独角兽企业重金招聘Python工程师标准>>>

域名重定向

用户认证

Nginx访问日志

日志不记录静态文件

日志切割

域名重定向

配置第二个域名：

vi /etc/nginx/conf.d/.conf在 server_name 那一行的域名后面再加一个域名，空格作为分隔。nginx -tnginx -s reload

域名重定向： #通过设置Web服务的配置文件，将原本访问A域名的请求访问到B域名

从a域名跳转到b域名vi /etc/nginx/conf.d/.conf //增加：if ( $host = ){rewrite /(.*) /$1 permanent;}nginx -tnginx -s reload

测试是否实现了重定向：

curl -x127.0.0.1:80 -I /1.txt

补充：

状态码：200（OK） 404（不存在） 304（缓存） 301（永久重定向） 302 （临时重定向）#301 permanent 302 redirect如果是域名跳转，用301； 如果不涉及域名跳转用302rewrite /1.txt /2.txt redirect;

效果图：

用户认证

为了站点的安全，可以通过修改配置文件来针对一些重要的目录（站点后台地址）进行用户认证

用户认证的目的：

实现二次认证，针对一些重要的目录（后台地址）

配置用户认证：

vi 配置文件 //添加：location ~ admin.php { auth_basic "Auth"; auth_basic_user_file /etc/nginx/user_passwd; fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /data/wwwroot/$fastcgi_script_name;include fastcgi_params;}

补充：

nginx location优先级：

location / 优先级比 location ~ 要低，也就是说，如果一个请求（如，aming.php）同时满足两个locationlocation /amin.phplocation ~ *.php$会选择下面的nginx location 文档： /aminglinux/nginx/tree/master/location

Nginx访问日志

日志的内容是通过编辑Nginx主配置文件来定义的。日志的格式（显示在日志文件中的内容）

log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';

$remote_addr 客户端ip（公网ip）$http_x_forwarded_for 代理服务器ip$time_local 服务器本地时间$host 访问主机名（域名）$request_uri 访问的url地址$status 状态码$http_referer 从哪个站点跳转到该站点的（直接访问该项为-）$http_user_agent 访问方式（通过XX浏览器，或curl方式访问）

自定义一个格式的日志test

为了试验效果，我们可以自定义一个日志格式，只记录客户端ip和状态码的日志格式test ，然后把这个格式应用到上去。

log_format test '$remote_addr $status' ;

应用到.conf中

access_log /var/log/nginx/host.access.log test;

日志中只会记录如下，客户端ip和状态码的信息。

[root@localhost ]# cat /var/log/nginx/host.access.log 192.168.254.1 200127.0.0.1 301

nginx内置变量： /aminglinux/nginx/blob/master/rewrite/variable.md

在网页上刷新也会在日志上产生文件

日志不记录静态文件

一个网站里可能包含很多静态文件，比如jpg,png,gif,js,css等，如果每一个访问都记录日志的话，日志文件会疯狂增长，这就需要配置静态文件不记录日志了，在虚拟主机配置文件中添加如下内容。

location ~* \.(png|jpeg|gif|js|css|bmp|flv)$ #*表示不区分大小写{access_log off;}

补充：

tail -f /data/logs/bbs.access.log -f选型可以动态查看一个文件的内容

">"可以清空一个文件内容

~* 表示不区分大小写的匹配 后面跟正则表达式.表示任意一个字符 #不使用正则表达式的含义，就使用脱义

日志切割

系统自带日志切割工具logrotate。配置文件是/etc/logratate.conf,子配置文件/etc/lograte.d/* nginx 的日志切割配置文件/etc/logrotate.d/nginx #yum安装的nginx，自带了切割文件

/var/log/nginx/*.log {dailydateextmissingokrotate 52compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript

