centos LAMP第二部分apache配置 下载discuz!配置第一个虚拟主机 安装Discuz! 用户认证 配置域名跳转 配置apache的访问日志 配置静态文件缓存 配置防盗链 访问控制 apache rewrite 配置开机启动apache tcpdump 第二十节课
无论是apache 还是nginx,都会有一个默认的虚拟主机 virtual host
多个vhost都可以用同一个配置文件
安装两个Apache,两个apache可以共存,但是要使用不同的端口
主配置文件:/usr/local/apache2/conf/httpd.conf
虚拟主机配置文件:/usr/local/apache2/conf/extra/httpd-vhosts.conf
上半节课
下载discuz!
配置第一个虚拟主机
安装Discuz!
配置mysql,给Discuz!增加一个账户
Discuz设置注意事项
5. 用户认证
下半节课
6. 配置域名跳转
7. 配置apache的访问日志
8. 配置静态文件缓存(其他类型文件可以到apache官方文档里面去搜)
9. 配置防盗链
10. 访问控制(一般用在限制用户登录论坛后台管理页面)
11. apache rewrite相关
tcpdump
步骤
1. 下载discuz!
cd /download/
wget -c http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip
mkdir /data/www //放网站根目录
cd /data/www
mv /download/Discuz_X3.2_SC_GBK.zip .
unzip Discuz_X3.2_SC_GBK.zip
mv upload/* . //把upload/目录里面的东西放到www目录,即上一层目录
cd ..
rm -rf Discuz_X3.2_SC_GBK.zip readme/ utility/ upload/ //把无用目录删掉
DiscuzX的包有两种 一种是utf8 一种是gbk:DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip
2. 配置第一个虚拟主机
删除/usr/local/apache2/conf/httpd.conf中的这行前面的井号
#Include conf/extra/httpd-vhosts.conf
vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
默认已经有两个vhost,先删除一个,再配置另一个如下:
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.123.com
</VirtualHost>
示例解释
<VirtualHost *:80>
28 ServerAdmin webmaster@dummy-host.example.com 管理员邮箱
29 DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com" 网站根目录
30 ServerName dummy-host.example.com 域名
31 ServerAlias www.dummy-host.example.com 另一个域名
32 ErrorLog "logs/dummy-host.example.com-error_log" 日志
33 CustomLog "logs/dummy-host.example.com-access_log" common 访问日志
34 </VirtualHost>
测试配置文件是否正常: /usr/local/apache2/bin/apachectl -t
检查/usr/local/apache2/conf/httpd.conf里面是不是Allow from all
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
3. 安装Discuz!
修改Windows机器的hosts文件,将Linux机器的ip跟www.123.com绑定:192.168.11.190 www.123.com
浏览器输入:
www.123.com/install/
根据提示,修改对应目录的权限
cd /data/www
chown -R daemon:daemon data uc_server/data uc_client/data config // 让这几个目录支持apache运行帐号可写
4. 配置mysql,给Discuz!增加一个账户
检查mysql是否已经启动:ps aux |grep mysql
将mysql 加入到PATH环境变量
在/etc/profile加入:export PATH=$PATH:/usr/local/mysql/bin ,然后source一下: source /etc/profile
给root指定一个密码:mysqladmin -uroot password '123456'
给mysql root账户设置密码,然后命令行进入mysql,创建新的库,并创建一个新的帐号对该库有所有权限:
> create database discuz;
> grant all on discuz.* to 'root'@'localhost' identified by '123456';
> quit
5. Discuz设置注意事项
1、论坛里面的验证码要安装php的gd模块
2、管理中心里的install/index.php 要删除
cd /data/www
rm -f install/index.php
功能设置
5. 用户认证
http://www.lishiming.net/thread-554-1-1.html
虚拟主机配置文件中,需要加入
<Directory /data/web/test>
AllowOverride AuthConfig
</Directory>
然后在虚拟主机的主目录,即DocumentRoot 目录下
vi /data/web/test/.htaccess
加入
AuthName "frank share web"
AuthType Basic
AuthUserFile /data/web/test/.htpasswd
require valid-user
保存后,然后
创建apache的验证用户
htpasswd -c /data/web/test/.htpasswd test
#第一次创建用户要用到-c 参数 第2次添加用户,就不用-c参数
如果你想修改密码,可以如下
htpasswd -m .htpasswd test2
重启apache,即可。
到此,你已经配置完成。下面介绍另一种方式:
##################################
vi http.conf
在相应的虚拟主机配置文件段,加入
<Directory *> 也可以写虚拟主机目录路径:<Directory /data/web/test>
AllowOverride AuthConfig
AuthName "自定义的"
AuthType Basic
AuthUserFile /data/.htpasswd # 这里的/data/.htpasswd你可以随便写一个路径或名字,没有限制
require valid-user
</Directory>
保存后,然后
创建apache的验证用户
htpasswd -cm /data/.htpasswd test
增加第二个用户的时候,就不要加-c了,因为-c是创建的意思,如果加上会把这个文件重写。
--MD5加密
/usr/local/apache2/bin/htpasswd -cm /data/.htpasswd aming
看一下第35行为什麽报错:vi +35 /usr/local/apache2/conf/extra/httpd-vhosts.conf
操作系统没有GBK编码,用的是utf8
discuz用的GBK版本
修改apache字符集
http://blog.chinaunix.net/uid-23078678-id-2974411.html修改apache的配置文件httpd.conf
默认为:AddDefaultCharset UTF-8
修改为:AddDefaultCharset GBK2312
然后重启apache生效!
6. 配置域名跳转
/usr/local/apache2/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.domain1.com$
RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
</IfModule>
如果是多个域名,可以这样设置:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.domain.com [OR] //注意www.domain.com [OR] 之间有空格
RewriteCond %{HTTP_HOST} ^www.domain1.com$
RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
</IfModule>
或者: <IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.domain2.com$
RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
</IfModule>
www.a.com跳转到www.1.com
示例
vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
//添加
#配置域名跳转
<IfModule mod_rewrite.c>
RewriteEngine on //首先把引擎打开
RewriteCond %{HTTP_HOST} ^www.a.com$ //判断条件 域名是www.a.com的时候
RewriteRule ^/(.*)$ http://www.1.com/$1 [R=301,L] //跳转到www.1.com 302暂时跳转 301永久跳转
</IfModule>
7. 配置apache的访问日志
apache访问日志,日志切割,归档 ,防止大文件爆满,有4种log
日志格式
/usr/local/apache2/conf/httpd.conf
<IfModule log_config_module>
243 #
244 # The following directives define some format nicknames for use with
245 # a CustomLog directive (see below).
