域名重定向

用户认证

Nginx访问日志

日志不记录静态文件

日志切割

域名重定向

配置第二个域名：

vi /etc/nginx/conf.d/blog.aminglinux.cc.conf
在 server_name 那一行的域名后面再加一个域名，空格作为分隔。
nginx -t
nginx -s reload

域名重定向： #通过设置Web服务的配置文件，将原本访问A域名的请求访问到B域名

从a域名跳转到b域名
vi /etc/nginx/conf.d/blog.aminglinux.cc.conf //增加：if ( $host = blog.aminglinux.cc ){rewrite /(.*)  http://www.aming.com/$1 permanent;}
nginx -t
nginx -s reload

测试是否实现了重定向：

curl -x127.0.0.1:80 -I blog.aminglinuc.cc/1.txt

补充：

状态码：200（OK）  404（不存在）   304（缓存） 301（永久重定向）  302 （临时重定向）
#301 permanent   302 redirect如果是域名跳转，用301； 如果不涉及域名跳转用302
rewrite /1.txt  /2.txt  redirect;

效果图：

用户认证

为了站点的安全，可以通过修改配置文件来针对一些重要的目录（站点后台地址）进行用户认证

用户认证的目的：

实现二次认证，针对一些重要的目录（后台地址）

配置用户认证：

vi  配置文件 //添加：location ~ admin.php
{ auth_basic "Auth"; auth_basic_user_file /etc/nginx/user_passwd; fastcgi_pass   127.0.0.1:9000;fastcgi_index  index.php;fastcgi_param  SCRIPT_FILENAME  /data/wwwroot/bbs.aminglinux.cc$fastcgi_script_name;include        fastcgi_params;
}

补充：

nginx location优先级：

location /  优先级比 location ~ 要低，也就是说，如果一个请求（如，aming.php）同时满足两个location
location /amin.php
location ~ *.php$
会选择下面的
nginx location 文档： https://github.com/aminglinux/nginx/tree/master/location

Nginx访问日志

• 日志的内容是通过编辑Nginx主配置文件来定义的。 
• 日志的格式（显示在日志文件中的内容）

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';

• $remote_addr 客户端ip（公网ip）
• $http_x_forwarded_for 代理服务器ip
• $time_local 服务器本地时间
• $host 访问主机名（域名）
• $request_uri 访问的url地址
• $status 状态码
• $http_referer 从哪个站点跳转到该站点的（直接访问该项为-）
• $http_user_agent 访问方式（通过XX浏览器，或curl方式访问）

自定义一个格式的日志test

• 为了试验效果，我们可以自定义一个日志格式，只记录客户端ip和状态码的日志格式test ，然后把这个格式应用到www.lcblog.com上去。

 log_format  test  '$remote_addr $status' ;

• 应用到blog.abc.com.conf中

access_log  /var/log/nginx/host.access.log  test;

• 日志中只会记录如下，客户端ip和状态码的信息。

[root@localhost blog.abc.com]# cat /var/log/nginx/host.access.log
192.168.254.1 200
127.0.0.1 301

nginx内置变量： https://github.com/aminglinux/nginx/blob/master/rewrite/variable.md

在网页上刷新也会在日志上产生文件

日志不记录静态文件

• 一个网站里可能包含很多静态文件，比如jpg,png,gif,js,css等，如果每一个访问都记录日志的话，日志文件会疯狂增长，这就需要配置静态文件不记录日志了，在虚拟主机配置文件中添加如下内容。

location ~* \.(png|jpeg|gif|js|css|bmp|flv)$    #*表示不区分大小写{access_log off;}

补充：

• tail -f /data/logs/bbs.access.log      -f选型可以动态查看一个文件的内容

• ">"可以清空一个文件内容

• ~* 表示不区分大小写的匹配 后面跟正则表达式.表示任意一个字符 #不使用正则表达式的含义，就使用脱义

日志切割

• 系统自带日志切割工具logrotate。配置文件是/etc/logratate.conf,子配置文件/etc/lograte.d/*
• nginx 的日志切割配置文件/etc/logrotate.d/nginx    #yum安装的nginx，自带了切割文件

/var/log/nginx/*.log {dailydateextmissingokrotate 52compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript

• 测试执行logrotate -vf /etc/logrotate.d/nginx   #-f  强制切割

借鉴代码

[root@test01 ~]# setenforce 0  机器关机过所以，如果没有在配置文件里禁用seLinux，每次重启就会再次生效
[root@test01 ~]# cd /etc/nginx/conf.d/
[root@test01 conf.d]#
[root@test01 conf.d]# vi www.champin.top.conf server {listen       80;server_name  www.champin.top blog.champin.top;   域名后面再增加一个域名server_name后面，空格分隔域名重定向
[root@test01 conf.d]# vi www.champin.top.confserver_name  www.champin.top blog.champin.top;if ( $host = www.champin.top ){rewrite /(.*) http://blog.champin.top/$1 permanent;}[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# curl -x127.0.0.1:80 -I www.champin.top/bbs/abc/1.txt  这个是linux上的测试。
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 15:47:17 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://blog.champin.top/bbs/abc/1.txt   自动跳转到blog.champin.top上
浏览器的测试没有截图[root@test01 conf.d]# vi www.champin.top.conf  如果是内部的跳转，1.txt,调到2.txtrewrite /1.txt /2.txt redirect;[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# curl -x127.0.0.1:80 -I blog.champin.top/1.txt
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 16:01:13 GMT
Content-Type: text/html
Content-Length: 161
Location: http://blog.champin.top/2.txt
Connection: keep-alive用户认证[root@test01 conf.d]# vi bbs.champin.top.conf server {listen       80;server_name  bbs.champin.top;#charset koi8-r;#access_log  /var/log/nginx/host.access.log  main;location ~ /admin.php      这里存在一个优先级的问题所以也改成 ~ /                  {auth_basic "Auth";                          命名auth_basic_user_file /etc/nginx/user_passwd;指定用户密码配置文件}把location 去掉，变成全局的root   /data/wwwroot/bbs.champin.top;index  index.html index.htm index.php;[root@test01 conf.d]# yum install -y httpd-tools |less[root@test01 conf.d]# htpasswd -c /etc/nginx/user_passwd user1   第一次使用可以用-c
New password:
Re-type new password:
Adding password for user user1
[root@test01 conf.d]# cat /etc/nginx/user_passwd     看一看生成的用户和密码
user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/
[root@test01 conf.d]# htpasswd -m /etc/nginx/user_passwd user2   再次使用就不要用-c了，用-m
New password:
Re-type new password:
Adding password for user user2
[root@test01 conf.d]# cat /etc/nginx/user_passwd
user1:$apr1$vBdz9TzJ$mrAhKrxEa1z1y8tzCjJHy/
user2:$apr1$knzvn.r.$ID04wDsUEmjZluw0xadH0/[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload                 用浏览器尝试访问，输入user1 然后密码后，会直接下载admin.php，说明php解析没有成功，继续编辑配置文件[root@test01 conf.d]# vi bbs.champin.top.conf
配置文件要添加上php解析语句才可以。location ~ /admin.php{auth_basic "Auth";auth_basic_user_file /etc/nginx/user_passwd;root           /data/wwwroot/bbs.champin.top;fastcgi_pass   127.0.0.1:9000;fastcgi_index  index.php;fastcgi_param  SCRIPT_FILENAME  /data/wwwroot/bbs.champin.top$fastcgi_script_name;include        fastcgi_params;}root   /data/wwwroot/bbs.champin.top;index  index.html index.htm index.php;[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload 访问日志[root@test01 conf.d]# vi /etc/nginx/nginx.conf   这个是定义日志的格式log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';log_format  main  '$remote_addr -            远程客户端的IP地址$remote_user              如果做了用户认证的话，回去记录用户 $time_local]              时间$request" '               请求的方法，如get等。请求的链接。http的版本$status                   状态码$body_bytes_sent          请求发送的大小 $http_referer" '          请求的referer，从哪里跳转过来的。$http_user_agent"         记录浏览器等$http_x_forwarded_for"';  如果使用代理，会记录代理ip[root@test01 conf.d]# vi bbs.champin.top.conf    复制到最后一行，把#号去掉，重新定义路径access_log  /data/logs/bbs.access.log  main;[root@test01 conf.d]# nginx -t   提示data下面没有logs目录。
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/data/logs/bbs.access.log" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed[root@test01 conf.d]# mkdir /data/logs  新建一下
[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload [root@test01 conf.d]# ls /data/logs      看一下有了日志文件了。
bbs.access.log
[root@test01 conf.d]# cat /data/logs/bbs.access.log   一般是空的，自动刷新网页也可能产生日志
在浏览器里做访问，然后在去查看日志[root@test01 conf.d]# cat /data/logs/bbs.access.log   查看一下日志文件，日志所记录的字段就是根据log_format  main来的192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 499 0 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:05:18 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"日志不记录静态文件[root@test01 conf.d]# vi bbs.champin.top.conflocation ~* \.(png|jpeg|gif|js|css|bmp|flv)${access_log off;}[root@test01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 conf.d]# nginx -s reload[root@test01 conf.d]# > /data/logs/bbs.access.log   清空一下日志。
