centos LAMP第二部分apache配置 下载discuz!配置第一个虚拟主机 安装Discuz! 用户认证 配置域名跳转 配置apache的访问日志 配置静态文件缓存 配置防盗链 访问控制 apache rewrite 配置开机启动apache tcpdump 第二十节课
centos LAMP第二部分apache配置 下载discuz!配置第一个虚拟主机 安装Discuz! 用户认证 配置域名跳转 配置apache的访问日志 配置静态文件缓存 配置防盗链 访问控制 apache rewrite 配置开机启动apache tcpdump 第二十节课
无论是apache 还是nginx,都会有一个默认的虚拟主机 virtual host
多个vhost都可以用同一个配置文件
安装两个Apache,两个apache可以共存,但是要使用不同的端口
主配置文件:/usr/local/apache2/conf/httpd.conf
虚拟主机配置文件:/usr/local/apache2/conf/extra/httpd-vhosts.conf
上半节课
下载discuz!
配置第一个虚拟主机
安装Discuz!
配置mysql,给Discuz!增加一个账户
Discuz设置注意事项
5. 用户认证
下半节课
6. 配置域名跳转
7. 配置apache的访问日志
8. 配置静态文件缓存(其他类型文件可以到apache官方文档里面去搜)
9. 配置防盗链
10. 访问控制(一般用在限制用户登录论坛后台管理页面)
11. apache rewrite相关
tcpdump
步骤
1. 下载discuz!
cd /download/
wget -c http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip
mkdir /data/www //放网站根目录
cd /data/www
mv /download/Discuz_X3.2_SC_GBK.zip .
unzip Discuz_X3.2_SC_GBK.zip
mv upload/* . //把upload/目录里面的东西放到www目录,即上一层目录
cd ..
rm -rf Discuz_X3.2_SC_GBK.zip readme/ utility/ upload/ //把无用目录删掉
DiscuzX的包有两种 一种是utf8 一种是gbk:DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip
2. 配置第一个虚拟主机
删除/usr/local/apache2/conf/httpd.conf中的这行前面的井号
#Include conf/extra/httpd-vhosts.conf
vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
默认已经有两个vhost,先删除一个,再配置另一个如下:
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.123.com
</VirtualHost>
示例解释 <VirtualHost *:80> 28 ServerAdmin webmaster@dummy-host.example.com 管理员邮箱 29 DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com" 网站根目录 30 ServerName dummy-host.example.com 域名 31 ServerAlias www.dummy-host.example.com 另一个域名 32 ErrorLog "logs/dummy-host.example.com-error_log" 日志 33 CustomLog "logs/dummy-host.example.com-access_log" common 访问日志 34 </VirtualHost>
测试配置文件是否正常: /usr/local/apache2/bin/apachectl -t
检查/usr/local/apache2/conf/httpd.conf里面是不是Allow from all
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
3. 安装Discuz!
修改Windows机器的hosts文件,将Linux机器的ip跟www.123.com绑定:192.168.11.190 www.123.com
浏览器输入:
www.123.com/install/
根据提示,修改对应目录的权限
cd /data/www
chown -R daemon:daemon data uc_server/data uc_client/data config // 让这几个目录支持apache运行帐号可写
4. 配置mysql,给Discuz!增加一个账户
检查mysql是否已经启动:ps aux |grep mysql
将mysql 加入到PATH环境变量
在/etc/profile加入:export PATH=$PATH:/usr/local/mysql/bin ,然后source一下: source /etc/profile
给root指定一个密码:mysqladmin -uroot password '123456'
给mysql root账户设置密码,然后命令行进入mysql,创建新的库,并创建一个新的帐号对该库有所有权限:
> create database discuz;
> grant all on discuz.* to 'root'@'localhost' identified by '123456';
> quit
5. Discuz设置注意事项
1、论坛里面的验证码要安装php的gd模块
2、管理中心里的install/index.php 要删除
cd /data/www rm -f install/index.php
功能设置
5. 用户认证
http://www.lishiming.net/thread-554-1-1.html
虚拟主机配置文件中,需要加入
<Directory /data/web/test>
AllowOverride AuthConfig
</Directory>
然后在虚拟主机的主目录,即DocumentRoot 目录下
vi /data/web/test/.htaccess
加入
AuthName "frank share web"
AuthType Basic
AuthUserFile /data/web/test/.htpasswd
require valid-user
保存后,然后
创建apache的验证用户
htpasswd -c /data/web/test/.htpasswd test
#第一次创建用户要用到-c 参数 第2次添加用户,就不用-c参数
如果你想修改密码,可以如下
htpasswd -m .htpasswd test2
重启apache,即可。
到此,你已经配置完成。下面介绍另一种方式:
##################################
vi http.conf
在相应的虚拟主机配置文件段,加入
<Directory *> 也可以写虚拟主机目录路径:<Directory /data/web/test>
AllowOverride AuthConfig
AuthName "自定义的"
AuthType Basic
AuthUserFile /data/.htpasswd # 这里的/data/.htpasswd你可以随便写一个路径或名字,没有限制
require valid-user
</Directory>
保存后,然后
创建apache的验证用户
htpasswd -cm /data/.htpasswd test
增加第二个用户的时候,就不要加-c了,因为-c是创建的意思,如果加上会把这个文件重写。
--MD5加密
/usr/local/apache2/bin/htpasswd -cm /data/.htpasswd aming
看一下第35行为什麽报错:vi +35 /usr/local/apache2/conf/extra/httpd-vhosts.conf
操作系统没有GBK编码,用的是utf8
discuz用的GBK版本
修改apache字符集
http://blog.chinaunix.net/uid-23078678-id-2974411.html
修改apache的配置文件httpd.conf
默认为:AddDefaultCharset UTF-8
修改为:AddDefaultCharset GBK2312
然后重启apache生效!