246 #
247 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
248 LogFormat "%h %l %u %t \"%r\" %>s %b" common
%h 远程主机
%l 远程主机登录名称
%u 认证用户
%t 事件产生时间
%r 请求报文的第一行(方法、资源、版本号)
%>s 最后一个请求对应的状态吗
%b 响应报文的大小
%Referer 从哪个页面来的,比如从百度来的
%user-Agent 客户端浏览器类型
配置日志
/usr/local/apache2/conf/extra/httpd-vhosts.conf
#配置日志
ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/oem.discuz.qq.com-error_%Y%m%d.log 86400"
SetEnvIf Request_URI ".*\.gif$" image-request
SetEnvIf Request_URI ".*\.jpg$" image-request
SetEnvIf Request_URI ".*\.png$" image-request
SetEnvIf Request_URI ".*\.bmp$" image-request
SetEnvIf Request_URI ".*\.swf$" image-request
SetEnvIf Request_URI ".*\.js$" image-request
SetEnvIf Request_URI ".*\.css$" image-request
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/oem.discuz.qq.com-access_%Y%m%d.log 86400" combined env=!image-request //不记录图片请求日志
配置完日志后检查语法
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
配置文件中下面这一段的意思是不记录静态文件访问的日志
*********************************
env=!image-request
SetEnvIf Request_URI ".*\.gif$" image-request 正则 .*任意个任意字符 \脱义. gif $结尾的
*********************************
#配置日志
ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/www.123.com-error_%Y%m%d.log 86400"
SetEnvIf Request_URI ".*\.gif$" image-request
SetEnvIf Request_URI ".*\.jpg$" image-request
SetEnvIf Request_URI ".*\.png$" image-request
SetEnvIf Request_URI ".*\.bmp$" image-request
SetEnvIf Request_URI ".*\.swf$" image-request
SetEnvIf Request_URI ".*\.js$" image-request
SetEnvIf Request_URI ".*\.css$" image-request
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/www.123.com-access_%Y%m%d.log 86400" combined env=!image-request
8. 配置静态文件缓存(其他类型文件可以到apache官方文档里面去搜)
/usr/local/apache2/conf/extra/httpd-vhosts.conf
# 配置静态文件缓存
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
或者使用mod_headers模块实现
<ifmodule mod_headers.c>
# htm,html,txt类的文件缓存一个小时
<filesmatch "\.(html|htm|txt)$">
header set cache-control "max-age=3600"
</filesmatch>
# css, js, swf类的文件缓存一个星期
<filesmatch "\.(css|js|swf)$">
header set cache-control "max-age=604800"
</filesmatch>
# jpg,gif,jpeg,png,ico,flv,pdf等文件缓存一年
<filesmatch "\.(ico|gif|jpg|jpeg|png|flv|pdf)$">
header set cache-control "max-age=29030400"
</filesmatch>
</ifmodule>
配置完静态文件缓存后检查语法
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
在网站根目录下创建一个jpg文件进行测试
浏览器
应用
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
touch /data/www/1.jpeg
curl -x127.0.0.1:80 www.123.com/1.jpeg -I
HTTP/1.1 200 OK
Date: Tue, 20 Oct 2015 17:35:41 GMT
Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28
Last-Modified: Tue, 20 Oct 2015 17:34:51 GMT
ETag: "e35a8-0-5228cadd9f7c1"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Wed, 21 Oct 2015 17:35:41 GMT
Content-Type: image/jpeg
9. 配置防盗链
/usr/local/apache2/conf/extra/httpd-vhosts.conf
SetEnvIfNoCase Referer "^http://.*\.yourdomin\.com" local_ref
SetEnvIfNoCase Referer ".*\.yourdomin\.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
# 配置防盗链
SetEnvIfNoCase Referer "^http://www.1.com" local_ref
SetEnvIfNoCase Referer "www.a.com" local_ref
SetEnvIfNoCase Referer "www.b.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref //local_ref是配置的别名,允许local_ref配置里面的内容
</filesmatch>
测试
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
curl -e "http://www.baidu.com/sdfsdf" -x127.0.0.1:80 www.1.com/1.txt -I
或者不加-e
curl -x127.0.0.1:80 www.1.com/1.txt -I
可以看vhost的访问日志
应用
# 配置防盗链
53 SetEnvIfNoCase Referer "^http://www.123.com" local_ref
54 SetEnvIfNoCase Referer "^$" local_ref
55 <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
56 Order Allow,Deny
57 Allow from env=local_ref
58 </filesmatch>
------------------------------------------------------
# touch /data/www/1.txt
# curl -e "http://www.baidu.com/sdfsdf" -x127.0.0.1:80 www.123.com/1.txt -I
HTTP/1.1 403 Forbidden
Date: Tue, 20 Oct 2015 17:45:49 GMT
Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28
Content-Type: text/html; charset=iso-8859-1
# curl -x127.0.0.1:80 www.123.com/1.txt -I
HTTP/1.1 200 OK
Date: Tue, 20 Oct 2015 17:46:21 GMT
Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28
Last-Modified: Tue, 20 Oct 2015 17:45:27 GMT
ETag: "e35ae-0-5228cd3cca4c1"
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 20 Oct 2015 17:46:21 GMT
Content-Type: text/plain
马上产生errorlog
# tail www.123.com-error_20151021.log
[Wed Oct 21 01:35:23 2015] [error] [client 127.0.0.1] File does not exist: /data/www/1jpeg
[Wed Oct 21 01:45:49 2015] [error] [client 127.0.0.1] client denied by server configuration: /data/www/1.txt, referer: http://www.baidu.com/sdfsdf
10. 访问控制(一般用在限制用户登录论坛后台管理页面)
