相关参数
[root@fire html]# vim /etc/httpd/conf/httpd.conf
KeepAlive on
KeepAlive Timeout 600
Require all granted
Require all denied
Require local
Require [not] host <主机名或域名列表>
Require [not] ip <IP地址或网段列表>
'使用not禁止访问时要将其置于 容器中,并在容器中指定相对应的限制策略'
实验准备
服务器IP:192.168.179.100
客户机IP:192.168.179.119
[root@fire html]# vim /etc/httpd/conf/kkc/vhost.conf
<VirtualHost 192.168.179.100:80>
DocumentRoot "/var/www/html/cllt"
ErrorLog "logs/www.cllt.com.error_log"
CustomLog "logs/www.cllt.com.access_log" common
<Directory "/var/www/html">
<RequireAll>
Require not ip 192.168.179.119
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[root@fire html]# systemctl restart httpd
命令基本格式
'htpasswd命令是httpd自带的'
[root@fire httpd]# htpasswd -c /etc/httpd/conf/abc webadmin '为用户webadmin创建密码文件'
New password:'输入密码'
Re-type new password:'再次输入密码'
[root@fire httpd]# cat /etc/httpd/conf/abc
webadmin:加密密码
'配置基本格式'
<Directory "/var/www/html">
AuthName "DocumentRoot" '受保护的领域名称'
AuthType Basic '认证类型'
AuthUserFile /etc/httpd/conf/qwe '用户认证账号文件'
Require valid-user '要求通过认证才能访问'
</Directory>
实验准备
服务器IP:192.168.179.200
客户机IP:192.168.179.119
客户机正常访问web服务
创建用户认证数据库
[root@fire httpd]# htpasswd -c /etc/httpd/conf/passwd tom
New password:
Re-type new password:
Adding password for user tom
[root@fire httpd]# cat /etc/httpd/conf/passwd
tom:$apr1$ipcCrnwq$5r.nzt39f7w4feubwBBAm1
添加用户授权配置
[root@fire httpd]# vim /etc/httpd/conf/kkc/vhost.conf
<VirtualHost 192.168.179.200:80>
DocumentRoot "/var/www/html/juejue"
ErrorLog "logs/www.juejue.com.error_log"
CustomLog "logs/www.juejue.com.access_log" common
<Directory "/var/www/html">
AuthName "DocumentRoot"
AuthType basic
AuthUserFile /etc/httpd/conf/passwd
Require valid-user
</Directory>
</VirtualHost>
[root@fire httpd]# systemctl restart httpd
随着网站的访问量增加,默认情况下Apache的单个日志文件也会越来越大
对日志文件进行分割
ErrorLog "| rotatelogs 命令的绝对路径 -l 日志文件路径/网站名-error_%Y%m%d.log 86400" 'which rotatelogs命令查看绝对路径,%Y%m%d表示年月日,86400表示一天的秒数'
CustomLog "| rotatelogs 命令的绝对路径 -l 日志文件路径/网站名-access_%Y%m%d.log 86400" combined
例如
[root@localhost logs]vim /etc/httpd/conf/httpd.conf
ErrorLog "| /usr/sbin/rotatelogs -l logs/error_%Y%m%d.log 86400"
CustomLog "| /usr/sbin/rotatelogs -l logs/access_%Y%m%d.log 86400" combined
实验准备
一台虚拟机做Apache服务器,IP地址为:192.168.179.144
[root@localhost opt]# yum install httpd -y
[root@localhost opt]# which rotatelogs 'rotatelogs命令的绝对路径'
/usr/sbin/rotatelogs
httpd配置修改
[root@localhost opt]# vim /etc/httpd/conf/httpd.conf
Listen 192.168.179.144:80
#Listen 80
...
ServerName www.cllt.com:80
...
[root@localhost opt]# systemctl start httpd
[root@localhost opt]# netstat -natp | grep httpd
tcp 0 0 192.168.179.144:80 0.0.0.0:* LISTEN 13625/httpd
[root@localhost opt]# vim /etc/httpd/conf/httpd.conf
ErrorLog "| /usr/sbin/rotatelogs -l logs/www.cllt.com.error_%Y%m%d.log 86400"
CustomLog "| /usr/sbin/rotatelogs -l logs/www.cllt.com.access_%Y%m%d.log 86400" combined
[root@localhost httpd]# systemctl restart httpd
[root@localhost httpd]# ls
access_log error_log www.cllt.com.error_20200805.log
[root@localhost httpd]# ls
access_log www.cllt.com.access_20200805.log
error_log www.cllt.com.error_20200805.log
可以改变日期进行验证
[root@localhost httpd]# date
2020年 08月 05日 星期三 02:34:26 CST
[root@localhost httpd]# date -s 09/05/20
2020年 09月 05日 星期六 00:00:00 CST
[root@localhost httpd]# ls '刷新网页后再次查看'
access_log www.cllt.com.access_20200805.log www.cllt.com.error_20200805.log
error_log www.cllt.com.access_20200905.log www.cllt.com.error_20200905.log
cronolog第三方分割工具需要自己在网上下载工具包放入系统中
[root@localhost httpd]# which cronolog 'cronolog命令的绝对路径'
/usr/sbin/cronolog
配置日志分割
[root@localhost httpd]# rm -rf www.cllt.com.* '现将分割的日志文件删除'
[root@localhost httpd]# ls
access_log error_log
[root@localhost httpd]# vim /etc/httpd/conf/httpd.conf
CustomLog "| /usr/sbin/cronolog logs/www.cllt.com.access_%Y%m%d.log" combined
ErrorLog "| /usr/sbin/cronolog logs/www.cllt.com.error_%Y%m%d.log"
[root@localhost httpd]# systemctl restart httpd
[root@localhost httpd]# ls
access_log error_log www.cllt.com.error_20200905.log
[root@localhost httpd]# ls '刷新网页后'
access_log www.cllt.com.access_20200905.log
error_log www.cllt.com.error_20200905.log
改变日期进行验证
[root@localhost httpd]# date
2020年 09月 05日 星期六 00:13:20 CST
[root@localhost httpd]# date -s 08/05/20
2020年 08月 05日 星期三 00:00:00 CST
[root@localhost httpd]# systemctl restart httpd
[root@localhost httpd]# ls
access_log www.cllt.com.access_20200805.log www.cllt.com.error_20200805.log
error_log www.cllt.com.access_20200905.log www.cllt.com.error_20200905.log