6. 配置域名跳转
/usr/local/apache2/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.domain1.com$
RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
</IfModule>
如果是多个域名,可以这样设置:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.domain.com [OR] //注意www.domain.com [OR] 之间有空格
RewriteCond %{HTTP_HOST} ^www.domain1.com$
RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
</IfModule>
或者: <IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.domain2.com$
RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
</IfModule>
www.a.com跳转到www.1.com
示例
vi /usr/local/apache2/conf/extra/httpd-vhosts.conf //添加
#配置域名跳转 <IfModule mod_rewrite.c> RewriteEngine on //首先把引擎打开 RewriteCond %{HTTP_HOST} ^www.a.com$ //判断条件 域名是www.a.com的时候 RewriteRule ^/(.*)$ http://www.1.com/$1 [R=301,L] //跳转到www.1.com 302暂时跳转 301永久跳转 </IfModule>
7. 配置apache的访问日志
apache访问日志,日志切割,归档 ,防止大文件爆满,有4种log
日志格式
/usr/local/apache2/conf/httpd.conf
<IfModule log_config_module>
243 #
244 # The following directives define some format nicknames for use with
245 # a CustomLog directive (see below).
246 #
247 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
248 LogFormat "%h %l %u %t \"%r\" %>s %b" common
%h 远程主机
%l 远程主机登录名称
%u 认证用户
%t 事件产生时间
%r 请求报文的第一行(方法、资源、版本号)
%>s 最后一个请求对应的状态吗
%b 响应报文的大小
%Referer 从哪个页面来的,比如从百度来的
%user-Agent 客户端浏览器类型
配置日志
/usr/local/apache2/conf/extra/httpd-vhosts.conf
#配置日志
ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/oem.discuz.qq.com-error_%Y%m%d.log 86400" SetEnvIf Request_URI ".*\.gif$" image-request SetEnvIf Request_URI ".*\.jpg$" image-request SetEnvIf Request_URI ".*\.png$" image-request SetEnvIf Request_URI ".*\.bmp$" image-request SetEnvIf Request_URI ".*\.swf$" image-request SetEnvIf Request_URI ".*\.js$" image-request SetEnvIf Request_URI ".*\.css$" image-request CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/oem.discuz.qq.com-access_%Y%m%d.log 86400" combined env=!image-request //不记录图片请求日志
配置完日志后检查语法
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
配置文件中下面这一段的意思是不记录静态文件访问的日志
*********************************
env=!image-request
SetEnvIf Request_URI ".*\.gif$" image-request 正则 .*任意个任意字符 \脱义. gif $结尾的
*********************************
#配置日志 ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/www.123.com-error_%Y%m%d.log 86400" SetEnvIf Request_URI ".*\.gif$" image-request SetEnvIf Request_URI ".*\.jpg$" image-request SetEnvIf Request_URI ".*\.png$" image-request SetEnvIf Request_URI ".*\.bmp$" image-request SetEnvIf Request_URI ".*\.swf$" image-request SetEnvIf Request_URI ".*\.js$" image-request SetEnvIf Request_URI ".*\.css$" image-request CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/www.123.com-access_%Y%m%d.log 86400" combined env=!image-request
8. 配置静态文件缓存(其他类型文件可以到apache官方文档里面去搜)
/usr/local/apache2/conf/extra/httpd-vhosts.conf
# 配置静态文件缓存
<IfModule mod_expires.c> ExpiresActive on ExpiresByType image/gif "access plus 1 days" ExpiresByType image/jpeg "access plus 24 hours" ExpiresByType image/png "access plus 24 hours" ExpiresByType text/css "now plus 2 hour" ExpiresByType application/x-javascript "now plus 2 hours" ExpiresByType application/javascript "now plus 2 hours" ExpiresByType application/x-shockwave-flash "now plus 2 hours" ExpiresDefault "now plus 0 min" </IfModule>
或者使用mod_headers模块实现
<ifmodule mod_headers.c> # htm,html,txt类的文件缓存一个小时 <filesmatch "\.(html|htm|txt)$"> header set cache-control "max-age=3600" </filesmatch> # css, js, swf类的文件缓存一个星期 <filesmatch "\.(css|js|swf)$"> header set cache-control "max-age=604800" </filesmatch> # jpg,gif,jpeg,png,ico,flv,pdf等文件缓存一年 <filesmatch "\.(ico|gif|jpg|jpeg|png|flv|pdf)$"> header set cache-control "max-age=29030400" </filesmatch> </ifmodule>
配置完静态文件缓存后检查语法
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
在网站根目录下创建一个jpg文件进行测试
浏览器
应用
/usr/local/apache2/bin/apachectl -t /usr/local/apache2/bin/apachectl restart touch /data/www/1.jpeg curl -x127.0.0.1:80 www.123.com/1.jpeg -I HTTP/1.1 200 OK Date: Tue, 20 Oct 2015 17:35:41 GMT Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 Last-Modified: Tue, 20 Oct 2015 17:34:51 GMT ETag: "e35a8-0-5228cadd9f7c1" Accept-Ranges: bytes Cache-Control: max-age=86400 Expires: Wed, 21 Oct 2015 17:35:41 GMT Content-Type: image/jpeg
9. 配置防盗链
/usr/local/apache2/conf/extra/httpd-vhosts.conf
SetEnvIfNoCase Referer "^http://.*\.yourdomin\.com" local_ref
SetEnvIfNoCase Referer ".*\.yourdomin\.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
# 配置防盗链 SetEnvIfNoCase Referer "^http://www.1.com" local_ref SetEnvIfNoCase Referer "www.a.com" local_ref SetEnvIfNoCase Referer "www.b.com" local_ref SetEnvIfNoCase Referer "^$" local_ref <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> Order Allow,Deny Allow from env=local_ref //local_ref是配置的别名,允许local_ref配置里面的内容 </filesmatch>
测试
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
curl -e "http://www.baidu.com/sdfsdf" -x127.0.0.1:80 www.1.com/1.txt -I
或者不加-e
curl -x127.0.0.1:80 www.1.com/1.txt -I
可以看vhost的访问日志
