第十一章 LAMP架构中预习笔记
11.16 Apache默认虚拟主机(上)
windows hosts 文件路径
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 虚拟主机配置文件路径
虚拟主机配置文件
mkdir /data/wwwroot/
mkdir /data/wwwroot/abc.com
mkdir /data/wwwroot/111.com
vim /data/wwwroot/abc.com/index.php
vim /data/wwwroot/111.com/index.php
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
ctrl + r 可以快速查找之前的命令
11.17 Apache默认虚拟主机(下)
11.18 Apache用户认证
访问控制配置文件
AllowOverride AuthConfig
AuthName "abc.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
ServerAlias abc.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
生成密码文件
-c 指定 -m 指定加密类型 md5
/usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd aming
返回401状态码 需要认证
curl -x127.0.0.1:80 -uaming:password abc.com -I -u指定用户名和密码
针对单个文件做限制的配置文件
AllowOverride AuthConfig
AuthName "abc.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
vim /data/wwwroot/abc.com/123.php
echo "123.php";
11.19 域名跳转(上)
域名跳转配置文件
RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
301状态码 为永久重定向 302状态吗为临时重定向 L 表示list 跳转一次就结束
11.20 域名跳转(下)
测试
vim /usr/local/apache2.4/conf/httpd.conf 打开rewrite 模块
/usr/local/apache2.4/bin/apachectl -M | grep rewrite
返回状态码是301 永久跳转
状态码是404 代表这个页面不存在
把granted 改成 denied 就返回状态码403
改成granted 状态码返回200
11.21 Apache访问日志
vim /usr/local/apache2.4/conf/httpd.conf
在主配置文件里搜索LogFormat
h 来源IP
u用户名
t 时间
r request 行为
s 状态码
b 大小
定义日志访问格式
CustomLog "logs/abc.com-access_log" combined
在hosts里面添加解析
查看日志
11.22 访问日志不记录静态文件
F12 选network
配置文件 添加到 CustomLog上面
配置文件
setEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "logs/abc.com-access_log" combined env=!img
没有重新加载配置文件会记录日志
重新加载以后就不记录静态文件的日志了
日志量过大对磁盘空间造成影响,还会影响磁盘的读写速度
11.23 访问日志切割
日志切割配置文件
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400" combined env=!img
-l代表以当前系统的时间为基准,如果不指定为以utc的时间来切割日志
86400指定一个日志 每天
11.24 静态元素过期时间
状态码304 表示该文件已经缓存到用户的电脑里面了
配置文件
ExpiresActive on //打开该功能的开关
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
vim /usr/local/apache2.4/conf/httpd.conf 打开expires模块
/usr/local/apache2.4/bin/apachectl -M | grep expires
Cache-Control: max-age=8640000M
课堂串讲
目录
一、Apache默认虚拟主机
二、Apache用户认证
三、域名跳转
四、Apache访问日志
五、访问日志不记录静态文件
六、访问日志切割
七、静态元素过期时间
八、扩展
一、Apache默认虚拟主机
虚拟主机指的是在单一机器上运行多个网站,每一个网站实际就是一个虚拟主机。虚拟主机可以"基于IP",即每个IP一个站点; 或者"基于名称", 即每个IP多个站点。也可以是基于端口。目前常用的是基于名称的虚拟主机。
如果在包含最具体匹配IP地址和端口组合的虚拟主机集中找不到匹配的ServerName或ServerAlias,则将使用与之匹配的第一个列出的虚拟主机。这个主机就是默认的虚拟主机。
在apache全局配置文件httpd.conf中定义了默认的虚拟主机、网站目录以及首页index.html
[root@localhost conf]# grep -E "DocumentRoot|index.html|ServerName" /usr/local/apache2.4/conf/httpd.conf
