zoukankan      html  css  js  c++  java
  • centos LAMP第二部分apache配置 下载discuz!配置第一个虚拟主机 安装Discuz! 用户认证 配置域名跳转 配置apache的访问日志 配置静态文件缓存 配置防盗链 访问控制 apache rewrite 配置开机启动apache tcpdump 第二十节课

    centos    LAMP第二部分apache配置  下载discuz!配置第一个虚拟主机 安装Discuz! 用户认证 配置域名跳转  配置apache的访问日志  配置静态文件缓存  配置防盗链 访问控制 apache rewrite 配置开机启动apache  tcpdump  第二十节课

    无论是apache 还是nginx,都会有一个默认的虚拟主机 virtual host

    多个vhost都可以用同一个配置文件

    安装两个Apache,两个apache可以共存,但是要使用不同的端口

    主配置文件:/usr/local/apache2/conf/httpd.conf
    虚拟主机配置文件:/usr/local/apache2/conf/extra/httpd-vhosts.conf

    上半节课

    下载discuz!
    配置第一个虚拟主机
    安装Discuz!
    配置mysql,给Discuz!增加一个账户
    Discuz设置注意事项
    5. 用户认证

    下半节课

    6. 配置域名跳转
    7. 配置apache的访问日志
    8. 配置静态文件缓存(其他类型文件可以到apache官方文档里面去搜)
    9. 配置防盗链
    10. 访问控制(一般用在限制用户登录论坛后台管理页面)
    11. apache rewrite相关

    tcpdump

    步骤


    1. 下载discuz!
    cd /download/
    wget -c http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip
    mkdir /data/www //放网站根目录
    cd /data/www
    mv /download/Discuz_X3.2_SC_GBK.zip .
    unzip Discuz_X3.2_SC_GBK.zip
    mv upload/* .   //把upload/目录里面的东西放到www目录,即上一层目录
    cd ..
    rm -rf Discuz_X3.2_SC_GBK.zip readme/ utility/ upload/ //把无用目录删掉


    DiscuzX的包有两种 一种是utf8 一种是gbk:DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip


    2. 配置第一个虚拟主机
    删除/usr/local/apache2/conf/httpd.conf中的这行前面的井号

    #Include conf/extra/httpd-vhosts.conf
    vi /usr/local/apache2/conf/extra/httpd-vhosts.conf

    默认已经有两个vhost,先删除一个,再配置另一个如下:
    <VirtualHost *:80>
    DocumentRoot "/data/www"
    ServerName www.123.com
    </VirtualHost>

    示例解释
    <VirtualHost *:80>
    28 ServerAdmin webmaster@dummy-host.example.com  管理员邮箱
    29 DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com"   网站根目录
    30 ServerName dummy-host.example.com   域名
    31 ServerAlias www.dummy-host.example.com    另一个域名
    32 ErrorLog "logs/dummy-host.example.com-error_log"   日志
    33 CustomLog "logs/dummy-host.example.com-access_log" common   访问日志
    34 </VirtualHost>

    测试配置文件是否正常: /usr/local/apache2/bin/apachectl -t 

    检查/usr/local/apache2/conf/httpd.conf里面是不是Allow from all

    <Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
    </Directory>

    3. 安装Discuz!
    修改Windows机器的hosts文件,将Linux机器的ip跟www.123.com绑定:192.168.11.190 www.123.com

    浏览器输入:
    www.123.com/install/
    根据提示,修改对应目录的权限
    cd /data/www
    chown -R daemon:daemon data uc_server/data uc_client/data config // 让这几个目录支持apache运行帐号可写


    4. 配置mysql,给Discuz!增加一个账户

    检查mysql是否已经启动:ps aux |grep mysql
    将mysql 加入到PATH环境变量
    在/etc/profile加入:export PATH=$PATH:/usr/local/mysql/bin ,然后source一下: source /etc/profile 

    给root指定一个密码:mysqladmin -uroot password '123456'

    给mysql root账户设置密码,然后命令行进入mysql,创建新的库,并创建一个新的帐号对该库有所有权限:
    > create database discuz;
    > grant all on discuz.* to 'root'@'localhost' identified by '123456';
    > quit





    5. Discuz设置注意事项

    1、论坛里面的验证码要安装php的gd模块



    2、管理中心里的install/index.php 要删除

    cd /data/www
    rm -f  install/index.php


    功能设置


    5. 用户认证
    http://www.lishiming.net/thread-554-1-1.html

    虚拟主机配置文件中,需要加入
    <Directory /data/web/test> 
    AllowOverride AuthConfig
    </Directory>

    然后在虚拟主机的主目录,即DocumentRoot 目录下
    vi /data/web/test/.htaccess

    加入
    AuthName "frank share web"
    AuthType Basic
    AuthUserFile /data/web/test/.htpasswd
    require valid-user

    保存后,然后
    创建apache的验证用户

    htpasswd -c /data/web/test/.htpasswd test
    #第一次创建用户要用到-c 参数 第2次添加用户,就不用-c参数

    如果你想修改密码,可以如下

    htpasswd -m .htpasswd test2

    重启apache,即可。

    到此,你已经配置完成。下面介绍另一种方式:
    ##################################
    vi http.conf
    在相应的虚拟主机配置文件段,加入
    <Directory *> 也可以写虚拟主机目录路径:<Directory /data/web/test> 
    AllowOverride AuthConfig
    AuthName "自定义的"
    AuthType Basic
    AuthUserFile /data/.htpasswd # 这里的/data/.htpasswd你可以随便写一个路径或名字,没有限制
    require valid-user
    </Directory>

    保存后,然后
    创建apache的验证用户

    htpasswd -cm /data/.htpasswd test

    增加第二个用户的时候,就不要加-c了,因为-c是创建的意思,如果加上会把这个文件重写。

    --MD5加密
    /usr/local/apache2/bin/htpasswd -cm /data/.htpasswd aming

    看一下第35行为什麽报错:vi +35 /usr/local/apache2/conf/extra/httpd-vhosts.conf

    操作系统没有GBK编码,用的是utf8

    discuz用的GBK版本

    修改apache字符集

    http://blog.chinaunix.net/uid-23078678-id-2974411.html
    修改apache的配置文件httpd.conf
    默认为:AddDefaultCharset UTF-8
    修改为:AddDefaultCharset GBK2312

    然后重启apache生效!