应用
# 配置防盗链 53 SetEnvIfNoCase Referer "^http://www.123.com" local_ref 54 SetEnvIfNoCase Referer "^$" local_ref 55 <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> 56 Order Allow,Deny 57 Allow from env=local_ref 58 </filesmatch> ------------------------------------------------------ # touch /data/www/1.txt # curl -e "http://www.baidu.com/sdfsdf" -x127.0.0.1:80 www.123.com/1.txt -I HTTP/1.1 403 Forbidden Date: Tue, 20 Oct 2015 17:45:49 GMT Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 Content-Type: text/html; charset=iso-8859-1 # curl -x127.0.0.1:80 www.123.com/1.txt -I HTTP/1.1 200 OK Date: Tue, 20 Oct 2015 17:46:21 GMT Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 Last-Modified: Tue, 20 Oct 2015 17:45:27 GMT ETag: "e35ae-0-5228cd3cca4c1" Accept-Ranges: bytes Cache-Control: max-age=0 Expires: Tue, 20 Oct 2015 17:46:21 GMT Content-Type: text/plain
马上产生errorlog
# tail www.123.com-error_20151021.log [Wed Oct 21 01:35:23 2015] [error] [client 127.0.0.1] File does not exist: /data/www/1jpeg [Wed Oct 21 01:45:49 2015] [error] [client 127.0.0.1] client denied by server configuration: /data/www/1.txt, referer: http://www.baidu.com/sdfsdf
10. 访问控制(一般用在限制用户登录论坛后台管理页面)
/usr/local/apache2/conf/extra/httpd-vhosts.conf
# 访问控制 <Directory /data/www/admin> //一般只对非常重要的网站后台管理目录做限制 Order deny,allow Deny from all Allow from 127.0.0.1 </Directory>
测试
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl restart
curl -x127.0.0.1:80 www.1.com/1.txt -I
参考文档来源: http://jingyan.baidu.com/article/4b07be3c193d1648b380f3a9.html
<Files ~ "\.insc$">等价于<Filesmatch (.*)php>
1. 禁止访问某些文件/目录
增加Files选项来控制,比如要不允许访问 .inc 扩展名的文件,保护php类库:
<Files ~ "\.insc$">
2. 禁止访问某些指定的目录:(可以用 <DirectoryMatch> 来进行正则匹配)
<Directory ~ "/var/www/(.+)*[0-9]{3}">
当然也可以写目录全局路径
<Directory /var/www/111>
3. 通过文件匹配来进行禁止,比如禁止所有针对图片的访问:
<Filesmatch (.*)php>
4. 针对URL相对路径的禁止访问
<Location /dir/>
<Directory /data/www/admin>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
针对请求的uri去限制
<filesmatch "(.*)admin(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
某个目录下禁止解析php
<Directory /data/www/path>
php_admin_flag engine off
<filesmatch "(.*)php">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
</Directory>
主配置文件里有这麽一段:/usr/local/apache2/conf/httpd.conf
找了半天终于找到了问题的根源,其实是配置对了,只是我们访问的有点问题。
我们访问的地址是1.txt ,而在配置文件中我们有配置一段防盗链
针对1.txt referer是空或者是1.com 都会直接允许访问,问题就在这里。当我再次访问 forum.php的时候 效果达到了。
应用
<Directory /data/www> //只对网站后台管理页面进行控制 <filesmatch "admin.php"> Order deny,allow Deny from all Allow from 127.0.0.1 </filesmatch> </Directory>
匹配
http://www.1.com/admin/admin.phpsdfsdfsdf
http://www.1.com/admin.phpwerewrwerwer
http://www.1.com/ewfwewefadmin.phpwerewrwerwer
<Directory /data/www/admin.php> Order deny,allow Deny from all Allow from 127.0.0.1 </Directory>
匹配
http://www.1.com/admin.php
#某个目录下禁止解析php <Directory /data/www/uc_server> php_admin_flag engine off <filesmatch "(.*)php"> Order deny,allow Deny from all </filesmatch> </Directory>
应用
<Directory /data/www>
<filesmatch "admin.php">
Order deny,allow
Deny from all
Allow from 192.168.0.100
Allow from 192.168.0.101
</filesmatch>
</Directory>
非上面两个ip的都不行
11. apache rewrite相关
RewriteCond 重写条件
RewriteRule 重写规则
[R=302]临时跳转 rewrite
[R=301]永久跳转 rewrite
伪静态就是你访问一个动态页面的时候URL是一串动态的字符,而配置了伪静态之后URL变为静态,跟rewrite域名跳转不一样
apache 限制指定user_agent http://www.lishiming.net/thread-1033-1-1.html
apache 限制某些目录不能访问通过rewrite实现 http://www.lishiming.net/thread-3587-1-1.html
apache rewrite 出现死循环 http://www.lishiming.net/thread-1043-1-1.html
apache rewrite 出现死循环
网站夜间升级 ,全部页面跳转到网站公告页面
除了公告页面不跳转,否则会出现死循环,公告页面跳入公告页面
discuz伪静态配置:
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/topic-(.+)\.html$ /portal.php?mod=topic&topic=$1&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/article-([0-9]+)-([0-9]+)\.html$ /portal.php?mod=view&aid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/forum-(\w+)-([0-9]+)\.html$ /forum.php?mod=forumdisplay&fid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ /forum.php?mod=viewthread&tid=$1&extra=page\%3D$3&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/group-([0-9]+)-([0-9]+)\.html$ /forum.php?mod=group&fid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/space-(username|uid)-(.+)\.html$ /home.php?mod=space&$1=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/blog-([0-9]+)-([0-9]+)\.html$ /home.php?mod=space&uid=$1&do=blog&id=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/archiver/(fid|tid)-([0-9]+)\.html$ /archiver/index.php?action=$1&value=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ /plugin.php?id=$1:$2&%1
应用
将下面的代码放在域名跳转下面