/usr/local/apache2/conf/extra/httpd-vhosts.conf
# 访问控制
<Directory /data/www/admin> //一般只对非常重要的网站后台管理目录做限制
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
测试
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
curl -x127.0.0.1:80 www.1.com/1.txt -I
参考文档来源: http://jingyan.baidu.com/article/4b07be3c193d1648b380f3a9.html
<Files ~ "\.insc$">等价于<Filesmatch (.*)php>
1. 禁止访问某些文件/目录
增加Files选项来控制,比如要不允许访问 .inc 扩展名的文件,保护php类库:
<Files ~ "\.insc$">
2. 禁止访问某些指定的目录:(可以用 <DirectoryMatch> 来进行正则匹配)
<Directory ~ "/var/www/(.+)*[0-9]{3}">
当然也可以写目录全局路径
<Directory /var/www/111>
3. 通过文件匹配来进行禁止,比如禁止所有针对图片的访问:
<Filesmatch (.*)php>
4. 针对URL相对路径的禁止访问
<Location /dir/>
<Directory /data/www/admin>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
针对请求的uri去限制
<filesmatch "(.*)admin(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
某个目录下禁止解析php
<Directory /data/www/path>
php_admin_flag engine off
<filesmatch "(.*)php">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
</Directory>
主配置文件里有这麽一段:/usr/local/apache2/conf/httpd.conf
找了半天终于找到了问题的根源,其实是配置对了,只是我们访问的有点问题。
我们访问的地址是1.txt ,而在配置文件中我们有配置一段防盗链
针对1.txt referer是空或者是1.com 都会直接允许访问,问题就在这里。当我再次访问 forum.php的时候 效果达到了。
应用
<Directory /data/www> //只对网站后台管理页面进行控制
<filesmatch "admin.php">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
</Directory>
匹配
http://www.1.com/admin/admin.phpsdfsdfsdfhttp://www.1.com/admin.phpwerewrwerwer
http://www.1.com/ewfwewefadmin.phpwerewrwerwer
<Directory /data/www/admin.php>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
匹配
#某个目录下禁止解析php
<Directory /data/www/uc_server>
php_admin_flag engine off
<filesmatch "(.*)php">
Order deny,allow
Deny from all
</filesmatch>
</Directory>
应用
<Directory /data/www>
<filesmatch "admin.php">
Order deny,allow
Deny from all
Allow from 192.168.0.100
Allow from 192.168.0.101
</filesmatch>
</Directory>
非上面两个ip的都不行
11. apache rewrite相关
RewriteCond 重写条件
RewriteRule 重写规则
[R=302]临时跳转 rewrite
[R=301]永久跳转 rewrite
伪静态就是你访问一个动态页面的时候URL是一串动态的字符,而配置了伪静态之后URL变为静态,跟rewrite域名跳转不一样
apache 限制指定user_agent http://www.lishiming.net/thread-1033-1-1.html
apache 限制某些目录不能访问通过rewrite实现 http://www.lishiming.net/thread-3587-1-1.html
apache rewrite 出现死循环 http://www.lishiming.net/thread-1043-1-1.html
apache rewrite 出现死循环
网站夜间升级 ,全部页面跳转到网站公告页面
除了公告页面不跳转,否则会出现死循环,公告页面跳入公告页面
discuz伪静态配置:
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/topic-(.+)\.html$ /portal.php?mod=topic&topic=$1&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/article-([0-9]+)-([0-9]+)\.html$ /portal.php?mod=view&aid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/forum-(\w+)-([0-9]+)\.html$ /forum.php?mod=forumdisplay&fid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ /forum.php?mod=viewthread&tid=$1&extra=page\%3D$3&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/group-([0-9]+)-([0-9]+)\.html$ /forum.php?mod=group&fid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/space-(username|uid)-(.+)\.html$ /home.php?mod=space&$1=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/blog-([0-9]+)-([0-9]+)\.html$ /home.php?mod=space&uid=$1&do=blog&id=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/archiver/(fid|tid)-([0-9]+)\.html$ /archiver/index.php?action=$1&value=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ /plugin.php?id=$1:$2&%1
应用
将下面的代码放在域名跳转下面
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/topic-(.+)\.html$ /portal.php?mod=topic&topic=$1&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/article-([0-9]+)-([0-9]+)\.html$ /portal.php?mod=view&aid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/forum-(\w+)-([0-9]+)\.html$ /forum.php?mod=forumdisplay&fid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ /forum.php?mod=viewthread&tid=$1&extra=page\%3D$3&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/group-([0-9]+)-([0-9]+)\.html$ /forum.php?mod=group&fid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/space-(username|uid)-(.+)\.html$ /home.php?mod=space&$1=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/blog-([0-9]+)-([0-9]+)\.html$ /home.php?mod=space&uid=$1&do=blog&id=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/archiver/(fid|tid)-([0-9]+)\.html$ /archiver/index.php?action=$1&value=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ /plugin.php?id=$1:$2&%1
vhost下面加功能
多个vhost对应多个端口
#
19 NameVirtualHost *:80 //多个vhost写多个端口
20 NameVirtualHost *:8080
21 #
22 # VirtualHost example:
23 # Almost any Apache directive may go into a VirtualHost container.
24 # The first VirtualHost section is used for all requests that do not
25 # match a ServerName or ServerAlias in any <VirtualHost> block.
