第十八次课 LAMP架构(二)
目录
一、Apache默认虚拟主机
二、Apache用户认证
三、域名跳转
四、Apache访问日志
五、访问日志不记录静态文件
六、访问日志切割
七、静态元素过期时间
八、扩展
一、Apache默认虚拟主机
虚拟主机指的是在单一机器上运行多个网站,每一个网站实际就是一个虚拟主机。虚拟主机可以"基于IP",即每个IP一个站点; 或者"基于名称", 即每个IP多个站点。也可以是基于端口。目前常用的是基于名称的虚拟主机。
如果在包含最具体匹配IP地址和端口组合的虚拟主机集中找不到匹配的ServerName或ServerAlias,则将使用与之匹配的第一个列出的虚拟主机。这个主机就是默认的虚拟主机。
在apache全局配置文件httpd.conf中定义了默认的虚拟主机、网站目录以及首页index.html
[root@localhost conf]# grep -E "DocumentRoot|index.html|ServerName" /usr/local/apache2.4/conf/httpd.conf
//默认虚拟主机的网站域名是ServerName下面定义的域名。默认网站只能定义一个域名
# ServerName gives the name and port that the server uses to identify itself.
ServerName localhost:80
//默认虚拟主机的网站目录
# DocumentRoot: The directory out of which you will serve your
DocumentRoot "/usr/local/apache2.4/htdocs"
DirectoryIndex index.html index.php
# access content that does not live under the DocumentRoot.
测试默认虚拟主机的访问
本机win10
Apache Web Server地址:10.0.1.212
在本机添加hosts解析记录(C:\Windows\System32\drivers\etc\hosts)
//以管理员权限启动记事本,然后打开hosts文件,增加如下内容
10.0.1.212 a.com b.com
//进入windows的命令行界面,测试解析设置是否成功(win键+R→输入cmd→ENTER)
C:\Users\kennminn>ping a.com
正在 Ping a.com [10.0.1.212] 具有 32 字节的数据:
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
10.0.1.212 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-C
C:\Users\kennminn>ping b.com
正在 Ping a.com [10.0.1.212] 具有 32 字节的数据:
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
10.0.1.212 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-C
通过win10浏览器访问a.com和b.com,均可正常访问默认主机的默认主页。因为当前Apache Web Server还没有其他的虚拟主机。所以都是定位到默认主机。
//默认虚拟主机,默认主页内容
[root@localhost conf]# cat /usr/local/apache2.4/htdocs/index.html
<html><body><h1>It works!</h1></body></html>
多虚拟主机配置
1.在全局配置文件中开启虚拟主机子配置文件
[root@localhost conf]# grep 'httpd-vhost' /usr/local/apache2.4/conf/httpd.conf
//取消注释
Include conf/extra/httpd-vhosts.conf
2.编辑httpd-vhosts
[root@localhost conf]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
//添加如下内容
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/a.com"
ServerName a.com
ServerAlias aaa.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
</VirtualHost>
3.添加虚拟主机目录及测试文件
[root@localhost conf]# mkdir -p /usr/local/apache2.4/htdocs/{a,b}.com
[root@localhost conf]# ls -l !$
ls -l /usr/local/apache2.4/htdocs/{a,b}.com
/usr/local/apache2.4/htdocs/a.com:
total 0
/usr/local/apache2.4/htdocs/b.com:
total 0
[root@localhost conf]# cd /usr/local/apache2.4/htdocs/
[root@localhost htdocs]# ls
1.php a.com b.com index.html
[root@localhost htdocs]# echo "I am a.com." >a.com/a.html
[root@localhost htdocs]# echo "I am b.com." >b.com/b.html
[root@localhost htdocs]# tree
.