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/topic-(.+)\.html$ /portal.php?mod=topic&topic=$1&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/article-([0-9]+)-([0-9]+)\.html$ /portal.php?mod=view&aid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/forum-(\w+)-([0-9]+)\.html$ /forum.php?mod=forumdisplay&fid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ /forum.php?mod=viewthread&tid=$1&extra=page\%3D$3&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/group-([0-9]+)-([0-9]+)\.html$ /forum.php?mod=group&fid=$1&page=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/space-(username|uid)-(.+)\.html$ /home.php?mod=space&$1=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/blog-([0-9]+)-([0-9]+)\.html$ /home.php?mod=space&uid=$1&do=blog&id=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/archiver/(fid|tid)-([0-9]+)\.html$ /archiver/index.php?action=$1&value=$2&%1
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ /plugin.php?id=$1:$2&%1
vhost下面加功能
多个vhost对应多个端口
# 19 NameVirtualHost *:80 //多个vhost写多个端口 20 NameVirtualHost *:8080 21 # 22 # VirtualHost example: 23 # Almost any Apache directive may go into a VirtualHost container. 24 # The first VirtualHost section is used for all requests that do not 25 # match a ServerName or ServerAlias in any <VirtualHost> block. 26 # 27 <VirtualHost *:80> 28 ServerAdmin webmaster@dummy-host.example.com 29 DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com" 30 ServerName dummy-host.example.com 31 ServerAlias www.dummy-host.example.com 32 ErrorLog "logs/dummy-host.example.com-error_log" 33 CustomLog "logs/dummy-host.example.com-access_log" common 34 </VirtualHost> 35 36 <VirtualHost *:80> 37 ServerAdmin webmaster@dummy-host2.example.com 38 DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com" 39 ServerName dummy-host2.example.com
curl的浏览器标识 user-agent
http://www.jbxue.com/article/10287.html
今天学习使用apache系统自带的rotatelogs工具对日志进行截断处理。
一,修改文件httpd.conf
注意:以下日志文件存储路径均为绝对路径。
复制代码 代码示例:
CustomLog "logs/access.log" common 原来的样子
ErrorLog "logs/error.log"原来的样子
CustomLog "|bin/rotatelogs /var/logs/logfile 86400" common 修改后的样子
CustomLog "|bin/rotatelogs /var/logs/logfile 5M" common 修改后的样子
ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M"
二,重启apache服务,在指定的日志目录中验证。
三:语法分析
rotatelogs [ -l ] logfile [ rotationtime [ offset ]] | [ filesizeM ]
该命令其实只有两种选项用以对日志文件logfile进行操作。且必须选择其中一种方式。
第一种,rotationtime
日志文件以秒为单位滚动
第二种, filesizeM
指定以filesizeM文件大小滚动,而不是按照时间或时差滚动
举例:ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M"
此配置会在错误日志大小增长到5兆字节时滚动该日志,日志文件名后缀会按照如下格式创建:errorlog.YYYY-mm-dd-HH_MM_SS 。
选项 -l 和offset都是和时区相关的。
四:文件名称格式
errorlog.%Y-%m-%d-%H_%M_%S-------------------errorlog.YYYY-mm-dd-HH_MM_SS
%A 星期名全称(本地的)
%a 3个字符的星期名(本地的)
%B 月份名的全称(本地的)
%b 3个字符的月份名(本地的)
%c 日期和时间(本地的)
%d 2位数的一个月中的日期数
%H 2位数的小时数(24小时制)
%I 2位数的小时数(12小时制)
%j 3位数的一年中的日期数
%M 2位数的分钟数
%m 2位数的月份数
%p am/pm12小时制的上下午(本地的)
%S 2位数的秒数
%U 2位数的一年中的星期数(星期天为一周的第一天)
%W 2位数的一年中的星期数(星期一为一周的第一天)
%w 1位数的星期几(星期天为一周的第一天)
%X 时间(本地的)
%x 日期(本地的)
%Y 4位数的年份
%y 2位数的年份
%Z 时区名
%% 符号"%"本身
接下来介绍,按日期生成apache日志文件及限制apache日志文件大小的方法。
需要用到apache自带的rotatelogs小工具
语法如下:
rotatelogs [ -l ] logfile [ rotationtime [ offset ]] | [ filesizeM ]
参数解释:
-l :使用本地时间代替GMT时间作为时间基准。注意:在一个改变GMT偏移量(比如夏令时)的环境中使用-l会导致不可预料的结果。
logfile:它加上基准名就是日志文件名。如果logfile中包含"%",则它会被视为用于strftime()的格式字符串;否则它会被自动加上以秒为单位的".nnnnnnnnnn"后缀。
这两种格式都表示新的日志开始使用的时间。
rotationtime :日志文件滚动的以秒为单位的间隔时间。
offset :相对于UTC的时差的分钟数。如果省略,则假定为"0"并使用UTC时间。比如,要指定UTC时差为"-5小时"的地区的当地时间,则此参数
应为"-300"。
filesizeM :指定以filesizeM文件大小滚动,而不是按照时间或时差滚动。
例子:
1、按时间滚动日志文件:
错误日志:
ErrorLog "|/data/apache/bin/rotatelogs 日志存放目录/%Y%m%d_error.log 86400 480"
访问日志:
CustomLog "|/data/apache/bin/rotatelogs 日志存放目录/%Y%m%d_access.log 86400 480" common
其中:
/data/apache:为apache的安装目录,根据自己实际情况确定;
86400:秒,24小时,表示生成的日志文件按天滚动,也就是每天生成一个日志文件;
480:分,时间偏移。
同理可以按小时滚动日志文件,每隔一个小时,几个小时。。。生成一个日志文件。
扩展:可以写个脚本定时删除日志文件,只保留几天的日志,如果网站访问量比较大,一天会生成几十上百M甚至更大的日志文件,既占硬盘又影响服务器性能。
2、按大小滚动日志文件:
错误日志:
ErrorLog "|/data/apache/bin/rotatelogs -l 日志存放目录/%Y%m%d_error.log 5M"
访问日志:
CustomLog "|/data/apache/bin/rotatelogs -l 日志存放目录/%Y%m%d_access.log 5M" common
当日志文件达到5M时,滚动该日志文件。
另外,说下apache日志管理的相关知识。
web服务器日志滚动的方法,常用的有如下三种:
1,利用Linux系统自身的日志文件轮循机制:logrotate;
2,利用apache自带的日志轮循程序rotatelogs;
3,使用在apache的FAQ中推荐发展已经比较成熟的一个日志轮循工具cronolog。
这里介绍下apache自带的日志滚动程序rotatelogs,并用shell脚本定期删除日志文件,只保留近3天的文件,以免日志文件占满磁盘空间。
修改apache服务器的主配置文件httpd.conf,找到以下内容,并修改成:
ErrorLog /var/log/httpd/error_log CustomLog "|/usr/local/apache2/bin/rotatelogs /var/log/httpd/access_log 86400 400M" combined
86400 ---日志滚动的时间是一天
400---日志文件最大400M就滚动
combined ---采用复合格式
然后,建立清除日志文件的shell脚本,文件名为clean_log
#! /bin/bash logdir=/var/log/httpd cd ${logdir} declare -i filesum=`ls access_log.* | wc -l` declare -i delnum=$filesum-3 if [ "${delnum}" -ge 1 ];then rm -rf `ls -tr access_log.* | head -${delnum}` fi
#加上执行权限
chmod 755 clean_log
保留最近3天的日志文件。
创建自动化任务:
01 04 * * * /usr/local/crontab/clean_log
PHP的扩展库
GD图片处理库
修改目录权限
根据提示,修改对应目录的权限
cd /data/www
chown -R daemon:daemon data uc_server/data uc_client/data config // 让这几个目录支持apache运行帐号可写
配置开机启动apache
echo '/usr/local/apache2/bin/apachectl start'>>/etc/rc.local
注意:不能使用/etc/init.d/httpd的方式!
还有虚拟机安装了两个httpd,一个rpm版本,一个编译安装版,导致修改了vhosts配置文件之后,执行apachectl -restart的时候新修改的内容不生效
解决办法是删除rpm版本的httpd
rpm -qa |grep httpd
rpm -e httpd-2.2.15-39.el6.centos.x86_64
rpm -qa |grep httpd