     


    6. 配置域名跳转

    /usr/local/apache2/conf/extra/httpd-vhosts.conf


    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^www.domain1.com$
    RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
    </IfModule>
    如果是多个域名,可以这样设置:
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^www.domain.com [OR]  //注意www.domain.com [OR]  之间有空格
    RewriteCond %{HTTP_HOST} ^www.domain1.com$
    RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
    </IfModule>
    或者: <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} !^www.domain2.com$
    RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
    </IfModule>

    www.a.com跳转到www.1.com

    示例

    vi  /usr/local/apache2/conf/extra/httpd-vhosts.conf
    //添加

    #配置域名跳转 <IfModule mod_rewrite.c> RewriteEngine on //首先把引擎打开 RewriteCond %{HTTP_HOST} ^www.a.com$ //判断条件 域名是www.a.com的时候 RewriteRule ^/(.*)$ http://www.1.com/$1 [R=301,L] //跳转到www.1.com 302暂时跳转 301永久跳转 </IfModule>


    7. 配置apache的访问日志

    apache访问日志,日志切割,归档 ,防止大文件爆满,有4种log

     

    日志格式

    /usr/local/apache2/conf/httpd.conf

    <IfModule log_config_module>
        243     #
        244     # The following directives define some format nicknames for use with
        245     # a CustomLog directive (see below).
        246     #
        247     LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
        248     LogFormat "%h %l %u %t "%r" %>s %b" common
    
    %h 远程主机
    %l 远程主机登录名称
    %u 认证用户
    %t 事件产生时间
    %r 请求报文的第一行(方法、资源、版本号)
    %>s 最后一个请求对应的状态吗
    %b 响应报文的大小
    %Referer 从哪个页面来的,比如从百度来的
    %user-Agent 客户端浏览器类型

    配置日志

    /usr/local/apache2/conf/extra/httpd-vhosts.conf

    #配置日志
    ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/oem.discuz.qq.com-error_%Y%m%d.log 86400" SetEnvIf Request_URI ".*.gif$" image-request SetEnvIf Request_URI ".*.jpg$" image-request SetEnvIf Request_URI ".*.png$" image-request SetEnvIf Request_URI ".*.bmp$" image-request SetEnvIf Request_URI ".*.swf$" image-request SetEnvIf Request_URI ".*.js$" image-request SetEnvIf Request_URI ".*.css$" image-request CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/oem.discuz.qq.com-access_%Y%m%d.log 86400" combined env=!image-request //不记录图片请求日志

    配置完日志后检查语法

    /usr/local/apache2/bin/apachectl -t
    /usr/local/apache2/bin/apachectl restart

    配置文件中下面这一段的意思是不记录静态文件访问的日志
    *********************************
    env=!image-request
    SetEnvIf Request_URI ".*.gif$" image-request 正则 .*任意个任意字符 脱义. gif $结尾的
    *********************************

    #配置日志
    ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/www.123.com-error_%Y%m%d.log 86400" 
    SetEnvIf Request_URI ".*.gif$" image-request
    SetEnvIf Request_URI ".*.jpg$" image-request
    SetEnvIf Request_URI ".*.png$" image-request
    SetEnvIf Request_URI ".*.bmp$" image-request
    SetEnvIf Request_URI ".*.swf$" image-request
    SetEnvIf Request_URI ".*.js$" image-request
    SetEnvIf Request_URI ".*.css$" image-request
    CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/www.123.com-access_%Y%m%d.log 86400" combined env=!image-request 

    8. 配置静态文件缓存(其他类型文件可以到apache官方文档里面去搜)

    /usr/local/apache2/conf/extra/httpd-vhosts.conf

    # 配置静态文件缓存
    <IfModule mod_expires.c> ExpiresActive on ExpiresByType image/gif "access plus 1 days" ExpiresByType image/jpeg "access plus 24 hours" ExpiresByType image/png "access plus 24 hours" ExpiresByType text/css "now plus 2 hour" ExpiresByType application/x-javascript "now plus 2 hours" ExpiresByType application/javascript "now plus 2 hours" ExpiresByType application/x-shockwave-flash "now plus 2 hours" ExpiresDefault "now plus 0 min" </IfModule>

    或者使用mod_headers模块实现

    <ifmodule mod_headers.c> 
    # htm,html,txt类的文件缓存一个小时 
    <filesmatch ".(html|htm|txt)$"> 
    header set cache-control "max-age=3600" 
    </filesmatch> 
    # css, js, swf类的文件缓存一个星期 
    <filesmatch ".(css|js|swf)$"> 
    header set cache-control "max-age=604800" 
    </filesmatch> 
    # jpg,gif,jpeg,png,ico,flv,pdf等文件缓存一年 
    <filesmatch ".(ico|gif|jpg|jpeg|png|flv|pdf)$"> 
    header set cache-control "max-age=29030400" 
    </filesmatch> 
    </ifmodule>

    配置完静态文件缓存后检查语法

    /usr/local/apache2/bin/apachectl -t
    /usr/local/apache2/bin/apachectl restart

    在网站根目录下创建一个jpg文件进行测试

     浏览器

    应用

    /usr/local/apache2/bin/apachectl -t
    /usr/local/apache2/bin/apachectl restart
    touch /data/www/1.jpeg
    curl -x127.0.0.1:80  www.123.com/1.jpeg -I
    HTTP/1.1 200 OK
    Date: Tue, 20 Oct 2015 17:35:41 GMT
    Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28
    Last-Modified: Tue, 20 Oct 2015 17:34:51 GMT
    ETag: "e35a8-0-5228cadd9f7c1"
    Accept-Ranges: bytes
    Cache-Control: max-age=86400
    Expires: Wed, 21 Oct 2015 17:35:41 GMT
    Content-Type: image/jpeg

    9. 配置防盗链

    /usr/local/apache2/conf/extra/httpd-vhosts.conf


    SetEnvIfNoCase Referer "^http://.*.yourdomin.com" local_ref
    SetEnvIfNoCase Referer ".*.yourdomin.com" local_ref
    SetEnvIfNoCase Referer "^$" local_ref
    <filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)">
    Order Allow,Deny
    Allow from env=local_ref
    </filesmatch>

    # 配置防盗链
    SetEnvIfNoCase Referer "^http://www.1.com" local_ref
    SetEnvIfNoCase Referer "www.a.com" local_ref
    SetEnvIfNoCase Referer "www.b.com" local_ref
    SetEnvIfNoCase Referer "^$" local_ref
    <filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)">
    Order Allow,Deny
    Allow from env=local_ref   //local_ref是配置的别名,允许local_ref配置里面的内容
    </filesmatch>

    测试

    /usr/local/apache2/bin/apachectl -t
    /usr/local/apache2/bin/apachectl restart
    curl -e "http://www.baidu.com/sdfsdf" -x127.0.0.1:80 www.1.com/1.txt -I
    或者不加-e
    curl -x127.0.0.1:80 www.1.com/1.txt -I

    可以看vhost的访问日志

    应用

    # 配置防盗链
         53 SetEnvIfNoCase Referer "^http://www.123.com" local_ref
         54 SetEnvIfNoCase Referer "^$" local_ref
         55 <filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)">
         56 Order Allow,Deny
         57 Allow from env=local_ref
         58 </filesmatch>
    ------------------------------------------------------
    
