zoukankan      html  css  js  c++  java
  • nginx实战六

    Nginx错误日志

    https://coding.net/u/aminglinux/p/nginx/git/blob/master/log/error.md

    Nginx错误日志平时不用太关注,但是一旦出了问题,就需要借助错误日志来判断问题所在。
    
    配置参数格式:error_log /path/to/log level;
    
    常见的错误日志级别有debug | info | notice | warn | error | crit | alert | emerg
    级别越高记录的信息越少,如果不定义,默认级别为error.
    
    它可以配置在main、http、server、location段里。
    
    如果在配置文件中定义了两个error_log,在同一个配置段里的话会产生冲突,所以同一个段里只允许配置一个error_log。
    但是,在不同的配置段中出现是没问题的。
    
    error_log  /var/log/nginx/error.log crit;
    
    如果要想彻底关闭error_log,需要这样配置
    error_log /dev/null;

    1.实验:编辑nginx主配置文件将error级别配置为crit

    [root@centos-03 conf]# vim nginx.conf
    #error_log  logs/error.log;
    error_log  logs/error.log  crit;
    #error_log  logs/error.log  info;
    
    [root@centos-03 conf]# vim vhost/1.conf 
    
    server {
            listen 80;
            server_name www.123.com;
            index index.html;
            root /data/wwwroot/www.1.com;
            rewrite_log on;
            location /
            {
                    rewrite /123.html /1.html redirect;
                    error_log /tmp/nginx.err debug;
            }
    }
    
    [root@centos-03 conf]# /usr/local/nginx/sbin/nginx -s reload  
    [root@centos-03 conf]# 

    2.清空日志内容

    [root@centos-03 conf]# > /tmp/nginx.err 
    [root@centos-03 conf]# > /usr/local/nginx/logs/error.log 
    [root@centos-03 conf]# 
    

    3.我们访问一个不存在的文件,错误日志没有记录,虚拟主机定义的有记录

    [root@centos-03 conf]# curl www.123.com/123
    <html>
    <head><title>404 Not Found</title></head>
    <body bgcolor="white">
    <center><h1>404 Not Found</h1></center>
    <hr><center>nginx/1.14.0</center>
    </body>
    </html>
    [root@centos-03 conf]# cat /usr/local/nginx/logs/error.log 
    [root@centos-03 conf]# cat /tmp/nginx.err 
    2018/07/28 16:07:53 [notice] 29883#0: *71 "/123.html" does not match "/123", client: 127.0.0.1, server: www.123.com, request: "GET /123 HTTP/1.1", host: "www.123.com"
    2018/07/28 16:07:53 [error] 29883#0: *71 open() "/data/wwwroot/www.1.com/123" failed (2: No such file or directory), client: 127.0.0.1, server: www.123.com, request: "GET /123 HTTP/1.1", host:
    "www.123.com" 2018/07/28 16:07:53 [info] 29883#0: *71 client 127.0.0.1 closed keepalive connection [root@centos-03 conf]#
    [root@centos-03 conf]# curl www.123.com/123.html
    <html>
    <head><title>302 Found</title></head>
    <body bgcolor="white">
    <center><h1>302 Found</h1></center>
    <hr><center>nginx/1.14.0</center>
    </body>
    </html>
    [root@centos-03 conf]# cat /tmp/nginx.err       
    2018/07/28 16:07:53 [notice] 29883#0: *71 "/123.html" does not match "/123", client: 127.0.0.1, server: www.123.com, request: "GET /123 HTTP/1.1", host: "www.123.com"
    2018/07/28 16:07:53 [error] 29883#0: *71 open() "/data/wwwroot/www.1.com/123" failed (2: No such file or directory), client: 127.0.0.1, server: www.123.com, request: "GET /123 HTTP/1.1", host:
    "www.123.com" 2018/07/28 16:07:53 [info] 29883#0: *71 client 127.0.0.1 closed keepalive connection 2018/07/28 16:10:30 [notice] 29883#0: *72 "/123.html" matches "/123.html", client: 127.0.0.1, server: www.123.com, request: "GET /123.html HTTP/1.1", host: "www.123.com" 2018/07/28 16:10:30 [notice] 29883#0: *72 rewritten redirect: "/1.html", client: 127.0.0.1, server: www.123.com, request: "GET /123.html HTTP/1.1", host: "www.123.com" 2018/07/28 16:10:30 [info] 29883#0: *72 client 127.0.0.1 closed keepalive connection [root@centos-03 conf]#