//默认虚拟主机的网站域名是ServerName下面定义的域名。默认网站只能定义一个域名
# ServerName gives the name and port that the server uses to identify itself.
ServerName localhost:80
//默认虚拟主机的网站目录
# DocumentRoot: The directory out of which you will serve your
DocumentRoot "/usr/local/apache2.4/htdocs"
DirectoryIndex index.html index.php
# access content that does not live under the DocumentRoot.测试默认虚拟主机的访问
本机win10
Apache Web Server地址:10.0.1.212
在本机添加hosts解析记录(C:\Windows\System32\drivers\etc\hosts)
//以管理员权限启动记事本,然后打开hosts文件,增加如下内容
10.0.1.212 a.com b.com
//进入windows的命令行界面,测试解析设置是否成功(win键+R→输入cmd→ENTER)
C:\Users\kennminn>ping a.com
正在 Ping a.com [10.0.1.212] 具有 32 字节的数据:
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
10.0.1.212 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-C
C:\Users\kennminn>ping b.com
正在 Ping a.com [10.0.1.212] 具有 32 字节的数据:
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
10.0.1.212 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-C通过win10浏览器访问a.com和b.com,均可正常访问默认主机的默认主页。因为当前Apache Web Server还没有其他的虚拟主机。所以都是定位到默认主机。
//默认虚拟主机,默认主页内容
[root@localhost conf]# cat /usr/local/apache2.4/htdocs/index.html
It works!
多虚拟主机配置
1.在全局配置文件中开启虚拟主机子配置文件
[root@localhost conf]# grep 'httpd-vhost' /usr/local/apache2.4/conf/httpd.conf
//取消注释
Include conf/extra/httpd-vhosts.conf2.编辑httpd-vhosts
[root@localhost conf]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
//添加如下内容
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/a.com"
ServerName a.com
ServerAlias aaa.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" common
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
3.添加虚拟主机目录及测试文件
[root@localhost conf]# mkdir -p /usr/local/apache2.4/htdocs/{a,b}.com
[root@localhost conf]# ls -l !$
ls -l /usr/local/apache2.4/htdocs/{a,b}.com
/usr/local/apache2.4/htdocs/a.com:
total 0
/usr/local/apache2.4/htdocs/b.com:
total 0
[root@localhost conf]# cd /usr/local/apache2.4/htdocs/
[root@localhost htdocs]# ls
1.php a.com b.com index.html
[root@localhost htdocs]# echo "I am a.com." >a.com/a.html
[root@localhost htdocs]# echo "I am b.com." >b.com/b.html
[root@localhost htdocs]# tree
.
├── 1.php
├── a.com
│ └── a.html
├── b.com
│ └── b.html
└── index.html
2 directories, 4 files4.测试配置文件及重载
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl graceful5.验证
在win10主机添加aaa.com的主机解析记录
//以管理员权限启动记事本,然后打开hosts文件,增加如下内容
10.0.1.212 aaa.com
10.0.1.212 unknown.com
//验证记录加添成功
C:\Users\kennminn>ping aaa.com
正在 Ping aaa.com [10.0.1.212] 具有 32 字节的数据:
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
10.0.1.212 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-C
C:\Users\kennminn>ping unknown.com
正在 Ping unknown.com [10.0.1.212] 具有 32 字节的数据:
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
10.0.1.212 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-C验证虚拟主机配置成功
本地验证:
[root@localhost apache2.4]# curl -x127.0.0.1:80 a.com
Index of /
Index of /
[root@localhost apache2.4]# curl -x127.0.0.1:80 aaa.com
Index of /
Index of /
[root@localhost apache2.4]# curl -x127.0.0.1:80 b.com
Index of /