    # touch /data/www/1.txt
    # curl -e "http://www.baidu.com/sdfsdf" -x127.0.0.1:80 www.123.com/1.txt -I
    HTTP/1.1 403 Forbidden
    Date: Tue, 20 Oct 2015 17:45:49 GMT
    Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28
    Content-Type: text/html; charset=iso-8859-1
    
    
    
    
    # curl  -x127.0.0.1:80 www.123.com/1.txt -I
    HTTP/1.1 200 OK
    Date: Tue, 20 Oct 2015 17:46:21 GMT
    Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28
    Last-Modified: Tue, 20 Oct 2015 17:45:27 GMT
    ETag: "e35ae-0-5228cd3cca4c1"
    Accept-Ranges: bytes
    Cache-Control: max-age=0
    Expires: Tue, 20 Oct 2015 17:46:21 GMT
    Content-Type: text/plain

    马上产生errorlog

    # tail www.123.com-error_20151021.log 
    [Wed Oct 21 01:35:23 2015] [error] [client 127.0.0.1] File does not exist: /data/www/1jpeg
    [Wed Oct 21 01:45:49 2015] [error] [client 127.0.0.1] client denied by server configuration: /data/www/1.txt, referer: http://www.baidu.com/sdfsdf

    10. 访问控制(一般用在限制用户登录论坛后台管理页面)

    /usr/local/apache2/conf/extra/httpd-vhosts.conf

    # 访问控制
    <Directory /data/www/admin>  //一般只对非常重要的网站后台管理目录做限制
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    </Directory>

    测试

    /usr/local/apache2/bin/apachectl -t
    /usr/local/apache2/bin/apachectl restart
    curl -x127.0.0.1:80 www.1.com/1.txt -I

    参考文档来源: http://jingyan.baidu.com/article/4b07be3c193d1648b380f3a9.html

    <Files ~ ".insc$">等价于<Filesmatch (.*)php>

    1. 禁止访问某些文件/目录
    增加Files选项来控制,比如要不允许访问 .inc 扩展名的文件,保护php类库:
    <Files ~ ".insc$">

    2. 禁止访问某些指定的目录:(可以用 <DirectoryMatch> 来进行正则匹配)
    <Directory ~ "/var/www/(.+)*[0-9]{3}">
    当然也可以写目录全局路径
    <Directory /var/www/111>

    3. 通过文件匹配来进行禁止,比如禁止所有针对图片的访问:
    <Filesmatch (.*)php>

    4. 针对URL相对路径的禁止访问
    <Location /dir/>


    <Directory /data/www/admin>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    </Directory>

    针对请求的uri去限制
    <filesmatch "(.*)admin(.*)">
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    </filesmatch>

    某个目录下禁止解析php
    <Directory /data/www/path>
    php_admin_flag engine off
    <filesmatch "(.*)php">
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    </filesmatch>
    </Directory>

    主配置文件里有这麽一段:/usr/local/apache2/conf/httpd.conf

    找了半天终于找到了问题的根源,其实是配置对了,只是我们访问的有点问题。
    我们访问的地址是1.txt ,而在配置文件中我们有配置一段防盗链
    针对1.txt referer是空或者是1.com 都会直接允许访问,问题就在这里。当我再次访问 forum.php的时候 效果达到了。

    应用

    <Directory /data/www>   //只对网站后台管理页面进行控制
    <filesmatch "admin.php">
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    </filesmatch> 
    </Directory>

    匹配

    http://www.1.com/admin/admin.phpsdfsdfsdf
    http://www.1.com/admin.phpwerewrwerwer
    http://www.1.com/ewfwewefadmin.phpwerewrwerwer

    <Directory /data/www/admin.php>   
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    </Directory>

    匹配

    http://www.1.com/admin.php

    #某个目录下禁止解析php
    <Directory /data/www/uc_server>
    php_admin_flag engine off 
    <filesmatch "(.*)php">
    Order deny,allow
    Deny from all
    </filesmatch> 
    </Directory>

    应用

    <Directory /data/www>
          <filesmatch "admin.php">
          Order deny,allow
          Deny from all
          Allow from 192.168.0.100
          Allow from 192.168.0.101
          </filesmatch>
    </Directory>

    非上面两个ip的都不行


    11. apache rewrite相关

    RewriteCond 重写条件
    RewriteRule 重写规则

    [R=302]临时跳转 rewrite
    [R=301]永久跳转 rewrite

    伪静态就是你访问一个动态页面的时候URL是一串动态的字符,而配置了伪静态之后URL变为静态,跟rewrite域名跳转不一样


    apache 限制指定user_agent http://www.lishiming.net/thread-1033-1-1.html
    apache 限制某些目录不能访问通过rewrite实现 http://www.lishiming.net/thread-3587-1-1.html
    apache rewrite 出现死循环 http://www.lishiming.net/thread-1043-1-1.html

    apache rewrite 出现死循环
    网站夜间升级 ,全部页面跳转到网站公告页面
    除了公告页面不跳转,否则会出现死循环,公告页面跳入公告页面

    discuz伪静态配置:
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/topic-(.+).html$ /portal.php?mod=topic&topic=$1&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/article-([0-9]+)-([0-9]+).html$ /portal.php?mod=view&aid=$1&page=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/forum-(w+)-([0-9]+).html$ /forum.php?mod=forumdisplay&fid=$1&page=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/thread-([0-9]+)-([0-9]+)-([0-9]+).html$ /forum.php?mod=viewthread&tid=$1&extra=page\%3D$3&page=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/group-([0-9]+)-([0-9]+).html$ /forum.php?mod=group&fid=$1&page=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/space-(username|uid)-(.+).html$ /home.php?mod=space&$1=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/blog-([0-9]+)-([0-9]+).html$ /home.php?mod=space&uid=$1&do=blog&id=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/archiver/(fid|tid)-([0-9]+).html$ /archiver/index.php?action=$1&value=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/([a-z]+[a-z0-9_]*)-([a-z0-9_-]+).html$ /plugin.php?id=$1:$2&%1

     