[root@test01 conf.d]# tail /data/logs/bbs.access.log   空的
再浏览器执行ctrl+f5强制刷新[root@test01 conf.d]# tail -f /data/logs/bbs.access.log
192.168.28.1 - user1 [19/Feb/2019:01:34:13 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/portal.php?mod=portalcp" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /uc_server/avatar.php?uid=1&size=small HTTP/1.1" 301 5 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /favicon.ico HTTP/1.1" 200 5558 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"
192.168.28.1 - user1 [19/Feb/2019:01:34:14 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 76 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"就没有png gif等日志了以下没有配置不记录静态文件日志
192.168.28.1 - user1 [19/Feb/2019:01:05:17 +0800] "GET / HTTP/1.1" 200 15398 "http://bbs.champin.top/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "-"日志切割系统里有一个日志切割的服务或者叫工具
[root@test01 conf.d]# ls /etc/logrotate.conf
/etc/logrotate.conf[root@test01 conf.d]# cat !$
cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly# keep 4 weeks worth of backlogs
rotate 4# create new (empty) log files after rotating old ones
create# use date as a suffix of the rotated file
dateext# uncomment this if you want your log files compressed
#compress# RPM packages drop log rotation information into this directory
include /etc/logrotate.d# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {monthlycreate 0664 root utmpminsize 1Mrotate 1
}/var/log/btmp {missingokmonthlycreate 0600 root utmprotate 1
}# system-specific logs may be also be configured here.如果是yum安装的nginx，已经自带了切割文件
[root@test01 conf.d]# cd /etc/logrotate.d
[root@test01 logrotate.d]# ls
chrony  nginx  ppp  syslog  wpa_supplicant  yum
[root@test01 logrotate.d]# cat nginx
/var/log/nginx/*.log {dailymissingokrotate 52compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript
}
[root@test01 logrotate.d]# vim nginx
/var/log/nginx/*.log /data/logs/*.log {dailydateextmissingokrotate 7compressdelaycompressnotifemptycreate 640 nginx admsharedscriptspostrotateif [ -f /var/run/nginx.pid ]; thenkill -USR1 `cat /var/run/nginx.pid`fiendscript
}[root@test01 logrotate.d]# logrotate -v /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 BHandling 1 logsrotating pattern: /var/log/nginx/*.log /data/logs/*.log  after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.loglog does not need rotating (log has been already rotated)considering log /var/log/nginx/error.loglog does not need rotating (log has been already rotated)considering log /data/logs/bbs.access.loglog does not need rotating (log has been already rotated)not running postrotate script, since no logs were rotated
set default create context[root@test01 logrotate.d]# ls /data/logs/
bbs.access.log
[root@test01 logrotate.d]# ls /var/log/nginx/
access.log  error.log[root@test01 logrotate.d]# logrotate -vf /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 BHandling 1 logsrotating pattern: /var/log/nginx/*.log /data/logs/*.log  forced from command line (7 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.loglog needs rotating
considering log /var/log/nginx/error.loglog needs rotating
considering log /data/logs/bbs.access.loglog needs rotating
rotating log /var/log/nginx/access.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
rotating log /var/log/nginx/error.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
rotating log /data/logs/bbs.access.log, log->rotateCount is 7
dateext suffix '-20190219'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
glob finding old rotated logs failed
fscreate context set to unconfined_u:object_r:httpd_log_t:s0
renaming /var/log/nginx/access.log to /var/log/nginx/access.log-20190219
creating new /var/log/nginx/access.log mode = 0640 uid = 996 gid = 4
fscreate context set to unconfined_u:object_r:httpd_log_t:s0
renaming /var/log/nginx/error.log to /var/log/nginx/error.log-20190219
creating new /var/log/nginx/error.log mode = 0640 uid = 996 gid = 4
fscreate context set to unconfined_u:object_r:default_t:s0
renaming /data/logs/bbs.access.log to /data/logs/bbs.access.log-20190219
creating new /data/logs/bbs.access.log mode = 0640 uid = 996 gid = 4
running postrotate script
set default create context[root@test01 logrotate.d]# ls /data/logs/
bbs.access.log  bbs.access.log-20190219
[root@test01 logrotate.d]# ls /var/log/nginx/
access.log  access.log-20190219  error.log  error.log-20190219