26 #
27 <VirtualHost *:80>
28 ServerAdmin webmaster@dummy-host.example.com
29 DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com"
30 ServerName dummy-host.example.com
31 ServerAlias www.dummy-host.example.com
32 ErrorLog "logs/dummy-host.example.com-error_log"
33 CustomLog "logs/dummy-host.example.com-access_log" common
34 </VirtualHost>
35
36 <VirtualHost *:80>
37 ServerAdmin webmaster@dummy-host2.example.com
38 DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com"
39 ServerName dummy-host2.example.com
curl的浏览器标识 user-agent
http://www.jbxue.com/article/10287.html
今天学习使用apache系统自带的rotatelogs工具对日志进行截断处理。
一,修改文件httpd.conf
注意:以下日志文件存储路径均为绝对路径。
复制代码 代码示例:
CustomLog "logs/access.log" common 原来的样子
ErrorLog "logs/error.log"原来的样子
CustomLog "|bin/rotatelogs /var/logs/logfile 86400" common 修改后的样子
CustomLog "|bin/rotatelogs /var/logs/logfile 5M" common 修改后的样子
ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M"
二,重启apache服务,在指定的日志目录中验证。
三:语法分析
rotatelogs [ -l ] logfile [ rotationtime [ offset ]] | [ filesizeM ]
该命令其实只有两种选项用以对日志文件logfile进行操作。且必须选择其中一种方式。
第一种,rotationtime
日志文件以秒为单位滚动
第二种, filesizeM
指定以filesizeM文件大小滚动,而不是按照时间或时差滚动
举例:ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M"
此配置会在错误日志大小增长到5兆字节时滚动该日志,日志文件名后缀会按照如下格式创建:errorlog.YYYY-mm-dd-HH_MM_SS 。
选项 -l 和offset都是和时区相关的。
四:文件名称格式
errorlog.%Y-%m-%d-%H_%M_%S-------------------errorlog.YYYY-mm-dd-HH_MM_SS
%A 星期名全称(本地的)
%a 3个字符的星期名(本地的)
%B 月份名的全称(本地的)
%b 3个字符的月份名(本地的)
%c 日期和时间(本地的)
%d 2位数的一个月中的日期数
%H 2位数的小时数(24小时制)
%I 2位数的小时数(12小时制)
%j 3位数的一年中的日期数
%M 2位数的分钟数
%m 2位数的月份数
%p am/pm12小时制的上下午(本地的)
%S 2位数的秒数
%U 2位数的一年中的星期数(星期天为一周的第一天)
%W 2位数的一年中的星期数(星期一为一周的第一天)
%w 1位数的星期几(星期天为一周的第一天)
%X 时间(本地的)
%x 日期(本地的)
%Y 4位数的年份
%y 2位数的年份
%Z 时区名
%% 符号"%"本身
接下来介绍,按日期生成apache日志文件及限制apache日志文件大小的方法。
需要用到apache自带的rotatelogs小工具
语法如下:
rotatelogs [ -l ] logfile [ rotationtime [ offset ]] | [ filesizeM ]
参数解释:
-l :使用本地时间代替GMT时间作为时间基准。注意:在一个改变GMT偏移量(比如夏令时)的环境中使用-l会导致不可预料的结果。
logfile:它加上基准名就是日志文件名。如果logfile中包含"%",则它会被视为用于strftime()的格式字符串;否则它会被自动加上以秒为单位的".nnnnnnnnnn"后缀。
这两种格式都表示新的日志开始使用的时间。
rotationtime :日志文件滚动的以秒为单位的间隔时间。
offset :相对于UTC的时差的分钟数。如果省略,则假定为"0"并使用UTC时间。比如,要指定UTC时差为"-5小时"的地区的当地时间,则此参数
应为"-300"。
filesizeM :指定以filesizeM文件大小滚动,而不是按照时间或时差滚动。
例子:
1、按时间滚动日志文件:
错误日志:
ErrorLog "|/data/apache/bin/rotatelogs 日志存放目录/%Y%m%d_error.log 86400 480"
访问日志:
CustomLog "|/data/apache/bin/rotatelogs 日志存放目录/%Y%m%d_access.log 86400 480"
其中:
/data/apache:为apache的安装目录,根据自己实际情况确定;
86400:秒,24小时,表示生成的日志文件按天滚动,也就是每天生成一个日志文件;
480:分,时间偏移。
同理可以按小时滚动日志文件,每隔一个小时,几个小时。。。生成一个日志文件。
扩展:可以写个脚本定时删除日志文件,只保留几天的日志,如果网站访问量比较大,一天会生成几十上百M甚至更大的日志文件,既占硬盘又影响服务器性能。
2、按大小滚动日志文件:
错误日志:
ErrorLog "|/data/apache/bin/rotatelogs -l 日志存放目录/%Y%m%d_error.log 5M"
访问日志:
CustomLog "|/data/apache/bin/rotatelogs -l 日志存放目录/%Y%m%d_access.log 5M"
当日志文件达到5M时,滚动该日志文件。
另外,说下apache日志管理的相关知识。
web服务器日志滚动的方法,常用的有如下三种:
1,利用Linux系统自身的日志文件轮循机制:logrotate;
2,利用apache自带的日志轮循程序rotatelogs;
3,使用在apache的FAQ中推荐发展已经比较成熟的一个日志轮循工具cronolog。
这里介绍下apache自带的日志滚动程序rotatelogs,并用shell脚本定期删除日志文件,只保留近3天的文件,以免日志文件占满磁盘空间。
修改apache服务器的主配置文件httpd.conf,找到以下内容,并修改成:
ErrorLog /var/log/httpd/error_log
CustomLog "|/usr/local/apache2/bin/rotatelogs /var/log/httpd/access_log 86400 400M" combined
86400 ---日志滚动的时间是一天
400---日志文件最大400M就滚动
combined ---采用复合格式
然后,建立清除日志文件的shell脚本,文件名为clean_log
#! /bin/bash
logdir=/var/log/httpd
cd ${logdir}
declare -i filesum=`ls access_log.* | wc -l`
declare -i delnum=$filesum-3
if [ "${delnum}" -ge 1 ];then
rm -rf `ls -tr access_log.* | head -${delnum}`
fi
#加上执行权限
chmod 755 clean_log
保留最近3天的日志文件。
创建自动化任务:
01 04 * * * /usr/local/crontab/clean_log
PHP的扩展库
GD图片处理库
修改目录权限
根据提示,修改对应目录的权限
cd /data/www
chown -R daemon:daemon data uc_server/data uc_client/data config // 让这几个目录支持apache运行帐号可写
配置开机启动apache
echo '/usr/local/apache2/bin/apachectl start'>>/etc/rc.local
注意:不能使用/etc/init.d/httpd的方式!