    应用

    将下面的代码放在域名跳转下面

    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/topic-(.+).html$ /portal.php?mod=topic&topic=$1&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/article-([0-9]+)-([0-9]+).html$ /portal.php?mod=view&aid=$1&page=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/forum-(w+)-([0-9]+).html$ /forum.php?mod=forumdisplay&fid=$1&page=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/thread-([0-9]+)-([0-9]+)-([0-9]+).html$ /forum.php?mod=viewthread&tid=$1&extra=page\%3D$3&page=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/group-([0-9]+)-([0-9]+).html$ /forum.php?mod=group&fid=$1&page=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/space-(username|uid)-(.+).html$ /home.php?mod=space&$1=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/blog-([0-9]+)-([0-9]+).html$ /home.php?mod=space&uid=$1&do=blog&id=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/archiver/(fid|tid)-([0-9]+).html$ /archiver/index.php?action=$1&value=$2&%1
    RewriteCond %{QUERY_STRING} ^(.*)$
    RewriteRule ^/([a-z]+[a-z0-9_]*)-([a-z0-9_-]+).html$ /plugin.php?id=$1:$2&%1


    vhost下面加功能


    多个vhost对应多个端口

    #
         19 NameVirtualHost *:80  //多个vhost写多个端口
         20 NameVirtualHost *:8080
         21 #
         22 # VirtualHost example:
         23 # Almost any Apache directive may go into a VirtualHost container.
         24 # The first VirtualHost section is used for all requests that do not
         25 # match a ServerName or ServerAlias in any <VirtualHost> block.
         26 #
         27 <VirtualHost *:80>
         28     ServerAdmin webmaster@dummy-host.example.com
         29     DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com"
         30     ServerName dummy-host.example.com
         31     ServerAlias www.dummy-host.example.com
         32     ErrorLog "logs/dummy-host.example.com-error_log"
         33     CustomLog "logs/dummy-host.example.com-access_log" common
         34 </VirtualHost>
         35 
         36 <VirtualHost *:80>
         37     ServerAdmin webmaster@dummy-host2.example.com
         38     DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com"
         39     ServerName dummy-host2.example.com

    curl的浏览器标识 user-agent

     


    http://www.jbxue.com/article/10287.html

    今天学习使用apache系统自带的rotatelogs工具对日志进行截断处理。

    一,修改文件httpd.conf
    注意:以下日志文件存储路径均为绝对路径。

    复制代码 代码示例:
    CustomLog "logs/access.log" common 原来的样子
    ErrorLog "logs/error.log"原来的样子
    CustomLog "|bin/rotatelogs /var/logs/logfile 86400" common 修改后的样子
    CustomLog "|bin/rotatelogs /var/logs/logfile 5M" common 修改后的样子
    ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M"
    二,重启apache服务,在指定的日志目录中验证。

    三:语法分析
    rotatelogs [ -l ] logfile [ rotationtime [ offset ]] | [ filesizeM ]
    该命令其实只有两种选项用以对日志文件logfile进行操作。且必须选择其中一种方式。
    第一种,rotationtime
    日志文件以秒为单位滚动
    第二种, filesizeM
    指定以filesizeM文件大小滚动,而不是按照时间或时差滚动
    举例:ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M"

    此配置会在错误日志大小增长到5兆字节时滚动该日志,日志文件名后缀会按照如下格式创建:errorlog.YYYY-mm-dd-HH_MM_SS 。
    选项 -l 和offset都是和时区相关的。

    四:文件名称格式

    errorlog.%Y-%m-%d-%H_%M_%S-------------------errorlog.YYYY-mm-dd-HH_MM_SS
    %A 星期名全称(本地的)
    %a 3个字符的星期名(本地的)
    %B 月份名的全称(本地的)
    %b 3个字符的月份名(本地的)
    %c 日期和时间(本地的)
    %d 2位数的一个月中的日期数
    %H 2位数的小时数(24小时制)
    %I 2位数的小时数(12小时制)
    %j 3位数的一年中的日期数
    %M 2位数的分钟数
    %m 2位数的月份数
    %p am/pm12小时制的上下午(本地的)
    %S 2位数的秒数
    %U 2位数的一年中的星期数(星期天为一周的第一天)
    %W 2位数的一年中的星期数(星期一为一周的第一天)
    %w 1位数的星期几(星期天为一周的第一天)
    %X 时间(本地的)
    %x 日期(本地的)
    %Y 4位数的年份
    %y 2位数的年份
    %Z 时区名
    %% 符号"%"本身
    接下来介绍,按日期生成apache日志文件及限制apache日志文件大小的方法。

    需要用到apache自带的rotatelogs小工具
    语法如下:
    rotatelogs [ -l ] logfile [ rotationtime [ offset ]] | [ filesizeM ]

    参数解释:
    -l :使用本地时间代替GMT时间作为时间基准。注意:在一个改变GMT偏移量(比如夏令时)的环境中使用-l会导致不可预料的结果。
    logfile:它加上基准名就是日志文件名。如果logfile中包含"%",则它会被视为用于strftime()的格式字符串;否则它会被自动加上以秒为单位的".nnnnnnnnnn"后缀。

    这两种格式都表示新的日志开始使用的时间。

    rotationtime :日志文件滚动的以秒为单位的间隔时间。
    offset :相对于UTC的时差的分钟数。如果省略,则假定为"0"并使用UTC时间。比如,要指定UTC时差为"-5小时"的地区的当地时间,则此参数

    应为"-300"。
    filesizeM :指定以filesizeM文件大小滚动,而不是按照时间或时差滚动。

    例子:
    1、按时间滚动日志文件:
    错误日志:

     ErrorLog "|/data/apache/bin/rotatelogs 日志存放目录/%Y%m%d_error.log 86400 480" 

    访问日志:

     CustomLog "|/data/apache/bin/rotatelogs 日志存放目录/%Y%m%d_access.log 86400 480" common 
    其中:
    /data/apache:为apache的安装目录,根据自己实际情况确定;
    86400:秒,24小时,表示生成的日志文件按天滚动,也就是每天生成一个日志文件;
    480:分,时间偏移。
    同理可以按小时滚动日志文件,每隔一个小时,几个小时。。。生成一个日志文件。

    扩展:可以写个脚本定时删除日志文件,只保留几天的日志,如果网站访问量比较大,一天会生成几十上百M甚至更大的日志文件,既占硬盘又影响服务器性能。

    2、按大小滚动日志文件:
    错误日志:

     ErrorLog "|/data/apache/bin/rotatelogs -l 日志存放目录/%Y%m%d_error.log 5M" 

    访问日志:

     CustomLog "|/data/apache/bin/rotatelogs -l 日志存放目录/%Y%m%d_access.log 5M" common 
    当日志文件达到5M时,滚动该日志文件。

    另外,说下apache日志管理的相关知识。

    web服务器日志滚动的方法,常用的有如下三种:

    1,利用Linux系统自身的日志文件轮循机制:logrotate
    2,利用apache自带的日志轮循程序rotatelogs
    3,使用在apache的FAQ中推荐发展已经比较成熟的一个日志轮循工具cronolog
    这里介绍下apache自带的日志滚动程序rotatelogs,并用shell脚本定期删除日志文件,只保留近3天的文件,以免日志文件占满磁盘空间。
    修改apache服务器的主配置文件httpd.conf,找到以下内容,并修改成:

    ErrorLog /var/log/httpd/error_log
    CustomLog "|/usr/local/apache2/bin/rotatelogs /var/log/httpd/access_log 86400 400M" combined

    86400 ---日志滚动的时间是一天
    400---日志文件最大400M就滚动
    combined ---采用复合格式

    然后,建立清除日志文件的shell脚本,文件名为clean_log

    #! /bin/bash
    logdir=/var/log/httpd
    cd ${logdir}
    declare -i filesum=`ls access_log.* | wc -l`
    declare -i delnum=$filesum-3
    if [ "${delnum}" -ge 1 ];then
    rm -rf `ls -tr access_log.* | head -${delnum}`
    fi


    #加上执行权限

    chmod 755 clean_log



    保留最近3天的日志文件。

    创建自动化任务:

    01 04 * * * /usr/local/crontab/clean_log

    PHP的扩展库

    GD图片处理库

     


    修改目录权限

    根据提示,修改对应目录的权限
    cd /data/www
    chown -R daemon:daemon data uc_server/data uc_client/data config // 让这几个目录支持apache运行帐号可写


    配置开机启动apache

    echo '/usr/local/apache2/bin/apachectl  start'>>/etc/rc.local

    注意:不能使用/etc/init.d/httpd的方式!