[root@localhost apache2.4]# curl -x127.0.0.1:80 unknown.com
Index of /
Index of /
远程浏览器验证
此时的默认虚拟主机已经变为httpd-vhosts.conf配置文件中的第一个虚拟主机。即a.com, 全局配置中的默认虚拟主机失效。
二、Apache用户认证
有时候为满足特殊的安全需求,需要对网站或网站的特定页访问进行验证,然后才可以访问网站的相应内容,例如网站的后台管理页面,可以通过开启apache的用户认证功能来实现。
实现过程(以b.com为例)
1.修改/usr/local/apache2.4/conf/extra/httpd-vhosts.conf文件
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
//指定需要访问认证的网站目录
//打开认证的开关
AllowOverride AuthConfig
//自定义认证的名字,作用不大
AuthName "b user auth"
//认证的类型,一般为Basic
AuthType Basic
//指定用户与密码文件所在位置
AuthUserFile /usr/local/apache2.4/.htpasswd
//指定需要认证的用户为全部可用用户,即.htpasswd文件里设定的用户。
Require valid-user
2.创建用户与密码文件:-c选项是创建、-m选项是使用md5加密算法,user01是认证用户名
[root@localhost apache2.4]# /usr/local/apache2.4/bin/htpasswd -c -m /usr/local/apache2.4/.htpasswd user01
New password:
Re-type new password:
Adding password for user user013.测试配置文件及重载
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl graceful4.验证
本地验证
[root@localhost apache2.4]# curl -x127.0.0.1:80 b.com -I
//401错,报未授权
HTTP/1.1 401 Unauthorized
Date: Thu, 28 Jun 2018 04:59:10 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="b user auth"
Content-Type: text/html; charset=iso-8859-1
//密码错,也是401未授权
[root@localhost apache2.4]# curl -x127.0.0.1:80 -uuser01:1234567 b.com -I
HTTP/1.1 401 Unauthorized
Date: Thu, 28 Jun 2018 05:01:31 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="b user auth"
Content-Type: text/html; charset=iso-8859-1
//正确验证
[root@localhost apache2.4]# curl -x127.0.0.1:80 -uuser01:123456 b.com -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 05:01:20 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Content-Type: text/html;charset=ISO-8859-1远程验证
输入错误的用户名密码或不输入
输入正确的用户名密码
也可以对单个页面进行访问认证。通过
1.在b.com目录下添加index.php页面,并测试访问
[root@localhost b.com]# vim index.php
//内容如下
[root@localhost b.com]# curl -x127.0.0.1:80 b.com/index.php -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 05:56:51 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-82.修改/usr/local/apache2.4/conf/extra/httpd-vhosts.conf配置文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
//内容如下
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
#
# AllowOverride AuthConfig
# AuthName "b user auth"
# AuthType Basic
# AuthUserFile /usr/local/apache2.4/.htpasswd
# Require valid-user
#
AllowOverride AuthConfig
AuthName "111 user auth"
AuthType Basic
AuthUserFile /usr/local/apache2.4/.htpasswd
require valid-user
3.测试配置文件及重载
[root@localhost b.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost b.com]# /usr/local/apache2.4/bin/apachectl graceful4.验证
本地验证
//401未授权,需要认证
[root@localhost b.com]# curl -x127.0.0.1:80 b.com/index.php -I
HTTP/1.1 401 Unauthorized
Date: Thu, 28 Jun 2018 06:00:49 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111 user auth"
Content-Type: text/html; charset=iso-8859-1
//不正确的用户名密码或不输入
[root@localhost b.com]# curl -x127.0.0.1:80 -uuser01:1234567 b.com/index.php -I
HTTP/1.1 401 Unauthorized
Date: Thu, 28 Jun 2018 06:02:20 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111 user auth"