测试执行logrotate -vf /etc/logrotate.d/nginx #-f 强制切割

借鉴代码

[root@test01 ~]# setenforce 0 机器关机过所以，如果没有在配置文件里禁用seLinux，每次重启就会再次生效[root@test01 ~]# cd /etc/nginx/conf.d/[root@test01 conf.d]# [root@test01 conf.d]# vi www.champin.top.conf server {listen 80;server_name www.champin.top blog.champin.top; 域名后面再增加一个域名server_name后面，空格分隔域名重定向[root@test01 conf.d]# vi www.champin.top.confserver_name www.champin.top blog.champin.top;if ( $host = www.champin.top ){rewrite /(.*) http://blog.champin.top/$1 permanent;}[root@test01 conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# curl -x127.0.0.1:80 -I www.champin.top/bbs/abc/1.txt 这个是linux上的测试。HTTP/1.1 301 Moved PermanentlyServer: nginx/1.14.2Date: Mon, 18 Feb 15:47:17 GMTContent-Type: text/htmlContent-Length: 185Connection: keep-aliveLocation: http://blog.champin.top/bbs/abc/1.txt 自动跳转到blog.champin.top上浏览器的测试没有截图[root@test01 conf.d]# vi www.champin.top.conf 如果是内部的跳转，1.txt,调到2.txtrewrite /1.txt /2.txt redirect;[root@test01 conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# curl -x127.0.0.1:80 -I blog.champin.top/1.txtHTTP/1.1 302 Moved TemporarilyServer: nginx/1.14.2Date: Mon, 18 Feb 16:01:13 GMTContent-Type: text/htmlContent-Length: 161Location: http://blog.champin.top/2.txtConnection: keep-alive用户认证[root@test01 conf.d]# vi bbs.champin.top.conf server {listen 80;server_name bbs.champin.top;#charset koi8-r;#access_log /var/log/nginx/host.access.log main;location ~ /admin.php这里存在一个优先级的问题所以也改成 ~ / {auth_basic "Auth";命名auth_basic_user_file /etc/nginx/user_passwd;指定用户密码配置文件}把location 去掉，变成全局的root /data/wwwroot/bbs.champin.top;index index.html index.htm index.php;[root@test01 conf.d]# yum install -y httpd-tools |less[root@test01 conf.d]# htpasswd -c /etc/nginx/user_passwd user1 第一次使用可以用-c New password: Re-type new password: Adding password for user user1[root@test01 conf.d]# cat /etc/nginx/user_passwd看一看生成的用户和密码user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/[root@test01 conf.d]# htpasswd -m /etc/nginx/user_passwd user2 再次使用就不要用-c了，用-mNew password: Re-type new password: Adding password for user user2[root@test01 conf.d]# cat /etc/nginx/user_passwduser1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/user2:$apr1$knzvn.r.$ID04wDsUEmjZluw0xadH0/[root@test01 conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@test01 conf.d]# nginx -s reload 用浏览器尝试访问，输入user1 然后密码后，会直接下载admin.php，说明php解析没有成功，继续编辑配置文件[root@test01 conf.d]# vi bbs.champin.top.conf 配置文件要添加上php解析语句才可以。location ~ /admin.php{auth_basic "Auth";auth_basic_user_file /etc/nginx/user_passwd;root /data/wwwroot/bbs.champin.top;fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.champin.top$fastcgi_script_name;include fastcgi_params;}root /data/wwwroot/bbs.champin.top;index index.html index.htm index.php;[root@test01 conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@test01 conf.d]# nginx -s reload 访问日志[root@test01 conf.d]# vi /etc/nginx/nginx.conf 这个是定义日志的格式log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';log_format main '$remote_addr - 远程客户端的IP地址$remote_user 如果做了用户认证的话，回去记录用户 $time_local] 时间$request" '请求的方法，如get等。请求的链接。http的版本$status 状态码$body_bytes_sent请求发送的大小 $http_referer" '请求的referer，从哪里跳转过来的。$http_user_agent" 记录浏览器等$http_x_forwarded_for"'; 如果使用代理，会记录代理ip[root@test01 conf.d]# vi bbs.champin.top.conf 复制到最后一行，把#号去掉，重新定义路径access_log /data/logs/bbs.access.log main;[root@test01 conf.d]# nginx -t 提示data下面没有logs目录。nginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: [emerg] open() "/data/logs/bbs.access.log" failed (2: No such file or directory)nginx: configuration file /etc/nginx/nginx.conf test failed[root@test01 conf.d]# mkdir /data/logs 新建一下[root@test01 conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@test01 conf.d]# nginx -s reload [root@test01 conf.d]# ls /data/logs看一下有了日志文件了。bbs.access.log[root@test01 conf.d]# cat /data/logs/bbs.access.log 一般是空的，自动刷新网页也可能产生日志在浏览器里做访问，然后在去查看日志[root@test01 conf.d]# cat /data/logs/bbs.access.log 查看一下日志文件，日志所记录的字段就是根据log_format main来的192.168.28.1 - user1 [19/Feb/:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 499 0 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"日志不记录静态文件[root@test01 conf.d]# vi bbs.champin.top.conflocation ~* \.(png|jpeg|gif|js|css|bmp|flv)${access_log off;}[root@test01 conf.d]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# > /data/logs/bbs.access.log 清空一下日志。