    还有虚拟机安装了两个httpd,一个rpm版本,一个编译安装版,导致修改了vhosts配置文件之后,执行apachectl -restart的时候新修改的内容不生效

    解决办法是删除rpm版本的httpd

    rpm -qa |grep httpd
    rpm -e httpd-2.2.15-39.el6.centos.x86_64
    rpm -qa |grep httpd

    http://www.apelearn.com/bbs/thread-9146-1-1.html

     

    编译安装安装方式不支持将apachectl放入/etc/init.d/httpd
    RPM包方式才支持将apachectl放入/etc/init.d/httpd


    tcpdump抓包

    tcpdump -nn -i eth1 -s 0 host 192.168.0.100 and dst port 80 and dst 192.168.0.106    //因为只显示目标端口和目标ip所以单向


    listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
    06:44:35.903095 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [S], seq 1723280863, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    06:44:35.905358 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 3341746770, win 16425, length 0
    06:44:35.905378 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [P.], seq 0:1163, ack 1, win 16425, length 1163
    06:44:35.967826 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 2921, win 16425, length 0
    06:44:35.968025 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 5841, win 16425, length 0
    06:44:35.968165 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 8761, win 16425, length 0
    06:44:35.968295 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 11681, win 16425, length 0
    06:44:35.968466 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 14601, win 16425, length 0
    06:44:35.968693 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 16254, win 16425, length 0
    06:44:36.016064 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [P.], seq 1163:2416, ack 16259, win 16423, length 1253

    点击一下默认板块产生很多包

    # tcpdump -nn -i eth1 -s 0 tcp and port 80 and host 192.168.0.100 and host 192.168.0.106    //指定了端口一般也要指定协议 因为两个都是host所以会显示双向
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
    06:55:33.624605 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [S], seq 1337810073, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    06:55:33.624658 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [S.], seq 3180963847, ack 1337810074, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
    06:55:33.625110 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 1, win 16425, length 0
    06:55:33.625122 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [P.], seq 1:1149, ack 1, win 16425, length 1148
    06:55:33.625162 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], ack 1149, win 264, length 0
    06:55:33.684537 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 1:2921, ack 1149, win 264, length 2920
    06:55:33.684796 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 2921, win 16425, length 0
    06:55:33.684886 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 2921:5841, ack 1149, win 264, length 2920
    06:55:33.685506 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 5841, win 16425, length 0
    06:55:33.685576 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 5841:8761, ack 1149, win 264, length 2920
    06:55:33.685782 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 8761, win 16425, length 0
    06:55:33.687586 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 8761:11681, ack 1149, win 264, length 2920


     httpd的访问日志

    C:UsersNameDesktopapache 2015-10-26 logsaccess_log
    
    127.0.0.1 - - [12/Oct/2015:13:35:03 +0800] "GET /1.php HTTP/1.1" 200 26
    192.168.0.101 - - [12/Oct/2015:13:35:43 +0800] "GET /favicon.ico HTTP/1.1" 404 209
    192.168.0.101 - - [12/Oct/2015:13:35:44 +0800] "GET /1.php HTTP/1.1" 200 26
    192.168.0.101 - - [12/Oct/2015:13:35:44 +0800] "GET /1.php HTTP/1.1" 200 26
    127.0.0.1 - - [12/Oct/2015:13:38:53 +0800] "GET /1.php HTTP/1.1" 200 51497
    192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php HTTP/1.1" 200 52807
    192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2524
    192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2146
    192.168.0.101 - - [12/Oct/2015:13:39:02 +0800] "GET /favicon.ico HTTP/1.1" 404 209
    127.0.0.1 - - [12/Oct/2015:13:39:18 +0800] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [12/Oct/2015:13:39:19 +0800] "OPTIONS * HTTP/1.0" 200 -
    192.168.0.101 - - [21/Oct/2015:00:13:53 +0800] "GET /install/ HTTP/1.1" 200 7268
    
    192.168.0.101 - - [21/Oct/2015:00:13:54 +0800] "GET /install/images/bg_footer.gif HTTP/1.1" 200 116
    192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/index.php?step=1&uchidden=&submit=%CE%D2%CD%AC%D2%E2 HTTP/1.1" 200 5723
    192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/images/bg_stepstatus.gif HTTP/1.1" 200 259
    192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/images/stepnum.gif HTTP/1.1" 200 2632
    127.0.0.1 - - [21/Oct/2015:00:14:11 +0800] "OPTIONS * HTTP/1.0" 200 -
    127.0.0.1 - - [21/Oct/2015:00:14:12 +0800] "OPTIONS * HTTP/1.0" 200 -
    192.168.0.101 - - [21/Oct/2015:00:15:19 +0800] "POST /install/index.php HTTP/1.1" 200 3455
    192.168.0.101 - - [21/Oct/2015:00:15:25 +0800] "POST /install/index.php HTTP/1.1" 302 -
    192.168.0.101 - - [21/Oct/2015:00:15:25 +0800] "GET /install/index.php?step=3&install_ucenter=yes HTTP/1.1" 200 3524
    192.168.0.101 - - [21/Oct/2015:00:18:46 +0800] "-" 408 -
    127.0.0.1 - - [21/Oct/2015:00:18:46 +0800] "OPTIONS * HTTP/1.0" 200 -
    192.168.0.101 - - [21/Oct/2015:00:25:32 +0800] "POST /install/index.php HTTP/1.1" 200 32719
    192.168.0.101 - - [21/Oct/2015:00:25:39 +0800] "GET /misc.php?mod=initsys HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:25:46 +0800] "GET /install/index.php?method=ext_info HTTP/1.1" 200 1267
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET / HTTP/1.1" 301 -
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /forum.php HTTP/1.1" 200 12593
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_forum_index.css?pss HTTP/1.1" 200 3665
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_common.css?pss HTTP/1.1" 200 69562
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_widthauto.css?pss HTTP/1.1" 200 1483
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/common.js?pss HTTP/1.1" 200 63289
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/forum.js?pss HTTP/1.1" 200 22720
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/logging.js?pss HTTP/1.1" 200 603
    