Content-Type: text/html; charset=iso-8859-1
//输入正确的用户名密码
[root@localhost b.com]# curl -x127.0.0.1:80 -uuser01:123456 b.com/index.php -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 06:02:26 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
//本次验证用的用户名和密码用的目录验证的用户名密码。如果需新成用户名密码,重新执行
/usr/local/apache2.4/bin/htpasswd -m /usr/local/apache2.4/.htpasswd username(新的用户名)即可远程验证
未输入正确的用户名、密码或未输入
输入正确的用户名密码
三、域名跳转
在用Apache做web服务器的时候,有的时候需要将输入的URL转换成另一个URL。这可以通过Apache的rewrite功能实现。
Rewirte主要的功能就是实现URL的跳转,它的正则表达式是基于 Perl语言。可基于服务器级的(httpd.conf)和目录级的 (.htaccess)两种方式。如果要想用到rewrite模块,必须先安装或加载rewrite模块。方法有两种一种是编译apache的时候就直接 安装rewrite模块,别一种是编译apache时以DSO模式安装apache,然后再利用源码和apxs来安装rewrite模块。
如需从a.com跳转到aaa.com
1.在apache的全局配置文件中启用rewrite模块
[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf
//取消该句注释,开启rewrite功能
#LoadModule rewrite_module modules/mod_rewrite.so2.编辑/usr/local/apache2.4/conf/extra/httpd-vhosts.conf文件
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
//添加规则
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/a.com"
ServerName a.com
ServerAlias a.com aaa.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" common
//添加该段规则
RewriteEngine on
RewriteCond %{HTTP_HOST} !^aaa.com$
RewriteRule ^/(.*)$ http://aaa.com/$1 [R=301,L]
3.测试配置文件及重载
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
4.测试
测试
[root@localhost htdocs]# curl -x127.0.0.1:80 a.com -I
HTTP/1.1 301 Moved Permanently
Date: Fri, 29 Jun 2018 01:28:15 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Location: http://aaa.com/
Content-Type: text/html; charset=iso-8859-1
[root@localhost htdocs]# curl -x127.0.0.1:80 a.com
301 Moved Permanently
Moved Permanently
The document has moved here.
四、Apache访问日志
Apache的访问日志是在虚拟主机子配置文件httpd-vhosts.conf中定义的,一个虚拟主机对应一个错误日志和访问日志。
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/a.com"
ServerName a.com
ServerAlias a.com aaa.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" common
RewriteEngine on
RewriteCond %{HTTP_HOST} !^aaa.com$
RewriteRule ^/(.*)$ http://aaa.com/$1 [R=301,L]
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
#
# AllowOverride AuthConfig
# AuthName "b user auth"
# AuthType Basic
# AuthUserFile /usr/local/apache2.4/.htpasswd
# Require valid-user
#
#
# AllowOverride AuthConfig
# AuthName "b user auth"
# AuthType Basic
# AuthUserFile /usr/local/apache2.4/.htpasswd
# require valid-user
#
[root@localhost htdocs]# ls /usr/local/apache2.4/logs/
access_log a.com-access_log a.com-error_log b.com-access_log b.com-error_log error_log httpd.pid
虚拟主机日志查看(以a.com的访问日志为例)
[root@localhost logs]# tail a.com-access_log
10.0.1.229 - - [28/Jun/2018:21:17:56 -0400] "GET /index.html HTTP/1.1" 404 208
10.0.1.229 - - [28/Jun/2018:21:18:08 -0400] "GET /index.html HTTP/1.1" 404 208
10.0.1.229 - - [28/Jun/2018:21:20:31 -0400] "GET /index.html HTTP/1.1" 200 23
10.0.1.229 - - [28/Jun/2018:21:20:56 -0400] "GET /index.html HTTP/1.1" 304 -
10.0.1.229 - - [28/Jun/2018:21:23:16 -0400] "GET / HTTP/1.1" 301 223
10.0.1.229 - - [28/Jun/2018:21:23:16 -0400] "GET / HTTP/1.1" 200 23