http://www.apelearn.com/bbs/thread-9146-1-1.html
编译安装安装方式不支持将apachectl放入/etc/init.d/httpd
RPM包方式才支持将apachectl放入/etc/init.d/httpd
tcpdump抓包
tcpdump -nn -i eth1 -s 0 host 192.168.0.100 and dst port 80 and dst 192.168.0.106 //因为只显示目标端口和目标ip所以单向
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
06:44:35.903095 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [S], seq 1723280863, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
06:44:35.905358 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 3341746770, win 16425, length 0
06:44:35.905378 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [P.], seq 0:1163, ack 1, win 16425, length 1163
06:44:35.967826 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 2921, win 16425, length 0
06:44:35.968025 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 5841, win 16425, length 0
06:44:35.968165 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 8761, win 16425, length 0
06:44:35.968295 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 11681, win 16425, length 0
06:44:35.968466 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 14601, win 16425, length 0
06:44:35.968693 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [.], ack 16254, win 16425, length 0
06:44:36.016064 IP 192.168.0.100.61934 > 192.168.0.106.80: Flags [P.], seq 1163:2416, ack 16259, win 16423, length 1253
点击一下默认板块产生很多包
# tcpdump -nn -i eth1 -s 0 tcp and port 80 and host 192.168.0.100 and host 192.168.0.106 //指定了端口一般也要指定协议 因为两个都是host所以会显示双向
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
06:55:33.624605 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [S], seq 1337810073, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
06:55:33.624658 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [S.], seq 3180963847, ack 1337810074, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
06:55:33.625110 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 1, win 16425, length 0
06:55:33.625122 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [P.], seq 1:1149, ack 1, win 16425, length 1148
06:55:33.625162 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], ack 1149, win 264, length 0
06:55:33.684537 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 1:2921, ack 1149, win 264, length 2920
06:55:33.684796 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 2921, win 16425, length 0
06:55:33.684886 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 2921:5841, ack 1149, win 264, length 2920
06:55:33.685506 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 5841, win 16425, length 0
06:55:33.685576 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 5841:8761, ack 1149, win 264, length 2920
06:55:33.685782 IP 192.168.0.100.62324 > 192.168.0.106.80: Flags [.], ack 8761, win 16425, length 0
06:55:33.687586 IP 192.168.0.106.80 > 192.168.0.100.62324: Flags [.], seq 8761:11681, ack 1149, win 264, length 2920
httpd的访问日志
C:\Users\Name\Desktop\apache 2015-10-26 logs\access_log 127.0.0.1 - - [12/Oct/2015:13:35:03 +0800] "GET /1.php HTTP/1.1" 200 26 192.168.0.101 - - [12/Oct/2015:13:35:43 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.0.101 - - [12/Oct/2015:13:35:44 +0800] "GET /1.php HTTP/1.1" 200 26 192.168.0.101 - - [12/Oct/2015:13:35:44 +0800] "GET /1.php HTTP/1.1" 200 26 127.0.0.1 - - [12/Oct/2015:13:38:53 +0800] "GET /1.php HTTP/1.1" 200 51497 192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php HTTP/1.1" 200 52807 192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2524 192.168.0.101 - - [12/Oct/2015:13:39:01 +0800] "GET /1.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2146 192.168.0.101 - - [12/Oct/2015:13:39:02 +0800] "GET /favicon.ico HTTP/1.1" 404 209 127.0.0.1 - - [12/Oct/2015:13:39:18 +0800] "OPTIONS * HTTP/1.0" 200 - 127.0.0.1 - - [12/Oct/2015:13:39:19 +0800] "OPTIONS * HTTP/1.0" 200 - 192.168.0.101 - - [21/Oct/2015:00:13:53 +0800] "GET /install/ HTTP/1.1" 200 7268 192.168.0.101 - - [21/Oct/2015:00:13:54 +0800] "GET /install/images/bg_footer.gif HTTP/1.1" 200 116 192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/index.php?step=1&uchidden=&submit=%CE%D2%CD%AC%D2%E2 HTTP/1.1" 200 5723 192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/images/bg_stepstatus.gif HTTP/1.1" 200 259 192.168.0.101 - - [21/Oct/2015:00:14:03 +0800] "GET /install/images/stepnum.gif HTTP/1.1" 200 2632 127.0.0.1 - - [21/Oct/2015:00:14:11 +0800] "OPTIONS * HTTP/1.0" 200 - 127.0.0.1 - - [21/Oct/2015:00:14:12 +0800] "OPTIONS * HTTP/1.0" 200 - 192.168.0.101 - - [21/Oct/2015:00:15:19 +0800] "POST /install/index.php HTTP/1.1" 200 3455 192.168.0.101 - - [21/Oct/2015:00:15:25 +0800] "POST /install/index.php HTTP/1.1" 302 - 192.168.0.101 - - [21/Oct/2015:00:15:25 +0800] "GET /install/index.php?step=3&install_ucenter=yes HTTP/1.1" 200 3524 192.168.0.101 - - [21/Oct/2015:00:18:46 +0800] "-" 408 - 127.0.0.1 - - [21/Oct/2015:00:18:46 +0800] "OPTIONS * HTTP/1.0" 200 - 192.168.0.101 - - [21/Oct/2015:00:25:32 +0800] "POST /install/index.php HTTP/1.1" 200 32719 192.168.0.101 - - [21/Oct/2015:00:25:39 +0800] "GET /misc.php?mod=initsys HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:25:46 +0800] "GET /install/index.php?method=ext_info HTTP/1.1" 200 1267 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET / HTTP/1.1" 301 - 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /forum.php HTTP/1.1" 200 12593 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_forum_index.css?pss HTTP/1.1" 200 3665 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_common.css?pss HTTP/1.1" 200 69562 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /data/cache/style_1_widthauto.css?pss HTTP/1.1" 200 1483 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/common.js?pss HTTP/1.1" 200 63289 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/forum.js?pss HTTP/1.1" 200 22720 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/js/logging.js?pss HTTP/1.1" 200 603 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/search.png HTTP/1.1" 200 1301 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/nv.png HTTP/1.1" 200 1939 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/nv_a.png HTTP/1.1" 200 2076 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358368 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:26:08 +0800] "GET /static/image/common/scrolltop.png HTTP/1.1" 200 1383 127.0.0.1 - - [21/Oct/2015:00:26:16 +0800] "OPTIONS * HTTP/1.0" 200 - 192.168.0.101 - - [21/Oct/2015:00:26:29 +0800] "GET /static/js/ajax.js?pss HTTP/1.1" 200 7835 192.168.0.101 - - [21/Oct/2015:00:26:29 +0800] "POST /member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1 HTTP/1.1" 200 396 192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /member.php?mod=logging&action=login&auth=29daT789VZ8C8zjE0ImpSpwPwzApkK2NKDrzbc6qlNvfyAN112%2FCRomzwA&referer=http%3A%2F%2Fwww.123.com%2Fforum.php&infloat=yes&handlekey=login&inajax=1&ajaxtarget=fwin_content_login HTTP/1.1" 200 3747 192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/js/common_extra.js?pss HTTP/1.1" 200 46875 192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/cls.gif HTTP/1.1" 200 526 192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/right.gif HTTP/1.1" 200 678 192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSAnX92XB&0.24064634722004718&modid=member::logging HTTP/1.1" 200 1528 192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /static/image/common/none.gif HTTP/1.1" 200 43 192.168.0.101 - - [21/Oct/2015:00:26:30 +0800] "GET /misc.php?mod=seccode&update=40780&idhash=cSAnX92XB HTTP/1.1" 200 158 192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /static/image/common/loading.gif HTTP/1.1" 200 875 192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=member::logging&idhash=cSAnX92XB&secverify=ctcj HTTP/1.1" 200 70 192.168.0.101 - - [21/Oct/2015:00:26:36 +0800] "GET /static/image/common/check_right.gif HTTP/1.1" 200 296 00 - 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/refresh.png HTTP/1.1" 200 1074 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358408 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /data/cache/common_smilies_var.js?pss HTTP/1.1" 200 3400 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358408 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765216946 HTTP/1.1" 200 13536 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSLszz2X&0.721008357087331&modid=forum::forumdisplay HTTP/1.1" 200 1519 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/shutup.gif HTTP/1.1" 200 2500 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/sleepy.gif HTTP/1.1" 200 2375 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/hug.gif HTTP/1.1" 200 1054 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/victory.gif HTTP/1.1" 200 1275 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/time.gif HTTP/1.1" 200 687 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/kiss.gif HTTP/1.1" 200 987 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/handshake.gif HTTP/1.1" 200 1322 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/smiley/default/call.gif HTTP/1.1" 200 603 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358408 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/folder_new.gif HTTP/1.1" 200 235 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /static/image/common/pollsmall.gif HTTP/1.1" 200 600 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=seccode&update=62355&idhash=cSLszz2X HTTP/1.1" 200 158 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.15455305205052006&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63 192.168.0.101 - - [21/Oct/2015:00:26:50 +0800] "GET /static/image/common/uploadbutton_small.png HTTP/1.1" 200 690 192.168.0.101 - - [21/Oct/2015:00:26:49 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /data/cache/style_1_forum_post.css?pss HTTP/1.1" 200 7059 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line5.png