    Nginx访问日志-日志格式

    https://coding.net/u/aminglinux/p/nginx/git/blob/master/log/format.md

    https://coding.net/u/aminglinux/p/nginx/git/blob/master/log/acclog.md

    Nginx访问日志格式

    Nginx访问日志可以设置自定义的格式,来满足特定的需求。
    
    访问日志格式示例
    示例1
        log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
        '$host "$request_uri" $status'
        '"$http_referer" "$http_user_agent"';
    
    示例2
        log_format main '$remote_addr [$time_local] '
        '$host "$request_uri" $status "$request"'
        '"$http_referer" "$http_user_agent" "$request_time"';
    
    若不配置log_format或者不在access_log配置中指定log_format,则默认格式为:
        '$remote_addr - $remote_user [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent";
    

    常见变量

    变量	说明
    $time_local	通用日志格式下的本地时间;(服务器时间)
    $remote_addr	客户端(用户)IP地址
    $status	请求状态码,如200,404,301,302等
    $body_bytes_sent	发送给客户端的字节数,不包括响应头的大小
    $bytes_sent	发送给客户端的总字节数
    $request_length	请求的长度(包括请求行,请求头和请求正文)
    $request_time	请求处理时间,单位为秒,小数的形式
    $upstream_addr	集群轮询地址
    $upstream_response_time	指从Nginx向后端(php-cgi)建立连接开始到接受完数据然后关闭连接为止的时间
    $remote_user	用来记录客户端用户名称
    $request	请求方式(GET或者POST等)+URL(包含$request_method,$host,$request_uri)
    $http_user_agent	用户浏览器标识
    $http_host	请求的url地址(目标url地址)的host
    $host	等同于$http_host
    $http_referer	来源页面,即从哪个页面转到本页,如果直接在浏览器输入网址来访问,则referer为空
    $uri	请求中的当前URI(不带请求参数,参数位于$args),不同于浏览器传递的$request_uri的值,它可以通过内部重定向,或者使用index指令进行修改。
    $document_uri	等同于$uri
    $request_uri	比$uri多了参数,即$uri+$args
    $http_x_forwarded_for	如果使用了代理,这个参数会记录代理服务器的ip和客户端的ip    

    实验:

    1.查看或编辑nginx主配置文件

    [root@centos-03 conf]# vim nginx.conf
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for" $host $server_
    port';
    

    2.配置虚拟主机的访问日志文件  

    [root@centos-03 conf]# vim vhost/1.conf 
    server {
            listen 80;
            server_name www.123.com;
            index index.html;
            root /data/wwwroot/www.1.com;
            rewrite_log on;
            location /
            {
                    rewrite /123.html /1.html redirect;
                    error_log /tmp/nginx.err debug;
                    access_log /tmp/123.com.log main;
            }
    }
    

    3.测试

    [root@centos-03 conf]# /usr/local/nginx/sbin/nginx -s reload 
    [root@centos-03 conf]# curl www.123.com/123.html            
    <html>
    <head><title>302 Found</title></head>
    <body bgcolor="white">
    <center><h1>302 Found</h1></center>
    <hr><center>nginx/1.14.0</center>
    </body>
    </html>
    [root@centos-03 conf]# cat /tmp/123.com.log 
    127.0.0.1 - - [28/Jul/2018:17:09:52 +0800] "GET /123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 80
    [root@centos-03 conf]# 
    

    配置Nginx访问日志 

    1.生产机上访问日记格式加上$http_x_forwarded_for这样就可以接收到代理ip了

    实验:编辑配置文件为8080端口

    root@centos-03 vhost]# vim 1.conf 
    server {
            listen 8080;
            server_name www.123.com;
            index index.html;
            root /data/wwwroot/www.1.com;
            rewrite_log on;
            location /
            {
                    rewrite /123.html /1.html redirect;
                    error_log /tmp/nginx.err debug;
                    access_log /tmp/123.com.log main;
            }
    }
    

    2.新建代理虚拟主机

    [root@centos-03 vhost]# vim proxy.conf
    server
    {
            listen 80;
            server_name www.123.com;
    
            location /
            {
                    proxy_pass http://192.168.242.133:8080/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    }
    
    [root@centos-03 vhost]# /usr/local/nginx/sbin/nginx -s reload
    [root@centos-03 vhost]# curl -x127.0.0.1:8080 www.123.com/123.html (不用代理访问)
    <html>
    <head><title>302 Found</title></head>
    <body bgcolor="white">
    <center><h1>302 Found</h1></center>
    <hr><center>nginx/1.14.0</center>
    </body>
    </html>
    [root@centos-03 vhost]# cat /tmp/123.com.log 
    127.0.0.1 - - [28/Jul/2018:17:09:52 +0800] "GET /123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 80
    127.0.0.1 - - [28/Jul/2018:17:50:37 +0800] "GET HTTP://www.123.com/123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 8080
    [root@centos-03 vhost]# 
    