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/search.png HTTP/1.1" 200 1301
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/nv.png HTTP/1.1" 200 1939
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/nv_a.png HTTP/1.1" 200 2076
    
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358368 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/scrolltop.png HTTP/1.1" 200 1383
    127.0.0.1 - - [21/Oct/2015:00:26:16 +0800] "OPTIONS * HTTP/1.0" 200 -
    192.168.0.101 - - [21/Oct/2015:00:26:29 +0800] "GET /static/js/ajax.js?pss HTTP/1.1" 200 7835
    192.168.0.101 - - [21/Oct/2015:00:26:29 +0800] "POST /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1 HTTP/1.1" 200 396
    192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /member.php?mod=logging&action=login&auth=29daT789VZ8C8zjE0ImpSpwPwzApkK2NKDrzbc6qlNvfyAN112%2FCRomzwA&referer=http%3A%2F%2Fwww.123.com%2Fforum.php&infloat=yes&handlekey=login&inajax=1&ajaxtarget=fwin_content_login HTTP/1.1" 200 3747
    192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/js/common_extra.js?pss HTTP/1.1" 200 46875
    192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/cls.gif HTTP/1.1" 200 526
    192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/right.gif HTTP/1.1" 200 678
    192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSAnX92XB&0.24064634722004718&modid=member::logging HTTP/1.1" 200 1528
    192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/none.gif HTTP/1.1" 200 43
    192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /misc.php?mod=seccode&update=40780&idhash=cSAnX92XB HTTP/1.1" 200 158
    192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /static/image/common/loading.gif HTTP/1.1" 200 875
    192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=member::logging&idhash=cSAnX92XB&secverify=ctcj HTTP/1.1" 200 70
    192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /static/image/common/check_right.gif HTTP/1.1" 200 296
    00 -
    
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/refresh.png HTTP/1.1" 200 1074
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358408 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /data/cache/common_smilies_var.js?pss HTTP/1.1" 200 3400
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358408 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765216946 HTTP/1.1" 200 13536
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSLszz2X&0.721008357087331&modid=forum::forumdisplay HTTP/1.1" 200 1519
    
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/shutup.gif HTTP/1.1" 200 2500
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/sleepy.gif HTTP/1.1" 200 2375
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/hug.gif HTTP/1.1" 200 1054
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/victory.gif HTTP/1.1" 200 1275
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/time.gif HTTP/1.1" 200 687
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/kiss.gif HTTP/1.1" 200 987
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/handshake.gif HTTP/1.1" 200 1322
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/call.gif HTTP/1.1" 200 603
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358408 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/folder_new.gif HTTP/1.1" 200 235
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/pollsmall.gif HTTP/1.1" 200 600
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=seccode&update=62355&idhash=cSLszz2X HTTP/1.1" 200 158
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.15455305205052006&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63
    192.168.0.101 - - [21/Oct/2015:00:26:50 +0800] "GET /static/image/common/uploadbutton_small.png HTTP/1.1" 200 690
    192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /data/cache/style_1_forum_post.css?pss HTTP/1.1" 200 7059
    
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line5.png HTTP/1.1" 200 528
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/0.gif HTTP/1.1" 200 1013
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line4.png HTTP/1.1" 200 133
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line1.png HTTP/1.1" 200 164
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line9.png HTTP/1.1" 200 187
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/5.gif HTTP/1.1" 200 1602
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line2.png HTTP/1.1" 200 711
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line7.png HTTP/1.1" 200 365
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/2.gif HTTP/1.1" 200 3343
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?css=1_wysiwyg&pss HTTP/1.1" 200 559
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /data/cache/style_1_forum_calendar.css?pss HTTP/1.1" 200 1161
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358410 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358410 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765219307 HTTP/1.1" 200 13536
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765219353 HTTP/1.1" 200 13536
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358410 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSaG588y&0.2836799351813733&modid=forum::post HTTP/1.1" 200 1503
    192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.9286310464287497&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63
    192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=seccode&update=42232&idhash=cSaG588y HTTP/1.1" 200 158
    192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /forum.php?mod=relatekw&subjectenc=&messageenc=&inajax=1&ajaxtarget=tagselect HTTP/1.1" 200 63
    192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63
    192.168.0.101 - - [21/Oct/2015:00:26:57 +0800] "GET /forum.php?mod=relatekw&subjectenc=test&messageenc=&inajax=1&ajaxtarget=tagselect HTTP/1.1" 200 63
    192.168.0.101 - - [21/Oct/2015:00:27:04 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=forum::post&idhash=cSaG588y&secverify=cj6j HTTP/1.1" 200 70
    192.168.0.101 - - [21/Oct/2015:00:27:06 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=forum::post&idhash=cSaG588y&secverify=cj6j HTTP/1.1" 200 70
    127.0.0.1 - - [21/Oct/2015:00:27:13 +0800] "OPTIONS * HTTP/1.0" 200 -
    192.168.0.101 - - [21/Oct/2015:00:27:25 +0800] "POST /forum.php?mod=post&action=newthread&fid=2&extra=&topicsubmit=yes HTTP/1.1" 301 -
    192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /static/image/common/uploadbutton.png HTTP/1.1" 200 1391
    192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /static/image/common/uploadbutton.png HTTP/1.1" 200 1391
    192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /forum.php?mod=viewthread&tid=1&extra= HTTP/1.1" 200 32905
    192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /data/cache/style_1_forum_viewthread.css?pss HTTP/1.1" 200 46079
    
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /static/image/common/fastreply.gif HTTP/1.1" 200 608
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765254727 HTTP/1.1" 200 13536
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358446 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSUsRRzX&0.7534482570377987&modid=forum::viewthread HTTP/1.1" 200 1515
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358446 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358446 HTTP/1.1" 200 -
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=seccode&update=24492&idhash=cSUsRRzX HTTP/1.1" 200 158
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.2202783499608713&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63
    192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63
    127.0.0.1 - - [21/Oct/2015:00:27:35 +0800] "OPTIONS * HTTP/1.0" 200 -
    192.168.0.101 - - [21/Oct/2015:00:31:40 +0800] "GET /admin.php HTTP/1.1" 200 2568
    192.168.0.101 - - [21/Oct/2015:00:31:40 +0800] "GET /static/image/admincp/admincp.css HTTP/1.1" 200 33246
    192.168.0.101 - - [21/Oct/2015:00:31:41 +0800] "GET /static/image/admincp/bg_login.gif HTTP/1.1" 200 475
    192.168.0.101 - - [21/Oct/2015:00:31:41 +0800] "GET /static/image/admincp/login_title.gif HTTP/1.1" 200 3121
    192.168.0.101 - - [21/Oct/2015:00:31:46 +0800] "POST /admin.php? HTTP/1.1" 302 -
    192.168.0.101 - - [21/Oct/2015:00:31:46 +0800] "GET /admin.php? HTTP/1.1" 200 37555
    192.168.0.101 - - [21/Oct/2015:00:31:47 +0800] "GET /static/image/admincp/admincp.css?pss HTTP/1.1" 200 33246
    192.168.0.101 