HTTP/1.1" 200 528 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/0.gif HTTP/1.1" 200 1013 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line4.png HTTP/1.1" 200 133 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line1.png HTTP/1.1" 200 164 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line9.png HTTP/1.1" 200 187 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/5.gif HTTP/1.1" 200 1602 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line2.png HTTP/1.1" 200 711 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/line7.png HTTP/1.1" 200 365 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/hrline/2.gif HTTP/1.1" 200 3343 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?css=1_wysiwyg&pss HTTP/1.1" 200 559 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /data/cache/style_1_forum_calendar.css?pss HTTP/1.1" 200 1161 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358410 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358410 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765219307 HTTP/1.1" 200 13536 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765219353 HTTP/1.1" 200 13536 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358410 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSaG588y&0.2836799351813733&modid=forum::post HTTP/1.1" 200 1503 192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.9286310464287497&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63 192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=seccode&update=42232&idhash=cSaG588y HTTP/1.1" 200 158 192.168.0.101 - - [21/Oct/2015:00:26:51 +0800] "GET /forum.php?mod=relatekw&subjectenc=&messageenc=&inajax=1&ajaxtarget=tagselect HTTP/1.1" 200 63 192.168.0.101 - - [21/Oct/2015:00:26:52 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63 192.168.0.101 - - [21/Oct/2015:00:26:57 +0800] "GET /forum.php?mod=relatekw&subjectenc=test&messageenc=&inajax=1&ajaxtarget=tagselect HTTP/1.1" 200 63 192.168.0.101 - - [21/Oct/2015:00:27:04 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=forum::post&idhash=cSaG588y&secverify=cj6j HTTP/1.1" 200 70 192.168.0.101 - - [21/Oct/2015:00:27:06 +0800] "GET /misc.php?mod=seccode&action=check&inajax=1&modid=forum::post&idhash=cSaG588y&secverify=cj6j HTTP/1.1" 200 70 127.0.0.1 - - [21/Oct/2015:00:27:13 +0800] "OPTIONS * HTTP/1.0" 200 - 192.168.0.101 - - [21/Oct/2015:00:27:25 +0800] "POST /forum.php?mod=post&action=newthread&fid=2&extra=&topicsubmit=yes HTTP/1.1" 301 - 192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /static/image/common/uploadbutton.png HTTP/1.1" 200 1391 192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /static/image/common/uploadbutton.png HTTP/1.1" 200 1391 192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /forum.php?mod=viewthread&tid=1&extra= HTTP/1.1" 200 32905 192.168.0.101 - - [21/Oct/2015:00:27:26 +0800] "GET /data/cache/style_1_forum_viewthread.css?pss HTTP/1.1" 200 46079 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /static/image/common/fastreply.gif HTTP/1.1" 200 608 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /static/image/common/swfupload.swf?preventswfcaching=1445765254727 HTTP/1.1" 200 13536 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /home.php?mod=misc&ac=sendmail&rand=1445358446 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=seccode&action=update&idhash=cSUsRRzX&0.7534482570377987&modid=forum::viewthread HTTP/1.1" 200 1515 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /home.php?mod=spacecp&ac=pm&op=checknewpm&rand=1445358446 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=checkpatch&rand=1445358446 HTTP/1.1" 200 - 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=seccode&update=24492&idhash=cSUsRRzX HTTP/1.1" 200 158 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=ipnotice&_r=0.2202783499608713&inajax=1&ajaxtarget=ip_notice HTTP/1.1" 200 63 192.168.0.101 - - [21/Oct/2015:00:27:27 +0800] "GET /misc.php?mod=patch&action=pluginnotice&inajax=1&ajaxtarget=plugin_notice HTTP/1.1" 200 63 127.0.0.1 - - [21/Oct/2015:00:27:35 +0800] "OPTIONS * HTTP/1.0" 200 - 192.168.0.101 - - [21/Oct/2015:00:31:40 +0800] "GET /admin.php HTTP/1.1" 200 2568 192.168.0.101 - - [21/Oct/2015:00:31:40 +0800] "GET /static/image/admincp/admincp.css HTTP/1.1" 200 33246 192.168.0.101 - - [21/Oct/2015:00:31:41 +0800] "GET /static/image/admincp/bg_login.gif HTTP/1.1" 200 475 192.168.0.101 - - [21/Oct/2015:00:31:41 +0800] "GET /static/image/admincp/login_title.gif HTTP/1.1" 200 3121 192.168.0.101 - - [21/Oct/2015:00:31:46 +0800] "POST /admin.php? HTTP/1.1" 302 - 192.168.0.101 - - [21/Oct/2015:00:31:46 +0800] "GET /admin.php? HTTP/1.1" 200 37555 192.168.0.101 - - [21/Oct/2015:00:31:47 +0800] "GET /static/image/admincp/admincp.css?pss HTTP/1.1" 200 33246 192.168.0.101
httpd的错误日志