[root@test01 conf.d]# tail /data/logs/bbs.access.log 空的再浏览器执行ctrl+f5强制刷新[root@test01 conf.d]# tail -f /data/logs/bbs.access.log 192.168.28.1 - user1 [19/Feb/:01:34:13 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/portal.php?mod=portalcp" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:34:14 +0800] "GET /uc_server/avatar.php?uid=1&size=small HTTP/1.1" 301 5 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:34:14 +0800] "GET /favicon.ico HTTP/1.1" 200 5558 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"192.168.28.1 - user1 [19/Feb/:01:34:14 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"就没有png gif等日志了以下没有配置不记录静态文件日志192.168.28.1 - user1 [19/Feb/:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"日志切割系统里有一个日志切割的服务或者叫工具[root@test01 conf.d]# ls /etc/logrotate.conf /etc/logrotate.conf[root@test01 conf.d]# cat !$cat /etc/logrotate.conf# see "man logrotate" for details# rotate log files weeklyweekly# keep 4 weeks worth of backlogsrotate 4# create new (empty) log files after rotating old onescreate# use date as a suffix of the rotated filedateext# uncomment this if you want your log files compressed#compress# RPM packages drop log rotation information into this directoryinclude /etc/logrotate.d# no packages own wtmp and btmp -- we'll rotate them here/var/log/wtmp {monthlycreate 0664 root utmpminsize 1Mrotate 1}/var/log/btmp {missingokmonthlycreate 0600 root utmprotate 1}# system-specific logs may be also be configured here.如果是yum安装的nginx，已经自带了切割文件[root@test01 conf.d]# cd /etc/logrotate.d[root@test01 logrotate.d]# lschrony nginx ppp syslog wpa_supplicant yum[root@test01 logrotate.d]# cat nginx /var/log/nginx/*.log {dailymissingokrotate 52compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript}[root@test01 logrotate.d]# vim nginx /var/log/nginx/*.log /data/logs/*.log {dailydateextmissingokrotate 7compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript}[root@test01 logrotate.d]# logrotate -v /etc/logrotate.d/nginxreading config file /etc/logrotate.d/nginxAllocating hash table for state file, size 15360 BHandling 1 logsrotating pattern: /var/log/nginx/*.log /data/logs/*.log after 1 days (7 rotations)empty log files are not rotated, old logs are removedconsidering log /var/log/nginx/access.loglog does not need rotating (log has been already rotated)considering log /var/log/nginx/error.loglog does not need rotating (log has been already rotated)considering log /data/logs/bbs.access.loglog does not need rotating (log has been already rotated)not running postrotate script, since no logs were rotatedset default create context[root@test01 logrotate.d]# ls /data/logs/bbs.access.log[root@test01 logrotate.d]# ls /var/log/nginx/access.log error.log[root@test01 logrotate.d]# logrotate -vf /etc/logrotate.d/nginxreading config file /etc/logrotate.d/nginxAllocating hash table for state file, size 15360 BHandling 1 logsrotating pattern: /var/log/nginx/*.log /data/logs/*.log forced from command line (7 rotations)empty log files are not rotated, old logs are removedconsidering log /var/log/nginx/access.loglog needs rotatingconsidering log /var/log/nginx/error.loglog needs rotatingconsidering log /data/logs/bbs.access.loglog needs rotatingrotating log /var/log/nginx/access.log, log->rotateCount is 7dateext suffix '-0219'glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'glob finding logs to compress failedglob finding old rotated logs failedrotating log /var/log/nginx/error.log, log->rotateCount is 7dateext suffix '-0219'glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'glob finding logs to compress failedglob finding old rotated logs failedrotating log /data/logs/bbs.access.log, log->rotateCount is 7dateext suffix '-0219'glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'glob finding logs to compress failedglob finding old rotated logs failedfscreate context set to unconfined_u:object_r:httpd_log_t:s0renaming /var/log/nginx/access.log to /var/log/nginx/access.log-0219creating new /var/log/nginx/access.log mode = 0640 uid = 996 gid = 4fscreate context set to unconfined_u:object_r:httpd_log_t:s0renaming /var/log/nginx/error.log to /var/log/nginx/error.log-0219creating new /var/log/nginx/error.log mode = 0640 uid = 996 gid = 4fscreate context set to unconfined_u:object_r:default_t:s0renaming /data/logs/bbs.access.log to /data/logs/bbs.access.log-0219creating new /data/logs/bbs.access.log mode = 0640 uid = 996 gid = 4running postrotate scriptset default create context[root@test01 logrotate.d]# ls /data/logs/bbs.access.log bbs.access.log-0219[root@test01 logrotate.d]# ls /var/log/nginx/access.log access.log-0219 error.log error.log-0219