    httpd的错误日志

    C:UsersNameDesktopapache 2015-10-26 logserror_log
    
    [Mon Oct 12 13:02:20 2015] [notice] Digest: generating secret for digest authentication ...
    [Mon Oct 12 13:02:20 2015] [notice] Digest: done
    [Mon Oct 12 13:02:20 2015] [notice] Apache/2.2.27 (Unix) DAV/2 configured -- resuming normal operations
    [Mon Oct 12 13:33:01 2015] [notice] SIGHUP received.  Attempting to restart
    [Mon Oct 12 13:33:01 2015] [notice] Digest: generating secret for digest authentication ...
    [Mon Oct 12 13:33:01 2015] [notice] Digest: done
    [Mon Oct 12 13:33:01 2015] [notice] Apache/2.2.27 (Unix) DAV/2 configured -- resuming normal operations
    [Mon Oct 12 13:35:43 2015] [error] [client 192.168.0.101] File does not exist: /usr/local/apache2/htdocs/favicon.ico
    [Mon Oct 12 13:37:05 2015] [notice] SIGHUP received.  Attempting to restart
    [Mon Oct 12 13:37:05 2015] [notice] Digest: generating secret for digest authentication ...
    [Mon Oct 12 13:37:05 2015] [notice] Digest: done
    [Mon Oct 12 13:37:05 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
    [Mon Oct 12 13:38:23 2015] [notice] caught SIGTERM, shutting down
    [Mon Oct 12 13:38:27 2015] [notice] Digest: generating secret for digest authentication ...
    [Mon Oct 12 13:38:27 2015] [notice] Digest: done
    [Mon Oct 12 13:38:27 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
    [Mon Oct 12 13:38:53 2015] [error] [client 127.0.0.1] PHP Warning:  phpinfo() [<a href='function.phpinfo'>function.phpinfo</a>]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /usr/local/apache2/htdocs/1.php on line 3
    [Mon Oct 12 13:39:01 2015] [error] [client 192.168.0.101] PHP Warning:  phpinfo() [<a href='function.phpinfo'>function.phpinfo</a>]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /usr/local/apache2/htdocs/1.php on line 3
    [Mon Oct 12 13:39:02 2015] [error] [client 192.168.0.101] File does not exist: /usr/local/apache2/htdocs/favicon.ico
    [Mon Oct 12 13:43:21 2015] [notice] caught SIGTERM, shutting down
    [Wed Oct 21 00:13:39 2015] [notice] Digest: generating secret for digest authentication ...
    [Wed Oct 21 00:13:39 2015] [notice] Digest: done
    [Wed Oct 21 00:13:39 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
    [Wed Oct 21 00:26:51 2015] [error] [client 192.168.0.101] File does not exist: /data/www/static/js/common_postimg.js, referer: http://www.123.com/forum.php?mod=post&action=newthread&fid=2
    [Wed Oct 21 01:24:54 2015] [notice] SIGHUP received.  Attempting to restart
    [Wed Oct 21 01:24:54 2015] [notice] Digest: generating secret for digest authentication ...
    [Wed Oct 21 01:24:54 2015] [notice] Digest: done
    [Wed Oct 21 01:24:54 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
    [Wed Oct 21 01:34:30 2015] [notice] SIGHUP received.  Attempting to restart
    [Wed Oct 21 01:34:30 2015] [notice] Digest: generating secret for digest authentication ...
    [Wed Oct 21 01:34:30 2015] [notice] Digest: done
    [Wed Oct 21 01:34:30 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
    [Wed Oct 21 01:44:44 2015] [notice] SIGHUP received.  Attempting to restart
    [Wed Oct 21 01:44:44 2015] [notice] Digest: generating secret for digest authentication ...

    vhosts访问日志

    C:UsersNameDesktopapache 2015-10-26 logswww.123.com-access_20151021.log
    192.168.0.122 - - [21/Oct/2015:02:12:18 +0800] "GET /admin.php HTTP/1.1" 403 211 "http://www.123.com/forum.php?mod=viewthread&tid=1&extra=" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)"
    192.168.0.122 - - [21/Oct/2015:02:12:18 +0800] "GET /admin.php HTTP/1.1" 403 211 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)"

    vhosts错误日志

    www.123.com-error_20151021
    [Wed Oct 21 01:35:23 2015] [error] [client 127.0.0.1] File does not exist: /data/www/1jpeg
    [Wed Oct 21 01:45:49 2015] [error] [client 127.0.0.1] client denied by server configuration: /data/www/1.txt, referer: http://www.baidu.com/sdfsdf
    [Wed Oct 21 02:12:18 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=viewthread&tid=1&extra=
    [Wed Oct 21 02:12:18 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php
    [Wed Oct 21 02:12:28 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php
    [Wed Oct 21 02:12:28 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php
    [Wed Oct 21 02:13:24 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=viewthread&tid=1&extra=page%3D1
    [Wed Oct 21 02:13:24 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php
    [Wed Oct 21 02:14:48 2015] [error] [client 192.168.0.106] client denied by server configuration: /data/www/admin.php
    [Wed Oct 21 04:04:35 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=forumdisplay&fid=2
    [Wed Oct 21 04:04:35 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php
    [Wed Oct 21 04:04:51 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php
    [Wed Oct 21 04:04:51 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php

    安装centos的时候一定要最小化安装,否则会默认安装上rpm版的apache

    rpm -qa |grep httpd  ,公司台机不是最小化安装

    腾讯云也是已经安装rpm版httpd


    扩展阅读

    http://zhidao.baidu.com/link?url=wXZsevUwcgavOX6Sc3eBDHlA2ApifsdEvL4wBHYxODCmaK3VIFLFuDMecjhZZuVJPYJVou2zhHtnBRXeKTtRMa
    http://www.server110.com/apache/201310/1984.html

    /usr/local/apache/bin/apachectl -k start 启动apache服务是 -k 是什么意思呢?请大侠帮助,谢谢!