    [root@centos-03 vhost]# curl -x127.0.0.1:80 www.123.com/123.html   (代理访问)
    <html>
    <head><title>302 Found</title></head>
    <body bgcolor="white">
    <center><h1>302 Found</h1></center>
    <hr><center>nginx/1.14.0</center>
    </body>
    </html>
    [root@centos-03 vhost]# cat /tmp/123.com.log 
    127.0.0.1 - - [28/Jul/2018:17:09:52 +0800] "GET /123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 80
    127.0.0.1 - - [28/Jul/2018:17:50:37 +0800] "GET HTTP://www.123.com/123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 8080
    192.168.242.133 - - [28/Jul/2018:17:52:23 +0800] "GET /123.html HTTP/1.0" 302 161 "-" "curl/7.29.0" "127.0.0.1" www.123.com 8080
    [root@centos-03 vhost]# 
    

    3.再加一层代理试试能获取到ip吗

    [root@centos-03 vhost]# vim proxy2.conf
    server
    {
            listen 8000;
            server_name www.123.com;
    
            location /
            {
                    proxy_pass http://192.168.242.133/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    }
    

    4.用8000端口访问

    [root@centos-03 vhost]# /usr/local/nginx/sbin/nginx -s reload  
    [root@centos-03 vhost]# curl -x127.0.0.1:8000 www.123.com/123.html
    <html>
    <head><title>302 Found</title></head>
    <body bgcolor="white">
    <center><h1>302 Found</h1></center>
    <hr><center>nginx/1.14.0</center>
    </body>
    </html>
    [root@centos-03 vhost]# !cat
    cat /tmp/123.com.log 
    127.0.0.1 - - [28/Jul/2018:17:09:52 +0800] "GET /123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 80
    127.0.0.1 - - [28/Jul/2018:17:50:37 +0800] "GET HTTP://www.123.com/123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 8080
    192.168.242.133 - - [28/Jul/2018:17:52:23 +0800] "GET /123.html HTTP/1.0" 302 161 "-" "curl/7.29.0" "127.0.0.1" www.123.com 8080
    192.168.242.133 - - [28/Jul/2018:18:06:21 +0800] "GET /123.html HTTP/1.0" 302 161 "-" "curl/7.29.0" "127.0.0.1, 192.168.242.133" www.123.com 8080
    [root@centos-03 vhost]# 
    

    Nginx日志过滤指定文件

    https://coding.net/u/aminglinux/p/nginx/git/blob/master/log/filter.md

    一个网站,会包含很多元素,尤其是有大量的图片、js、css等静态元素。
    这样的请求其实可以不用记录日志。
    
    location ~* ^.+.(gif|jpg|png|css|js)$ 
    {
        access_log off;
    }
    
    或
    location ~* ^.+.(gif|jpg|png|css|js)$                                      
    {
        access_log /dev/null;
    }

    实验:

    [root@centos-03 vhost]# vim 1.conf 
    server {
            listen 8080;
            server_name www.123.com;
            index index.html;
            root /data/wwwroot/www.1.com;
            rewrite_log on;
            location /
            {
                    rewrite /123.html /1.html redirect;
                    error_log /tmp/nginx.err debug;
            }
            location ~* '(css|js|png|jpg|gif|rar|mp4)$'
            {
                    access_log off;
                    #access_log /dev/null;
            }
            access_log /tmp/123.com.log main;
    }

    访问测试,我们访问css的文件时没有记录日志,访问css1记录了日志

    [root@centos-03 vhost]# curl -x127.0.0.1:8000 www.123.com/123.css
    <html>
    <head><title>404 Not Found</title></head>
    <body bgcolor="white">
    <center><h1>404 Not Found</h1></center>
    <hr><center>nginx/1.14.0</center>
    </body>
    </html>
    [root@centos-03 vhost]# !cat
    cat /tmp/123.com.log 
    127.0.0.1 - - [28/Jul/2018:17:09:52 +0800] "GET /123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 80
    127.0.0.1 - - [28/Jul/2018:17:50:37 +0800] "GET HTTP://www.123.com/123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 8080
    192.168.242.133 - - [28/Jul/2018:17:52:23 +0800] "GET /123.html HTTP/1.0" 302 161 "-" "curl/7.29.0" "127.0.0.1" www.123.com 8080
    192.168.242.133 - - [28/Jul/2018:18:06:21 +0800] "GET /123.html HTTP/1.0" 302 161 "-" "curl/7.29.0" "127.0.0.1, 192.168.242.133" www.123.com 8080
    [root@centos-03 vhost]# 
    