还有虚拟机安装了两个httpd,一个rpm版本,一个编译安装版,导致修改了vhosts配置文件之后,执行apachectl -restart的时候新修改的内容不生效
解决办法是删除rpm版本的httpd
rpm -qa |grep httpd
rpm -e httpd-2.2.15-39.el6.centos.x86_64
rpm -qa |grep httpd
http://www.apelearn.com/bbs/thread-9146-1-1.html
编译安装安装方式不支持将apachectl放入/etc/init.d/httpd
RPM包方式才支持将apachectl放入/etc/init.d/httpd
tcpdump抓包
tcpdump -nn -i eth1 -s 0 host 192.168.0.100 and dst port 80 and dst 192.168.0.106 //因为只显示目标端口和目标ip所以单向
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
06:44:35.903095 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [S], seq 1723280863, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
06:44:35.905358 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 3341746770, win 16425, length 0
06:44:35.905378 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [P.], seq 0:1163, ack 1, win 16425, length 1163
06:44:35.967826 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 2921, win 16425, length 0
06:44:35.968025 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 5841, win 16425, length 0
06:44:35.968165 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 8761, win 16425, length 0
06:44:35.968295 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 11681, win 16425, length 0
06:44:35.968466 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 14601, win 16425, length 0
06:44:35.968693 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 16254, win 16425, length 0
06:44:36.016064 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [P.], seq 1163:2416, ack 16259, win 16423, length 1253点击一下默认板块产生很多包
# tcpdump -nn -i eth1 -s 0 tcp and port 80 and host 192.168.0.100 and host 192.168.0.106 //指定了端口一般也要指定协议 因为两个都是host所以会显示双向
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
06:55:33.624605 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [S], seq 1337810073, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
06:55:33.624658 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [S.], seq 3180963847, ack 1337810074, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
06:55:33.625110 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 1, win 16425, length 0
06:55:33.625122 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [P.], seq 1:1149, ack 1, win 16425, length 1148
06:55:33.625162 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], ack 1149, win 264, length 0
06:55:33.684537 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 1:2921, ack 1149, win 264, length 2920
06:55:33.684796 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 2921, win 16425, length 0
06:55:33.684886 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 2921:5841, ack 1149, win 264, length 2920
06:55:33.685506 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 5841, win 16425, length 0
06:55:33.685576 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 5841:8761, ack 1149, win 264, length 2920
06:55:33.685782 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 8761, win 16425, length 0
06:55:33.687586 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 8761:11681, ack 1149, win 264, length 2920httpd的访问日志
C:\Users\Name\Desktop\apache 2015-10-26 logs\access_log
127.0.0.1 - - [12/Oct/2015:13:35:03 +0800] "GET /1.php HTTP/1.1" 200 26
192.168.0.101 - - [12/Oct/2015:13:35:43 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.0.101 - - [12/Oct/2015:13:35:44 +0800] "GET /1.php HTTP/1.1" 200 26
192.168.0.101 - - [12/Oct/2015:13:35:44 +0800] "GET /1.php HTTP/1.1" 200 26
127.0.0.1 - - [12/Oct/2015:13:38:53 +0800] "GET /1.php HTTP/1.1" 200 51497
192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php HTTP/1.1" 200 52807
192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2524
192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2146
192.168.0.101 - - [12/Oct/2015:13:39:02 +0800] "GET /favicon.ico HTTP/1.1" 404 209
127.0.0.1 - - [12/Oct/2015:13:39:18 +0800] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [12/Oct/2015:13:39:19 +0800] "OPTIONS * HTTP/1.0" 200 -
192.168.0.101 - - [21/Oct/2015:00:13:53 +0800] "GET /install/ HTTP/1.1" 200 7268
192.168.0.101 - - [21/Oct/2015:00:13:54 +0800] "GET /install/images/bg_footer.gif HTTP/1.1" 200 116
192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/index.php?step=1&uchidden=&submit=%CE%D2%CD%AC%D2%E2 HTTP/1.1" 200 5723
192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/images/bg_stepstatus.gif HTTP/1.1" 200 259
192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/images/stepnum.gif HTTP/1.1" 200 2632
127.0.0.1 - - [21/Oct/2015:00:14:11 +0800] "OPTIONS * HTTP/1.0" 200 -
127.0.0.1 - - [21/Oct/2015:00:14:12 +0800] "OPTIONS * HTTP/1.0" 200 -
192.168.0.101 - - [21/Oct/2015:00:15:19 +0800] "POST /install/index.php HTTP/1.1" 200 3455
192.168.0.101 - - [21/Oct/2015:00:15:25 +0800] "POST /install/index.php HTTP/1.1" 302 -
192.168.0.101 - - [21/Oct/2015:00:15:25 +0800] "GET /install/index.php?step=3&install_ucenter=yes HTTP/1.1" 200 3524
192.168.0.101 - - [21/Oct/2015:00:18:46 +0800] "-" 408 -
127.0.0.1 - - [21/Oct/2015:00:18:46 +0800] "OPTIONS * HTTP/1.0" 200 -
192.168.0.101 - - [21/Oct/2015:00:25:32 +0800] "POST /install/index.php HTTP/1.1" 200 32719
192.168.0.101 - - [21/Oct/2015:00:25:39 +0800] "GET /misc.php?mod=initsys HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:25:46 +0800] "GET /install/index.php?method=ext_info HTTP/1.1" 200 1267
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET / HTTP/1.1" 301 -
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /forum.php HTTP/1.1" 200 12593
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_forum_index.css?pss HTTP/1.1" 200 3665
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_common.css?pss HTTP/1.1" 200 69562
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_widthauto.css?pss HTTP/1.1" 200 1483
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/common.js?pss HTTP/1.1" 200 63289
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/forum.js?pss HTTP/1.1" 200 22720
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/logging.js?pss HTTP/1.1" 200 603
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/search.png HTTP/1.1" 200 1301
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/nv.png HTTP/1.1" 200 1939
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/nv_a.png HTTP/1.1" 200 2076
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358368 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/scrolltop.png HTTP/1.1" 200 1383
127.0.0.1 - - [21/Oct/2015:00:26:16 +0800] "OPTIONS * HTTP/1.0" 200 -
192.168.0.101 - - [21/Oct/2015:00:26:29 +0800] "GET /static/js/ajax.js?pss HTTP/1.1" 200 7835
192.168.0.101 - - [21/Oct/2015:00:26:29 +0800] "POST /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1 HTTP/1.1" 200 396