├── 1.php
├── a.com
│ └── a.html
├── b.com
│ └── b.html
└── index.html
2 directories, 4 files
4.测试配置文件及重载
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl graceful
5.验证
在win10主机添加aaa.com的主机解析记录
//以管理员权限启动记事本,然后打开hosts文件,增加如下内容
10.0.1.212 aaa.com
10.0.1.212 unknown.com
//验证记录加添成功
C:\Users\kennminn>ping aaa.com
正在 Ping aaa.com [10.0.1.212] 具有 32 字节的数据:
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
10.0.1.212 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-C
C:\Users\kennminn>ping unknown.com
正在 Ping unknown.com [10.0.1.212] 具有 32 字节的数据:
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
来自 10.0.1.212 的回复: 字节=32 时间<1ms TTL=64
10.0.1.212 的 Ping 统计信息:
数据包: 已发送 = 2,已接收 = 2,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-C
验证虚拟主机配置成功
本地验证:
[root@localhost apache2.4]# curl -x127.0.0.1:80 a.com
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<ul><li><a href="a.html"> a.html</a></li>
</ul>
</body></html>
[root@localhost apache2.4]# curl -x127.0.0.1:80 aaa.com
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<ul><li><a href="a.html"> a.html</a></li>
</ul>
</body></html>
[root@localhost apache2.4]# curl -x127.0.0.1:80 b.com
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
[root@localhost apache2.4]# curl -x127.0.0.1:80 unknown.com
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<ul><li><a href="a.html"> a.html</a></li>
</ul>
</body></html>
远程浏览器验证
此时的默认虚拟主机已经变为httpd-vhosts.conf配置文件中的第一个虚拟主机。即a.com, 全局配置中的默认虚拟主机失效。
二、Apache用户认证
有时候为满足特殊的安全需求,需要对网站或网站的特定页访问进行验证,然后才可以访问网站的相应内容,例如网站的后台管理页面,可以通过开启apache的用户认证功能来实现。
实现过程(以b.com为例)
1.修改/usr/local/apache2.4/conf/extra/httpd-vhosts.conf文件
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
//指定需要访问认证的网站目录
<Directory /usr/local/apache2.4/htdocs/b.com>
//打开认证的开关
AllowOverride AuthConfig
//自定义认证的名字,作用不大
AuthName "b user auth"
//认证的类型,一般为Basic
AuthType Basic
//指定用户与密码文件所在位置
AuthUserFile /usr/local/apache2.4/.htpasswd
//指定需要认证的用户为全部可用用户,即.htpasswd文件里设定的用户。
Require valid-user
</Directory>
2.创建用户与密码文件:-c选项是创建、-m选项是使用md5加密算法,user01是认证用户名
[root@localhost apache2.4]# /usr/local/apache2.4/bin/htpasswd -c -m /usr/local/apache2.4/.htpasswd user01
New password:
Re-type new password:
Adding password for user user01
3.测试配置文件及重载
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost apache2.4]# /usr/local/apache2.4/bin/apachectl graceful
4.验证
本地验证
[root@localhost apache2.4]# curl -x127.0.0.1:80 b.com -I
//401错,报未授权
HTTP/1.1 401 Unauthorized
Date: Thu, 28 Jun 2018 04:59:10 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="b user auth"
Content-Type: text/html; charset=iso-8859-1
//密码错,也是401未授权
[root@localhost apache2.4]# curl -x127.0.0.1:80 -uuser01:1234567 b.com -I
HTTP/1.1 401 Unauthorized
Date: Thu, 28 Jun 2018 05:01:31 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="b user auth"
Content-Type: text/html; charset=iso-8859-1
//正确验证
[root@localhost apache2.4]# curl -x127.0.0.1:80 -uuser01:123456 b.com -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 05:01:20 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Content-Type: text/html;charset=ISO-8859-1
远程验证
输入错误的用户名密码或不输入
输入正确的用户名密码
也可以对单个页面进行访问认证。通过 <FilesMatch 页面> 标签进行设定,还是以(b.com为例)
1.在b.com目录下添加index.php页面,并测试访问
[root@localhost b.com]# vim index.php
//内容如下
<?php
echo "I am bbbbb"
?>
[root@localhost b.com]# curl -x127.0.0.1:80 b.com/index.php -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 05:56:51 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
2.修改/usr/local/apache2.4/conf/extra/httpd-vhosts.conf配置文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