    [root@centos-03 vhost]# curl -x127.0.0.1:8000 www.123.com/123.css1
    <html>
    <head><title>404 Not Found</title></head>
    <body bgcolor="white">
    <center><h1>404 Not Found</h1></center>
    <hr><center>nginx/1.14.0</center>
    </body>
    </html>
    [root@centos-03 vhost]# cat /tmp/123.com.log                      
    127.0.0.1 - - [28/Jul/2018:17:09:52 +0800] "GET /123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 80
    127.0.0.1 - - [28/Jul/2018:17:50:37 +0800] "GET HTTP://www.123.com/123.html HTTP/1.1" 302 161 "-" "curl/7.29.0" "-" www.123.com 8080
    192.168.242.133 - - [28/Jul/2018:17:52:23 +0800] "GET /123.html HTTP/1.0" 302 161 "-" "curl/7.29.0" "127.0.0.1" www.123.com 8080
    192.168.242.133 - - [28/Jul/2018:18:06:21 +0800] "GET /123.html HTTP/1.0" 302 161 "-" "curl/7.29.0" "127.0.0.1, 192.168.242.133" www.123.com 8080
    192.168.242.133 - - [28/Jul/2018:18:31:14 +0800] "GET /123.css1 HTTP/1.0" 404 169 "-" "curl/7.29.0" "127.0.0.1, 192.168.242.133" www.123.com 8080
    [root@centos-03 vhost]# 
    

    Nginx日志切割

    https://coding.net/u/aminglinux/p/nginx/git/blob/master/log/rotate.md  

    如果任由访问日志写下去,日志文件会变得越来越大,甚至是写满磁盘。
    所以,我们需要想办法把日志做切割,比如每天生成一个新的日志,旧的日志按规定时间删除即可。
    
    实现日志切割可以通过写shell脚本或者系统的日志切割机制实现。
    
    shell脚本切割Nginx日志
    切割脚本内容:
    #!/bin/bash
    logdir=/var/log/nginx  //定义日志路径
    prefix=`date -d "-1 day" +%y%m%d`  //定义切割后的日志前缀
    cd $logdir  
    for f in `ls *.log`
    do
       mv $f $f-$prefix  //把日志改名
    done
    /bin/kill -USR1 $(cat /usr/local/nginx/logs/nginx.pid 2>/dev/null) 2>/dev/null  //生成新的日志
    bzip2 *$prefix  //压缩日志
    find . -type f -mtime +180 |xargs /bin/rm -f  //删除超过180天的老日志
    
    系统日志切割机制
    在/etc/logrotate.d/下创建nginx文件,内容为:
    /data/logs/*log {
        daily
        rotate 30
        missingok
        notifempty
        compress
        sharedscripts
        postrotate
            /bin/kill -USR1 $(cat /usr/local/nginx/logs/nginx.pid 2>/dev/null) 2>/dev/null || :
        endscript
    }
    
    说明:
    1 nginx日志在/data/logs/目录下面,日志名字以log结尾
    2 daily表示每天切割
    3 rotate 30表示日志保留30天
    4 missingok表示忽略错误
    5 notifempty表示如果日志为空,不切割
    6 compress表示压缩
    7 sharedscripts和endscript中间可以引用系统的命令
    8 postrotate表示当切割之后要执行的命令

    实验:

    1.日志切割不仅仅是访问日志、错误日志也应该切割,日志切割最好是把所有的日志集中在一个目录下,我们这里把所有的日志放到data/logs下

    [root@centos-03 ~]# cd /usr/local/nginx/conf/vhost/
    [root@centos-03 vhost]# mkdir /data/logs/
    [root@centos-03 vhost]# 
    

    2.给每个虚拟主机配置日志文件

    [root@centos-03 vhost]# vim 1.conf 
    server {
            listen 8080;
            server_name www.123.com;
            index index.html;
            root /data/wwwroot/www.1.com;
            rewrite_log on;
            location /
            {
                    rewrite /123.html /1.html redirect;
                    error_log /data/logs/123.com.err.log debug;
            }
            location ~* '(css|js|png|jpg|gif|rar|mp4)$'
            {
                    access_log off;
                    #access_log /dev/null;
            }
            access_log /data/logs/123.com.acc.log main;
    }
    