192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /member.php?mod=logging&action=login&auth=29daT789VZ8C8zjE0ImpSpwPwzApkK2NKDrzbc6qlNvfyAN112%2FCRomzwA&referer=http%3A%2F%2Fwww.123.com%2Fforum.php&infloat=yes&handlekey=login&inajax=1&ajaxtarget=fwin_content_login HTTP/1.1" 200 3747
192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/js/common_extra.js?pss HTTP/1.1" 200 46875
192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/cls.gif HTTP/1.1" 200 526
192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/right.gif HTTP/1.1" 200 678
192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSAnX92XB&0.24064634722004718&modid=member::logging HTTP/1.1" 200 1528
192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/none.gif HTTP/1.1" 200 43
192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /misc.php?mod=seccode&update=40780&idhash=cSAnX92XB HTTP/1.1" 200 158
192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /static/image/common/loading.gif HTTP/1.1" 200 875
192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=member::logging&idhash=cSAnX92XB&secverify=ctcj HTTP/1.1" 200 70
192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /static/image/common/check_right.gif HTTP/1.1" 200 296
00 -
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/refresh.png HTTP/1.1" 200 1074
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358408 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /data/cache/common_smilies_var.js?pss HTTP/1.1" 200 3400
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358408 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765216946 HTTP/1.1" 200 13536
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSLszz2X&0.721008357087331&modid=forum::forumdisplay HTTP/1.1" 200 1519
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/shutup.gif HTTP/1.1" 200 2500
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/sleepy.gif HTTP/1.1" 200 2375
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/hug.gif HTTP/1.1" 200 1054
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/victory.gif HTTP/1.1" 200 1275
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/time.gif HTTP/1.1" 200 687
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/kiss.gif HTTP/1.1" 200 987
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/handshake.gif HTTP/1.1" 200 1322
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/call.gif HTTP/1.1" 200 603
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358408 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/folder_new.gif HTTP/1.1" 200 235
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/pollsmall.gif HTTP/1.1" 200 600
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=seccode&update=62355&idhash=cSLszz2X HTTP/1.1" 200 158
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.15455305205052006&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63
192.168.0.101 - - [21/Oct/2015:00:26:50 +0800] "GET /static/image/common/uploadbutton_small.png HTTP/1.1" 200 690
192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /data/cache/style_1_forum_post.css?pss HTTP/1.1" 200 7059
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line5.png HTTP/1.1" 200 528
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/0.gif HTTP/1.1" 200 1013
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line4.png HTTP/1.1" 200 133
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line1.png HTTP/1.1" 200 164
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line9.png HTTP/1.1" 200 187
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/5.gif HTTP/1.1" 200 1602
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line2.png HTTP/1.1" 200 711
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line7.png HTTP/1.1" 200 365
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/2.gif HTTP/1.1" 200 3343
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?css=1_wysiwyg&pss HTTP/1.1" 200 559
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /data/cache/style_1_forum_calendar.css?pss HTTP/1.1" 200 1161
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358410 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358410 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765219307 HTTP/1.1" 200 13536
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765219353 HTTP/1.1" 200 13536
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358410 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSaG588y&0.2836799351813733&modid=forum::post HTTP/1.1" 200 1503
192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.9286310464287497&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63
192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=seccode&update=42232&idhash=cSaG588y HTTP/1.1" 200 158
192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /forum.php?mod=relatekw&subjectenc=&messageenc=&inajax=1&ajaxtarget=tagselect HTTP/1.1" 200 63
192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63
192.168.0.101 - - [21/Oct/2015:00:26:57 +0800] "GET /forum.php?mod=relatekw&subjectenc=test&messageenc=&inajax=1&ajaxtarget=tagselect HTTP/1.1" 200 63
192.168.0.101 - - [21/Oct/2015:00:27:04 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=forum::post&idhash=cSaG588y&secverify=cj6j HTTP/1.1" 200 70
192.168.0.101 - - [21/Oct/2015:00:27:06 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=forum::post&idhash=cSaG588y&secverify=cj6j HTTP/1.1" 200 70
127.0.0.1 - - [21/Oct/2015:00:27:13 +0800] "OPTIONS * HTTP/1.0" 200 -
192.168.0.101 - - [21/Oct/2015:00:27:25 +0800] "POST /forum.php?mod=post&action=newthread&fid=2&extra=&topicsubmit=yes HTTP/1.1" 301 -
192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /static/image/common/uploadbutton.png HTTP/1.1" 200 1391
192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /static/image/common/uploadbutton.png HTTP/1.1" 200 1391
192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /forum.php?mod=viewthread&tid=1&extra= HTTP/1.1" 200 32905
192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /data/cache/style_1_forum_viewthread.css?pss HTTP/1.1" 200 46079
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /static/image/common/fastreply.gif HTTP/1.1" 200 608
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765254727 HTTP/1.1" 200 13536
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358446 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSUsRRzX&0.7534482570377987&modid=forum::viewthread HTTP/1.1" 200 1515
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358446 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358446 HTTP/1.1" 200 -