//内容如下
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
# <Directory /usr/local/apache2.4/htdocs/b.com>
# AllowOverride AuthConfig
# AuthName "b user auth"
# AuthType Basic
# AuthUserFile /usr/local/apache2.4/.htpasswd
# Require valid-user
# </Directory>
<FilesMatch index.php>
AllowOverride AuthConfig
AuthName "111 user auth"
AuthType Basic
AuthUserFile /usr/local/apache2.4/.htpasswd
require valid-user
</FilesMatch>
</VirtualHost>
3.测试配置文件及重载
[root@localhost b.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost b.com]# /usr/local/apache2.4/bin/apachectl graceful
4.验证
本地验证
//401未授权,需要认证
[root@localhost b.com]# curl -x127.0.0.1:80 b.com/index.php -I
HTTP/1.1 401 Unauthorized
Date: Thu, 28 Jun 2018 06:00:49 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111 user auth"
Content-Type: text/html; charset=iso-8859-1
//不正确的用户名密码或不输入
[root@localhost b.com]# curl -x127.0.0.1:80 -uuser01:1234567 b.com/index.php -I
HTTP/1.1 401 Unauthorized
Date: Thu, 28 Jun 2018 06:02:20 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111 user auth"
Content-Type: text/html; charset=iso-8859-1
//输入正确的用户名密码
[root@localhost b.com]# curl -x127.0.0.1:80 -uuser01:123456 b.com/index.php -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 06:02:26 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
//本次验证用的用户名和密码用的目录验证的用户名密码。如果需新成用户名密码,重新执行
/usr/local/apache2.4/bin/htpasswd -m /usr/local/apache2.4/.htpasswd username(新的用户名)即可
远程验证
未输入正确的用户名、密码或未输入
输入正确的用户名密码
三、域名跳转
在用Apache做web服务器的时候,有的时候需要将输入的URL转换成另一个URL。这可以通过Apache的rewrite功能实现。
Rewirte主要的功能就是实现URL的跳转,它的正则表达式是基于 Perl语言。可基于服务器级的(httpd.conf)和目录级的 (.htaccess)两种方式。如果要想用到rewrite模块,必须先安装或加载rewrite模块。方法有两种一种是编译apache的时候就直接 安装rewrite模块,别一种是编译apache时以DSO模式安装apache,然后再利用源码和apxs来安装rewrite模块。
如需从a.com跳转到aaa.com
1.在apache的全局配置文件中启用rewrite模块
[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf
//取消该句注释,开启rewrite功能
#LoadModule rewrite_module modules/mod_rewrite.so
2.编辑/usr/local/apache2.4/conf/extra/httpd-vhosts.conf文件
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
//添加规则
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/a.com"
ServerName a.com
ServerAlias a.com aaa.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" common
//添加该段规则
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^aaa.com$
RewriteRule ^/(.*)$ http://aaa.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
3.测试配置文件及重载
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
4.测试
测试
[root@localhost htdocs]# curl -x127.0.0.1:80 a.com -I
HTTP/1.1 301 Moved Permanently
Date: Fri, 29 Jun 2018 01:28:15 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Location: http://aaa.com/
Content-Type: text/html; charset=iso-8859-1
[root@localhost htdocs]# curl -x127.0.0.1:80 a.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://aaa.com/">here</a>.</p>
</body></html>
四、Apache访问日志
Apache的访问日志是在虚拟主机子配置文件httpd-vhosts.conf中定义的,一个虚拟主机对应一个错误日志和访问日志。
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/a.com"
ServerName a.com
ServerAlias a.com aaa.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" common
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^aaa.com$
RewriteRule ^/(.*)$ http://aaa.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
# <Directory /usr/local/apache2.4/htdocs/b.com>
# AllowOverride AuthConfig
# AuthName "b user auth"
# AuthType Basic
# AuthUserFile /usr/local/apache2.4/.htpasswd
# Require valid-user
# </Directory>
# <FilesMatch index.php>
# AllowOverride AuthConfig
# AuthName "b user auth"
# AuthType Basic
# AuthUserFile /usr/local/apache2.4/.htpasswd
# require valid-user
# </FilesMatch>
</VirtualHost>