    是源于UNIX的kill命令向运行中的进程发送信号。

    apache官方的解释如下:

    为了停止或者重新启动Apache ,必须向正在运行的httpd进程发送信号。有两种发送信号的方法。第一种方法是直接使用UNIX的kill命令向运行中的进程发送信号。也许你会注意到你的系统里运行着很多httpd进程。但你不应该直接对它们中的任何一个发送信号,而只要对已经在PidFile中记载下了自身PID的父进程发送信号。也就是说,你不必对父进程以外的任何进程发送信号。你可以向父进程发送三种信号:TERM、HUP、USR1 。
    你可以用下面这样的命令来向父进程发送信号:
    kill -TERM `cat /usr/local/apache2/logs/httpd.pid`
    第二种方法是使用下面将要描述的httpd二进制可执行文件的 -k 命令行选项:stop、restart、graceful、graceful-stop 。
    不过推荐你使用apachectl控制脚本来向httpd二进制可执行文件传递这些选项。
    当你向httpd发送信号后,你可以这样来读取它的进行过程:

    tail -f /usr/local/apache2/logs/error_log


    比如--立即停止
    使用信号:TERM
    apachectl -k stop发送TERM或stop信号到父进程可以使它立刻杀死所有子进程。这将花费一些时间来杀死所有子进程。然后父进程自己也退出。所有进行中的请求将被强行中止,而且不再接受其它请求。


    其实在man httpd有这样一个介绍
    -k start|restart|graceful|stop|graceful-stop
    Signals httpd to start, restart, or stop. See Stopping Apache for more information.

    apachectl是Apache HTTP服务器的前端程序。其设计意图是帮助管理员控制Apache httpd后台守护进程
    apachectl脚本有两种操作模式。

    1、首先,作为简单的httpd的前端程序,设置所有必要的环境变量,然后启动httpd ,并传递所有的命令行参数

    2、其次,作为SysV初始化脚本,接受简单的一个单词的参数,如:start, restart, stop ,并把他们翻译为适当的信号发送给httpd


    如果你的Apache安装在非标准的路径中,你将需要修改apachectl脚本使其中的路径正确地指向httpd程序。此外,还可以指定任何必要的httpd命令行参数。细节可以参见脚本中的注解。
    apachectl脚本如果执行成功,则返回0 ;如果出错,则其返回值>0 。更多细节可以参见脚本中的注解。

    在扮演传递角色时,apachectl可以接受对httpd程序有效的所有参数。
    apachectl [ httpd-argument ]

    在SysV初始化模式中,apachectl只接受简单的一个单词的命令,如下:
    apachectl command

    下列仅说明了SysV初始化类型的选项,其他参数的说明见httpd手册页。

    start
    启动Apache httpd后台守护进程。如果已经启动,则产生一个错误。它等价于 apachectl -k start 。
    stop
    停止Apache httpd后台守护进程。它等价于 apachectl -k stop 。
    restart
    重新启动Apache httpd后台守护进程。如果守护进程尚未运行,则启动它。在重新启动守护进程之前,此命令会使用configtest自动检查配置文件,以确保Apache不会死掉。它等价于 apachectl -k restart 。
    fullstatus
    显示由mod_status提供的完整的状态报告。要使用这个功能,需要启用服务器上的mod_status模块,并且系统中有一个基于文本的浏览器,如lynx 。修改脚本中的STATUSURL变量,可以修改访问状态报告的URL 。
    status
    显示一个简要的状态报告。它类似于fullstatus选项,但是省略了正在处理的请求的列表。
    graceful
    优雅地重新启动Apache httpd后台守护进程。如果守护进程尚未启动,则启动它。它和标准重新启动的不同之处在于:不会中断当前已经打开的连接,也不会立即关闭日志。这意味着,如果在日志滚动脚本使用它,则在处理日志之前必须加入一个实实在在的延迟,以确保老的日志文件在被处理前已经关闭。在重新启动守护进程之前,此命令会使用configtest自动检查配置文件,以确保Apache不会死掉。它等价于 apachectl -k graceful 。
    graceful-stop
    优雅地停止Apache httpd后台守护进程。它和标准停止的不同之处在于:不会中断当前已经打开的连接,也不会立即关闭日志。它等价于 apachectl -k graceful-stop 。
    configtest
    执行一次配置文件语法检查。它解析配置文件,并报告 Syntax Ok 或者是特定的语法错误详细信息。它等价于 apachectl -t 。
    下列选项仅在早期版本中使用,现在已经被废弃了。
    startssl
    以支持SSL的方式启动httpd ,你应当编辑配置文件,并在其中包含与SSL支持相关的指令,然后使用 apachectl start 启动服务器。


    伪静态
    http://baike.baidu.com/link?url=I-21EmJmbOmzvK6HuhS1-R39lITINPdgHPeIrSMiuf9PxRcryz8hSWX5E5FzkuZs8qihikAGQUifbQuZGdhOo4PSDZQg4k41dX2Xk6pvXsOHNpbHiaPXpi0pjC9JfMc2
    伪静态是相对真实静态来讲的,通常我们为了增强搜索引擎的友好面,都将文章内容生成静态页面,但是有的朋友为了实时的显示一些信息。或者还想运用动态脚本解决一些问题。不能用静态的方式来展示网站内容。但是这就损失了对搜索引擎的友好面。怎么样在两者之间找个中间方法呢,这就产生了伪静态技术。就是展示出来的是以html一类的静态页面形式,但其实是用ASP一类的动态脚本来处理的。
    用IIS的404错误处理机制来实现的。这个比rewrite技术要灵活的多。

    这样。用户或蜘蛛看到的URL还是他访问的URL.而我们对内容的处理上可以用到了动态技术。这就是我们想要的结果。说得简单了一些。但是基本思路就是这样了。

    区别静态
    从URL结构以及页面名称看,伪静态和静态页面是一样的。伪静态的页面后缀可以是html htm 或者是目录格式
    伪静态只是改变了URL的表现形式,实际上还是动态页面
    静态页面可以节省服务器资源,而伪静态严格说是增加服务器资源消耗的
    总结,在SEO方面,伪静态和静态页面的功能是相同的,但是伪静态本质上还是动态页面,所以消耗资源是和动态页面一样的,而且因为Rewrite服务器还需要消耗额外的资源。

    logstash的角色:shipper和indexer   P83

    logstash作为无状态的软件,配合消息队列系统,可以做线性扩展,两个消息队列系统:kafka和redis

    rsyslog    P95
    rsyslog从v6版本开始,设计了一套rainerscript作为配置中的DSL
    rsyslog从v7版本开始带有omelasticsearch插件可以直接写入数据到elasticsearch集群
    rsyslog当前官方稳定版是v8

    rpm -qa|grep syslog
    rsyslog-5.8.10-10.el6_6.x86_64

    f

  • 相关阅读:
    MongoDB 部署复制集(副本集)
    MongoDB shell 2 副本集方法
    MongoDB shell 1 数据库方法
    MongoDB shell 0 集合方法
    CentOS7 安装 zabbix
    MongoDB Shell db.runCommand
    MongoDB Index
    MongoDB 启动报错
    MongoDB 聚合查询报错
    MongoDB 聚合函数
  • 原文地址:https://www.cnblogs.com/MYSQLZOUQI/p/4883828.html
Copyright © 2011-2022 走看看