10.0.1.229 - - [28/Jun/2018:21:25:26 -0400] "GET / HTTP/1.1" 301 223
10.0.1.229 - - [28/Jun/2018:21:25:26 -0400] "GET / HTTP/1.1" 304 -
127.0.0.1 - - [28/Jun/2018:21:28:15 -0400] "HEAD HTTP://a.com/ HTTP/1.1" 301 -
127.0.0.1 - - [28/Jun/2018:21:28:49 -0400] "GET HTTP://a.com/ HTTP/1.1" 301 223
//也可以用tail -f logfile动态跟踪日志文件。
[root@localhost logs]# tail -f a.com-access_log
10.0.1.229 - - [28/Jun/2018:21:17:56 -0400] "GET /index.html HTTP/1.1" 404 208
10.0.1.229 - - [28/Jun/2018:21:18:08 -0400] "GET /index.html HTTP/1.1" 404 208
10.0.1.229 - - [28/Jun/2018:21:20:31 -0400] "GET /index.html HTTP/1.1" 200 23
10.0.1.229 - - [28/Jun/2018:21:20:56 -0400] "GET /index.html HTTP/1.1" 304 -
10.0.1.229 - - [28/Jun/2018:21:23:16 -0400] "GET / HTTP/1.1" 301 223
10.0.1.229 - - [28/Jun/2018:21:23:16 -0400] "GET / HTTP/1.1" 200 23
10.0.1.229 - - [28/Jun/2018:21:25:26 -0400] "GET / HTTP/1.1" 301 223
10.0.1.229 - - [28/Jun/2018:21:25:26 -0400] "GET / HTTP/1.1" 304 -
127.0.0.1 - - [28/Jun/2018:21:28:15 -0400] "HEAD HTTP://a.com/ HTTP/1.1" 301 -
127.0.0.1 - - [28/Jun/2018:21:28:49 -0400] "GET HTTP://a.com/ HTTP/1.1" 301 223
访问日志的格式定义在apache的全局配置文件/usr/local/apache2.4/conf/httpd.conf
[root@localhost logs]# grep -A 7 'IfModule log_config_module' /usr/local/apache2.4/conf/httpd.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
//通常用common级的日志,但是记录的内容比较简单,如需更详细的记录,可以开启combined级的日志记录
//combined级的日志记录:包含Referer信息:访问页面的上一级链接,User-Agent信息:用户代理,用户访问页面使用的工具:浏览器、curl等。 对虚拟主机开启combined级日志功能
[root@localhost logs]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/a.com"
ServerName a.com
ServerAlias a.com aaa.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" combined
RewriteEngine on
RewriteCond %{HTTP_HOST} !^aaa.com$
RewriteRule ^/(.*)$ http://aaa.com/$1 [R=301,L]
测试
//未重载配置时
[root@localhost ~]# curl -x127.0.0.1:80 a.com -I
HTTP/1.1 301 Moved Permanently
Date: Fri, 29 Jun 2018 01:51:51 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Location: http://aaa.com/
Content-Type: text/html; charset=iso-8859-1
//日志内容
127.0.0.1 - - [28/Jun/2018:21:28:15 -0400] "HEAD HTTP://a.com/ HTTP/1.1" 301 -
127.0.0.1 - - [28/Jun/2018:21:28:49 -0400] "GET HTTP://a.com/ HTTP/1.1" 301 223
127.0.0.1 - - [28/Jun/2018:21:51:47 -0400] "GET HTTP://a.com/ HTTP/1.1" 301 223
127.0.0.1 - - [28/Jun/2018:21:51:51 -0400] "HEAD HTTP://a.com/ HTTP/1.1" 301 -
//重载配置文件后通过浏览器访问
10.0.1.229 - - [28/Jun/2018:21:54:20 -0400] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
五、访问日志不记录静态文件
apache的访问日志会记录网站每个文件被获取的信息,这样日志信息量会很大,我们排查日志的时候不容易筛选有用的记录。我们可以把静态文件的日志设置为不记录,提高我们排查日志信息的效率
编辑Apache的子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
# SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common env=!img
测试配置文件及重载
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful再访问网站下的图片文件,查看日志已不在记录图片的访问日志了。
//此时,对PNG文件的访问有记录,但是对jpg等其他格式图片的访问没有记录
10.0.1.229 - user01 [28/Jun/2018:23:24:52 -0400] "GET /index.php HTTP/1.1" 200 10 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