[root@localhost htdocs]# ls /usr/local/apache2.4/logs/
access_log a.com-access_log a.com-error_log b.com-access_log b.com-error_log error_log httpd.pid
虚拟主机日志查看(以a.com的访问日志为例)
[root@localhost logs]# tail a.com-access_log
10.0.1.229 - - [28/Jun/2018:21:17:56 -0400] "GET /index.html HTTP/1.1" 404 208
10.0.1.229 - - [28/Jun/2018:21:18:08 -0400] "GET /index.html HTTP/1.1" 404 208
10.0.1.229 - - [28/Jun/2018:21:20:31 -0400] "GET /index.html HTTP/1.1" 200 23
10.0.1.229 - - [28/Jun/2018:21:20:56 -0400] "GET /index.html HTTP/1.1" 304 -
10.0.1.229 - - [28/Jun/2018:21:23:16 -0400] "GET / HTTP/1.1" 301 223
10.0.1.229 - - [28/Jun/2018:21:23:16 -0400] "GET / HTTP/1.1" 200 23
10.0.1.229 - - [28/Jun/2018:21:25:26 -0400] "GET / HTTP/1.1" 301 223
10.0.1.229 - - [28/Jun/2018:21:25:26 -0400] "GET / HTTP/1.1" 304 -
127.0.0.1 - - [28/Jun/2018:21:28:15 -0400] "HEAD HTTP://a.com/ HTTP/1.1" 301 -
127.0.0.1 - - [28/Jun/2018:21:28:49 -0400] "GET HTTP://a.com/ HTTP/1.1" 301 223
//也可以用tail -f logfile动态跟踪日志文件。
[root@localhost logs]# tail -f a.com-access_log
10.0.1.229 - - [28/Jun/2018:21:17:56 -0400] "GET /index.html HTTP/1.1" 404 208
10.0.1.229 - - [28/Jun/2018:21:18:08 -0400] "GET /index.html HTTP/1.1" 404 208
10.0.1.229 - - [28/Jun/2018:21:20:31 -0400] "GET /index.html HTTP/1.1" 200 23
10.0.1.229 - - [28/Jun/2018:21:20:56 -0400] "GET /index.html HTTP/1.1" 304 -
10.0.1.229 - - [28/Jun/2018:21:23:16 -0400] "GET / HTTP/1.1" 301 223
10.0.1.229 - - [28/Jun/2018:21:23:16 -0400] "GET / HTTP/1.1" 200 23
10.0.1.229 - - [28/Jun/2018:21:25:26 -0400] "GET / HTTP/1.1" 301 223
10.0.1.229 - - [28/Jun/2018:21:25:26 -0400] "GET / HTTP/1.1" 304 -
127.0.0.1 - - [28/Jun/2018:21:28:15 -0400] "HEAD HTTP://a.com/ HTTP/1.1" 301 -
127.0.0.1 - - [28/Jun/2018:21:28:49 -0400] "GET HTTP://a.com/ HTTP/1.1" 301 223
访问日志的格式定义在apache的全局配置文件/usr/local/apache2.4/conf/httpd.conf
[root@localhost logs]# grep -A 7 'IfModule log_config_module' /usr/local/apache2.4/conf/httpd.conf
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
//通常用common级的日志,但是记录的内容比较简单,如需更详细的记录,可以开启combined级的日志记录
//combined级的日志记录:包含Referer信息:访问页面的上一级链接,User-Agent信息:用户代理,用户访问页面使用的工具:浏览器、curl等。
对虚拟主机开启combined级日志功能
[root@localhost logs]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/a.com"
ServerName a.com
ServerAlias a.com aaa.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" combined
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^aaa.com$
RewriteRule ^/(.*)$ http://aaa.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
测试
//未重载配置时
[root@localhost ~]# curl -x127.0.0.1:80 a.com -I
HTTP/1.1 301 Moved Permanently
Date: Fri, 29 Jun 2018 01:51:51 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Location: http://aaa.com/
Content-Type: text/html; charset=iso-8859-1
//日志内容
127.0.0.1 - - [28/Jun/2018:21:28:15 -0400] "HEAD HTTP://a.com/ HTTP/1.1" 301 -
127.0.0.1 - - [28/Jun/2018:21:28:49 -0400] "GET HTTP://a.com/ HTTP/1.1" 301 223
127.0.0.1 - - [28/Jun/2018:21:51:47 -0400] "GET HTTP://a.com/ HTTP/1.1" 301 223
127.0.0.1 - - [28/Jun/2018:21:51:51 -0400] "HEAD HTTP://a.com/ HTTP/1.1" 301 -
//重载配置文件后通过浏览器访问
10.0.1.229 - - [28/Jun/2018:21:54:20 -0400] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
五、访问日志不记录静态文件
apache的访问日志会记录网站每个文件被获取的信息,这样日志信息量会很大,我们排查日志的时候不容易筛选有用的记录。我们可以把静态文件的日志设置为不记录,提高我们排查日志信息的效率
编辑Apache的子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
# SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common env=!img
</VirtualHost>
