /var/log/nginx/access.log to /var/log/nginx/access.log-20190219 creating new /var/log/nginx/access.log mode = 0640 uid = 996 gid = 4 fscreate context set to unconfined_u:object_r:httpd_log_t:s0 renaming /var/log/nginx/error.log to /var/log/nginx/error.log-20190219 creating new /var/log/nginx/error.log mode = 0640 uid = 996 gid = 4 fscreate context set to unconfined_u:object_r:default_t:s0 renaming /data/logs/bbs.access.log to /data/logs/bbs.access.log-20190219 creating new /data/logs/bbs.access.log mode = 0640 uid = 996 gid = 4 running postrotate script set default create context[root@test01 logrotate.d]# ls /data/logs/ bbs.access.log bbs.access.log-20190219 [root@test01 logrotate.d]# ls /var/log/nginx/ access.log access.log-20190219 error.log error.log-20190219

?

轉(zhuǎn)載于:https://my.oschina.net/u/4080783/blog/3014749

總結(jié)

以上是生活随笔為你收集整理的4.36域名重定向4.37用户认证4.38Nginx访问日志4.39日志不记录静态文件4.40日志切割...的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。