    3.测试是否生成新的日志文件

    [root@centos-03 vhost]# /usr/local/nginx/sbin/nginx -t                      
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    [root@centos-03 vhost]# /usr/local/nginx/sbin/nginx -s reload
    [root@centos-03 vhost]# ls /data/logs/
    123.com.acc.log  123.com.err.log
    [root@centos-03 vhost]# curl -x127.0.0.1:8000 www.123.com/123 -I
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0
    Date: Sat, 28 Jul 2018 13:03:47 GMT
    Content-Type: text/html
    Content-Length: 169
    Connection: keep-alive
    
    [root@centos-03 vhost]# 
    
    [root@centos-03 vhost]# cd /data/logs/
    [root@centos-03 logs]# ls
    123.com.acc.log  123.com.err.log
    [root@centos-03 logs]# cat *
    192.168.242.133 - - [28/Jul/2018:21:03:47 +0800] "HEAD /123 HTTP/1.0" 404 0 "-" "curl/7.29.0" "127.0.0.1, 192.168.242.133" www.123.com 8080
    2018/07/28 21:03:47 [notice] 30143#0: *99 "/123.html" does not match "/123", client: 192.168.242.133, server: www.123.com, request: "HEAD /123 HTTP/1.0", host: "www.123.com"
    2018/07/28 21:03:47 [error] 30143#0: *99 open() "/data/wwwroot/www.1.com/123" failed (2: No such file or directory), client: 192.168.242.133, server: www.123.com, request: "HEAD /123 HTTP/1.0"
    , host: "www.123.com" [root@centos-03 logs]#

    4.做日志切割

    方法一:

    [root@centos-03 logs]# vim /usr/local/nginx/sbin/log_rotate.sh
    #!/bin/bash
    logdir=/data/logs/
    prefix=`date -d "-1 day" +%y%m%d`
    cd $logdir
    for f in `ls *.log`
    do
       mv $f $f-$prefix
    done
    /bin/kill -USR1 $(cat /usr/local/nginx/logs/nginx.pid 2>/dev/null) 2>/dev/null (USR1亦通常被用来告知应用程序重载配置文件;例如,向Apache HTTP服务器发送一个USR1信号将导致以下步骤的发生:停止接受新的连接,
    等待当前连接停止,重新载入配置文件,重新打开日志文件,重启服务器,从而实现相对平滑的不关机的更改。) bzip2 *$prefix find . -type f -mtime +180 |xargs /bin/rm -f
    [root@centos-03 logs]# sh -x /usr/local/nginx/sbin/log_rotate.sh 
    + logdir=/data/logs/
    ++ date -d '-1 day' +%y%m%d
    + prefix=180727
    + cd /data/logs/
    ++ ls 123.com.acc.log 123.com.err.log
    + for f in '`ls *.log`'
    + mv 123.com.acc.log 123.com.acc.log-180727
    + for f in '`ls *.log`'
    + mv 123.com.err.log 123.com.err.log-180727
    ++ cat /usr/local/nginx/logs/nginx.pid
    + /bin/kill -USR1 29709
    + bzip2 123.com.acc.log-180727 123.com.err.log-180727
    + xargs /bin/rm -f
    + find . -type f -mtime +180
    [root@centos-03 logs]# ls
    123.com.acc.log             123.com.err.log
    123.com.acc.log-180727.bz2  123.com.err.log-180727.bz2
    [root@centos-03 logs]#   
    [root@centos-03 logrotate.d]# crontab -e
    0 0 * * * /bin/bash /usr/local/nginx/sbin/log_rotate.sh

    方法二

    [root@centos-03 logrotate.d]# cd /etc/logrotate.d/
    [root@centos-03 logrotate.d]# vim nginx
    /data/logs/*log {
        daily
        rotate 30
        missingok
        notifempty
        compress
        sharedscripts
        postrotate
            /bin/kill -USR1 $(cat /usr/local/nginx/logs/nginx.pid 2>/dev/null) 2>/de
    v/null || :
        endscript
    }
    
  • 相关阅读:
    微软“隐形革命”
    关于董事会绩效评估的思考
    Redis源码分析(二十八)--- object创建和释放redisObject对象
    Redis源码分析(二十七)--- rio系统I/O的封装
    Redis源码分析(二十七)--- rio系统I/O的封装
    实战DeviceIoControl 之一:通过API访问设备驱动程序 分类: windows驱动程序WDM 2013-09-25 14:45 381人阅读 评论(0) 收藏
    马云:超过我只需十到十五年
    如何在不同文化背景下做简报
    Google与沃尔玛的薪酬战略—方法不同,目的一致
    传苹果9月9日发布iPhone 6S
  • 原文地址:https://www.cnblogs.com/sunyujun/p/9450608.html
Copyright © 2011-2022 走看看