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=seccode&update=24492&idhash=cSUsRRzX HTTP/1.1" 200 158
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.2202783499608713&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63
192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63
127.0.0.1 - - [21/Oct/2015:00:27:35 +0800] "OPTIONS * HTTP/1.0" 200 -
192.168.0.101 - - [21/Oct/2015:00:31:40 +0800] "GET /admin.php HTTP/1.1" 200 2568
192.168.0.101 - - [21/Oct/2015:00:31:40 +0800] "GET /static/image/admincp/admincp.css HTTP/1.1" 200 33246
192.168.0.101 - - [21/Oct/2015:00:31:41 +0800] "GET /static/image/admincp/bg_login.gif HTTP/1.1" 200 475
192.168.0.101 - - [21/Oct/2015:00:31:41 +0800] "GET /static/image/admincp/login_title.gif HTTP/1.1" 200 3121
192.168.0.101 - - [21/Oct/2015:00:31:46 +0800] "POST /admin.php? HTTP/1.1" 302 -
192.168.0.101 - - [21/Oct/2015:00:31:46 +0800] "GET /admin.php? HTTP/1.1" 200 37555
192.168.0.101 - - [21/Oct/2015:00:31:47 +0800] "GET /static/image/admincp/admincp.css?pss HTTP/1.1" 200 33246
192.168.0.101
httpd的错误日志
C:\Users\Name\Desktop\apache 2015-10-26 logs\error_log
[Mon Oct 12 13:02:20 2015] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 12 13:02:20 2015] [notice] Digest: done
[Mon Oct 12 13:02:20 2015] [notice] Apache/2.2.27 (Unix) DAV/2 configured -- resuming normal operations
[Mon Oct 12 13:33:01 2015] [notice] SIGHUP received. Attempting to restart
[Mon Oct 12 13:33:01 2015] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 12 13:33:01 2015] [notice] Digest: done
[Mon Oct 12 13:33:01 2015] [notice] Apache/2.2.27 (Unix) DAV/2 configured -- resuming normal operations
[Mon Oct 12 13:35:43 2015] [error] [client 192.168.0.101] File does not exist: /usr/local/apache2/htdocs/favicon.ico
[Mon Oct 12 13:37:05 2015] [notice] SIGHUP received. Attempting to restart
[Mon Oct 12 13:37:05 2015] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 12 13:37:05 2015] [notice] Digest: done
[Mon Oct 12 13:37:05 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
[Mon Oct 12 13:38:23 2015] [notice] caught SIGTERM, shutting down
[Mon Oct 12 13:38:27 2015] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 12 13:38:27 2015] [notice] Digest: done
[Mon Oct 12 13:38:27 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
[Mon Oct 12 13:38:53 2015] [error] [client 127.0.0.1] PHP Warning: phpinfo() [<a href='function.phpinfo'>function.phpinfo</a>]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /usr/local/apache2/htdocs/1.php on line 3
[Mon Oct 12 13:39:01 2015] [error] [client 192.168.0.101] PHP Warning: phpinfo() [<a href='function.phpinfo'>function.phpinfo</a>]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /usr/local/apache2/htdocs/1.php on line 3
[Mon Oct 12 13:39:02 2015] [error] [client 192.168.0.101] File does not exist: /usr/local/apache2/htdocs/favicon.ico
[Mon Oct 12 13:43:21 2015] [notice] caught SIGTERM, shutting down
[Wed Oct 21 00:13:39 2015] [notice] Digest: generating secret for digest authentication ...
[Wed Oct 21 00:13:39 2015] [notice] Digest: done
[Wed Oct 21 00:13:39 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
[Wed Oct 21 00:26:51 2015] [error] [client 192.168.0.101] File does not exist: /data/www/static/js/common_postimg.js, referer: http://www.123.com/forum.php?mod=post&action=newthread&fid=2
[Wed Oct 21 01:24:54 2015] [notice] SIGHUP received. Attempting to restart
[Wed Oct 21 01:24:54 2015] [notice] Digest: generating secret for digest authentication ...
[Wed Oct 21 01:24:54 2015] [notice] Digest: done
[Wed Oct 21 01:24:54 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
[Wed Oct 21 01:34:30 2015] [notice] SIGHUP received. Attempting to restart
[Wed Oct 21 01:34:30 2015] [notice] Digest: generating secret for digest authentication ...
[Wed Oct 21 01:34:30 2015] [notice] Digest: done
[Wed Oct 21 01:34:30 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations
[Wed Oct 21 01:44:44 2015] [notice] SIGHUP received. Attempting to restart
[Wed Oct 21 01:44:44 2015] [notice] Digest: generating secret for digest authentication ...
vhosts访问日志
C:\Users\Name\Desktop\apache 2015-10-26 logs\www.123.com-access_20151021.log
192.168.0.122 - - [21/Oct/2015:02:12:18 +0800] "GET /admin.php HTTP/1.1" 403 211 "http://www.123.com/forum.php?mod=viewthread&tid=1&extra=" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)"
192.168.0.122 - - [21/Oct/2015:02:12:18 +0800] "GET /admin.php HTTP/1.1" 403 211 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)"
vhosts错误日志
www.123.com-error_20151021
[Wed Oct 21 01:35:23 2015] [error] [client 127.0.0.1] File does not exist: /data/www/1jpeg
[Wed Oct 21 01:45:49 2015] [error] [client 127.0.0.1] client denied by server configuration: /data/www/1.txt, referer: http://www.baidu.com/sdfsdf
[Wed Oct 21 02:12:18 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=viewthread&tid=1&extra=
[Wed Oct 21 02:12:18 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php
[Wed Oct 21 02:12:28 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php
[Wed Oct 21 02:12:28 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php
[Wed Oct 21 02:13:24 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=viewthread&tid=1&extra=page%3D1
[Wed Oct 21 02:13:24 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php
[Wed Oct 21 02:14:48 2015] [error] [client 192.168.0.106] client denied by server configuration: /data/www/admin.php
[Wed Oct 21 04:04:35 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=forumdisplay&fid=2
[Wed Oct 21 04:04:35 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php
[Wed Oct 21 04:04:51 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php
[Wed Oct 21 04:04:51 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php
安装centos的时候一定要最小化安装,否则会默认安装上rpm版的apache
rpm -qa |grep httpd ,公司台机不是最小化安装
腾讯云也是已经安装rpm版httpd
是源于UNIX的kill命令向运行中的进程发送信号。
apache官方的解释如下:
为了停止或者重新启动Apache ,必须向正在运行的httpd进程发送信号。有两种发送信号的方法。第一种方法是直接使用UNIX的kill命令向运行中的进程发送信号。也许你会注意到你的系统里运行着很多httpd进程。但你不应该直接对它们中的任何一个发送信号,而只要对已经在PidFile中记载下了自身PID的父进程发送信号。也就是说,你不必对父进程以外的任何进程发送信号。你可以向父进程发送三种信号:TERM、HUP、USR1 。
你可以用下面这样的命令来向父进程发送信号:
kill -TERM `cat /usr/local/apache2/logs/httpd.pid`
第二种方法是使用下面将要描述的httpd二进制可执行文件的 -k 命令行选项:stop、restart、graceful、graceful-stop 。
不过推荐你使用apachectl控制脚本来向httpd二进制可执行文件传递这些选项。
当你向httpd发送信号后,你可以这样来读取它的进行过程:
tail -f /usr/local/apache2/logs/error_log
比如--立即停止
使用信号:TERM
apachectl -k stop发送TERM或stop信号到父进程可以使它立刻杀死所有子进程。这将花费一些时间来杀死所有子进程。然后父进程自己也退出。所有进行中的请求将被强行中止,而且不再接受其它请求。
其实在man httpd有这样一个介绍
-k start|restart|graceful|stop|graceful-stop
Signals httpd to start, restart, or stop. See Stopping Apache for more information.