测试配置文件及重载
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
再访问网站下的图片文件,查看日志已不在记录图片的访问日志了。
//此时,对PNG文件的访问有记录,但是对jpg等其他格式图片的访问没有记录
10.0.1.229 - user01 [28/Jun/2018:23:24:52 -0400] "GET /index.php HTTP/1.1" 200 10 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
127.0.0.1 - - [28/Jun/2018:23:25:28 -0400] "GET HTTP://b.com/ HTTP/1.1" 200 201 "-" "curl/7.29.0"
127.0.0.1 - - [28/Jun/2018:23:25:32 -0400] "HEAD HTTP://b.com/ HTTP/1.1" 200 - "-" "curl/7.29.0"
10.0.1.229 - user01 [28/Jun/2018:23:26:09 -0400] "GET /index.php HTTP/1.1" 200 10 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:26:15 -0400] "GET /img HTTP/1.1" 301 225 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:26:15 -0400] "GET /img/ HTTP/1.1" 200 670 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:26:18 -0400] "GET /img/Screenshot_20180627-211800.png HTTP/1.1" 200 136973 "http://b.com/img/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:26:47 -0400] "GET /img/ HTTP/1.1" 200 714 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
10.0.1.229 - - [28/Jun/2018:23:27:02 -0400] "GET /img/indexphp.png HTTP/1.1" 200 18917 "http://b.com/img/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
六、访问日志切割
随着网站访问量的增大,网站的访问日志文件也会变得很大,为了保持磁盘空间,方便日志的管理(如查询、备份、删除历史日志等。),我们需要对日志进行切割操作,可以以天为单位将日志独立切割出来。
在/usr/local/apache2.4/conf/extra/httpd-vhosts.conf配置文件下进行设定:
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
ErrorLog "logs/b.com-error_log"
//%y%m%d以年月日命名,86400秒即1天切割一次。rotatelogs是apache的切割日志工具。
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/b.com-access_%y%m%d.log 86400" common env=!img
</VirtualHost>
重载配置文件后
结果如下
[root@localhost ~]# ls /usr/local/apache2.4/logs/
//对b.com的日志设置生效。
access_log a.com-access_log a.com-error_log b.com-access_180628.log b.com-access_log b.com-error_log error_log httpd.pid
七、静态元素过期时间
浏览器访问网站,获取的图片、css等静态元素会保存在本地电脑缓存文件夹里,方便下次再此访问的时候提高访问速度。我们也可以在服务器端设置这些静态元素的过期时间,可以减网站的带宽压力。
在apache子配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf里设定:是通过expires模块实现的。
在编译apache的时候指定了参数mods=most,该模块已经编译进来。
首先在apache全局配置文件里启用该模块
[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf
//取消注释
LoadModule expires_module modules/mod_expires.so
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
然后在apache子配置文件中设定
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin root
DocumentRoot "/usr/local/apache2.4/htdocs/b.com"
ServerName b.com
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
ErrorLog "logs/b.com-error_log"
#%y%m%d以年月日命名,86400秒即1天切割一次。rotatelogs是apache的切割日志工具。
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/b.com-access_%y%m%d.log 86400" common env=!img
//增加该段配置
<IfModule mod_expires.c>
ExpiresActive on // 打开该功能的开关
ExpiresByType image/gif "access plus 1 days" //gif类型文件的失效时间是1天
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
</VirtualHost>
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]# curl -x127.0.0.1:80 b.com/img/b.com.jpg -I
HTTP/1.1 200 OK
Date: Fri, 29 Jun 2018 03:46:29 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Last-Modified: Thu, 28 Jun 2018 03:08:53 GMT
ETag: "4117-56fab0d131b40"
Accept-Ranges: bytes
Content-Length: 16663
Cache-Control: max-age=86400
Expires: Sat, 30 Jun 2018 03:46:29 GMT
Content-Type: image/jpeg
可以根据自己的需求对每种静态元素类型单独设置。
八、扩展
apache虚拟主机开启php的短标签 http://ask.apelearn.com/question/5370
apache日志记录代理IP以及真实客户端IP http://ask.apelearn.com/question/960
apache只记录指定URI的日志 http://ask.apelearn.com/question/981
apache日志记录客户端请求的域名 http://ask.apelearn.com/question/1037
apache 日志切割问题 http://ask.apelearn.com/question/566
参考链接