127.0.0.1 - - [28/Jun/2018:23:25:28 -0400] "GET HTTP://b.com/ HTTP/1.1" 200 201 "-" "curl/7.29.0"
127.0.0.1 - - [28/Jun/2018:23:25:32 -0400] "HEAD HTTP://b.com/ HTTP/1.1" 200 - "-" "curl/7.29.0"
10.0.1.229 - user01 [28/Jun/2018:23:26:09 -0400] "GET /index.php HTTP/1.1" 200 10 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:26:15 -0400] "GET /img HTTP/1.1" 301 225 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:26:15 -0400] "GET /img/ HTTP/1.1" 200 670 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:26:18 -0400] "GET /img/Screenshot_20180627-211800.png HTTP/1.1" 200 136973 "http://b.com/img/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:26:47 -0400] "GET /img/ HTTP/1.1" 200 714 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:27:02 -0400] "GET /img/indexphp.png HTTP/1.1" 200 18917 "http://b.com/img/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
六、访问日志切割
随着网站访问量的增大,网站的访问日志文件也会变得很大,为了保持磁盘空间,方便日志的管理(如查询、备份、删除历史日志等。),我们需要对日志进行切割操作,可以以天为单位将日志独立切割出来。
在/usr/local/apache2.4/conf/extra/httpd-vhosts.conf配置文件下进行设定:
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
ErrorLog "logs/b.com-error_log"
//%y%m%d以年月日命名,86400秒即1天切割一次。rotatelogs是apache的切割日志工具。
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/b.com-access_%y%m%d.log 86400" common env=!img
重载配置文件后
结果如下
[root@localhost ~]# ls /usr/local/apache2.4/logs/
//对b.com的日志设置生效。
access_log a.com-access_log a.com-error_log b.com-access_180628.log b.com-access_log b.com-error_log error_log httpd.pid
七、静态元素过期时间
浏览器访问网站,获取的图片、css等静态元素会保存在本地电脑缓存文件夹里,方便下次再此访问的时候提高访问速度。我们也可以在服务器端设置这些静态元素的过期时间,可以减网站的带宽压力。
在apache子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf里设定:是通过expires模块实现的。
在编译apache的时候指定了参数mods=most,该模块已经编译进来。
首先在apache全局配置文件里启用该模块
[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf
//取消注释
LoadModule expires_module modules/mod_expires.so
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK然后在apache子配置文件中设定
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
ErrorLog "logs/b.com-error_log"
#%y%m%d以年月日命名,86400秒即1天切割一次。rotatelogs是apache的切割日志工具。
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/b.com-access_%y%m%d.log 86400" common env=!img
//增加该段配置
ExpiresActive on // 打开该功能的开关
ExpiresByType image/gif "access plus 1 days" //gif类型文件的失效时间是1天
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]# curl -x127.0.0.1:80 b.com/img/b.com.jpg -I
HTTP/1.1 200 OK
Date: Fri, 29 Jun 2018 03:46:29 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Last-Modified: Thu, 28 Jun 2018 03:08:53 GMT
ETag: "4117-56fab0d131b40"
Accept-Ranges: bytes
Content-Length: 16663
Cache-Control: max-age=86400
Expires: Sat, 30 Jun 2018 03:46:29 GMT
Content-Type: image/jpeg
可以根据自己的需求对每种静态元素类型单独设置。
八、扩展
apache虚拟主机开启php的短标签 http://ask.apelearn.com/question/5370
apache日志记录代理IP以及真实客户端IP http://ask.apelearn.com/question/960
apache只记录指定URI的日志 http://ask.apelearn.com/question/981
apache日志记录客户端请求的域名 http://ask.apelearn.com/question/1037
apache 日志切割问题 http://ask.apelearn.com/question/566
参考链接
http://httpd.apache.org/docs/current/