apachectl是Apache HTTP服务器的前端程序。其设计意图是帮助管理员控制Apache httpd后台守护进程。
apachectl脚本有两种操作模式。
1、首先,作为简单的httpd的前端程序,设置所有必要的环境变量,然后启动httpd ,并传递所有的命令行参数。
2、其次,作为SysV初始化脚本,接受简单的一个单词的参数,如:start, restart, stop ,并把他们翻译为适当的信号发送给httpd
。
如果你的Apache安装在非标准的路径中,你将需要修改apachectl脚本使其中的路径正确地指向httpd程序。此外,还可以指定任何必要的httpd命令行参数。细节可以参见脚本中的注解。
apachectl脚本如果执行成功,则返回0 ;如果出错,则其返回值>0 。更多细节可以参见脚本中的注解。
在扮演传递角色时,apachectl可以接受对httpd程序有效的所有参数。
apachectl [ httpd-argument ]
在SysV初始化模式中,apachectl只接受简单的一个单词的命令,如下:
apachectl command
下列仅说明了SysV初始化类型的选项,其他参数的说明见httpd手册页。
start
启动Apache httpd后台守护进程。如果已经启动,则产生一个错误。它等价于 apachectl -k start 。
stop
停止Apache httpd后台守护进程。它等价于 apachectl -k stop 。
restart
重新启动Apache httpd后台守护进程。如果守护进程尚未运行,则启动它。在重新启动守护进程之前,此命令会使用configtest自动检查配置文件,以确保Apache不会死掉。它等价于 apachectl -k restart 。
fullstatus
显示由mod_status提供的完整的状态报告。要使用这个功能,需要启用服务器上的mod_status模块,并且系统中有一个基于文本的浏览器,如lynx 。修改脚本中的STATUSURL变量,可以修改访问状态报告的URL 。
status
显示一个简要的状态报告。它类似于fullstatus选项,但是省略了正在处理的请求的列表。
graceful
优雅地重新启动Apache httpd后台守护进程。如果守护进程尚未启动,则启动它。它和标准重新启动的不同之处在于:不会中断当前已经打开的连接,也不会立即关闭日志。这意味着,如果在日志滚动脚本使用它,则在处理日志之前必须加入一个实实在在的延迟,以确保老的日志文件在被处理前已经关闭。在重新启动守护进程之前,此命令会使用configtest自动检查配置文件,以确保Apache不会死掉。它等价于 apachectl -k graceful 。
graceful-stop
优雅地停止Apache httpd后台守护进程。它和标准停止的不同之处在于:不会中断当前已经打开的连接,也不会立即关闭日志。它等价于 apachectl -k graceful-stop 。
configtest
执行一次配置文件语法检查。它解析配置文件,并报告 Syntax Ok 或者是特定的语法错误详细信息。它等价于 apachectl -t 。
下列选项仅在早期版本中使用,现在已经被废弃了。
startssl
以支持SSL的方式启动httpd ,你应当编辑配置文件,并在其中包含与SSL支持相关的指令,然后使用 apachectl start 启动服务器。
伪静态
http://baike.baidu.com/link?url=I-21EmJmbOmzvK6HuhS1-R39lITINPdgHPeIrSMiuf9PxRcryz8hSWX5E5FzkuZs8qihikAGQUifbQuZGdhOo4PSDZQg4k41dX2Xk6pvXsOHNpbHiaPXpi0pjC9JfMc2伪静态是相对真实静态来讲的,通常我们为了增强搜索引擎的友好面,都将文章内容生成静态页面,但是有的朋友为了实时的显示一些信息。或者还想运用动态脚本解决一些问题。不能用静态的方式来展示网站内容。但是这就损失了对搜索引擎的友好面。怎么样在两者之间找个中间方法呢,这就产生了伪静态技术。就是展示出来的是以html一类的静态页面形式,但其实是用ASP一类的动态脚本来处理的。
用IIS的404错误处理机制来实现的。这个比rewrite技术要灵活的多。
这样。用户或蜘蛛看到的URL还是他访问的URL.而我们对内容的处理上可以用到了动态技术。这就是我们想要的结果。说得简单了一些。但是基本思路就是这样了。
区别静态
从URL结构以及页面名称看,伪静态和静态页面是一样的。伪静态的页面后缀可以是html htm 或者是目录格式
伪静态只是改变了URL的表现形式,实际上还是动态页面
静态页面可以节省服务器资源,而伪静态严格说是增加服务器资源消耗的
总结,在SEO方面,伪静态和静态页面的功能是相同的,但是伪静态本质上还是动态页面,所以消耗资源是和动态页面一样的,而且因为Rewrite服务器还需要消耗额外的资源。
logstash的角色:shipper和indexer P83
logstash作为无状态的软件,配合消息队列系统,可以做线性扩展,两个消息队列系统:kafka和redis
rsyslog P95
rsyslog从v6版本开始,设计了一套rainerscript作为配置中的DSL
rsyslog从v7版本开始带有omelasticsearch插件可以直接写入数据到elasticsearch集群
rsyslog当前官方稳定版是v8
rpm -qa|grep syslog
rsyslog-5.8.10-10.el6_6.x86_64
f