C:\Users\Name\Desktop\apache 2015-10-26 logs\error_log [Mon Oct 12 13:02:20 2015] [notice] Digest: generating secret for digest authentication ... [Mon Oct 12 13:02:20 2015] [notice] Digest: done [Mon Oct 12 13:02:20 2015] [notice] Apache/2.2.27 (Unix) DAV/2 configured -- resuming normal operations [Mon Oct 12 13:33:01 2015] [notice] SIGHUP received. Attempting to restart [Mon Oct 12 13:33:01 2015] [notice] Digest: generating secret for digest authentication ... [Mon Oct 12 13:33:01 2015] [notice] Digest: done [Mon Oct 12 13:33:01 2015] [notice] Apache/2.2.27 (Unix) DAV/2 configured -- resuming normal operations [Mon Oct 12 13:35:43 2015] [error] [client 192.168.0.101] File does not exist: /usr/local/apache2/htdocs/favicon.ico [Mon Oct 12 13:37:05 2015] [notice] SIGHUP received. Attempting to restart [Mon Oct 12 13:37:05 2015] [notice] Digest: generating secret for digest authentication ... [Mon Oct 12 13:37:05 2015] [notice] Digest: done [Mon Oct 12 13:37:05 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations [Mon Oct 12 13:38:23 2015] [notice] caught SIGTERM, shutting down [Mon Oct 12 13:38:27 2015] [notice] Digest: generating secret for digest authentication ... [Mon Oct 12 13:38:27 2015] [notice] Digest: done [Mon Oct 12 13:38:27 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations [Mon Oct 12 13:38:53 2015] [error] [client 127.0.0.1] PHP Warning: phpinfo() [<a href='function.phpinfo'>function.phpinfo</a>]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /usr/local/apache2/htdocs/1.php on line 3 [Mon Oct 12 13:39:01 2015] [error] [client 192.168.0.101] PHP Warning: phpinfo() [<a href='function.phpinfo'>function.phpinfo</a>]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Chongqing' for 'CST/8.0/no DST' instead in /usr/local/apache2/htdocs/1.php on line 3 [Mon Oct 12 13:39:02 2015] [error] [client 192.168.0.101] File does not exist: /usr/local/apache2/htdocs/favicon.ico [Mon Oct 12 13:43:21 2015] [notice] caught SIGTERM, shutting down [Wed Oct 21 00:13:39 2015] [notice] Digest: generating secret for digest authentication ... [Wed Oct 21 00:13:39 2015] [notice] Digest: done [Wed Oct 21 00:13:39 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations [Wed Oct 21 00:26:51 2015] [error] [client 192.168.0.101] File does not exist: /data/www/static/js/common_postimg.js, referer: http://www.123.com/forum.php?mod=post&action=newthread&fid=2 [Wed Oct 21 01:24:54 2015] [notice] SIGHUP received. Attempting to restart [Wed Oct 21 01:24:54 2015] [notice] Digest: generating secret for digest authentication ... [Wed Oct 21 01:24:54 2015] [notice] Digest: done [Wed Oct 21 01:24:54 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations [Wed Oct 21 01:34:30 2015] [notice] SIGHUP received. Attempting to restart [Wed Oct 21 01:34:30 2015] [notice] Digest: generating secret for digest authentication ... [Wed Oct 21 01:34:30 2015] [notice] Digest: done [Wed Oct 21 01:34:30 2015] [notice] Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 configured -- resuming normal operations [Wed Oct 21 01:44:44 2015] [notice] SIGHUP received. Attempting to restart [Wed Oct 21 01:44:44 2015] [notice] Digest: generating secret for digest authentication ...
vhosts访问日志
C:\Users\Name\Desktop\apache 2015-10-26 logs\www.123.com-access_20151021.log 192.168.0.122 - - [21/Oct/2015:02:12:18 +0800] "GET /admin.php HTTP/1.1" 403 211 "http://www.123.com/forum.php?mod=viewthread&tid=1&extra=" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)" 192.168.0.122 - - [21/Oct/2015:02:12:18 +0800] "GET /admin.php HTTP/1.1" 403 211 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)"
vhosts错误日志
www.123.com-error_20151021 [Wed Oct 21 01:35:23 2015] [error] [client 127.0.0.1] File does not exist: /data/www/1jpeg [Wed Oct 21 01:45:49 2015] [error] [client 127.0.0.1] client denied by server configuration: /data/www/1.txt, referer: http://www.baidu.com/sdfsdf [Wed Oct 21 02:12:18 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=viewthread&tid=1&extra= [Wed Oct 21 02:12:18 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php [Wed Oct 21 02:12:28 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php [Wed Oct 21 02:12:28 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php [Wed Oct 21 02:13:24 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=viewthread&tid=1&extra=page%3D1 [Wed Oct 21 02:13:24 2015] [error] [client 192.168.0.122] client denied by server configuration: /data/www/admin.php [Wed Oct 21 02:14:48 2015] [error] [client 192.168.0.106] client denied by server configuration: /data/www/admin.php [Wed Oct 21 04:04:35 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php, referer: http://www.123.com/forum.php?mod=forumdisplay&fid=2 [Wed Oct 21 04:04:35 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php [Wed Oct 21 04:04:51 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php [Wed Oct 21 04:04:51 2015] [error] [client 192.168.0.133] client denied by server configuration: /data/www/admin.php
安装centos的时候一定要最小化安装,否则会默认安装上rpm版的apache
rpm -qa |grep httpd ,公司台机不是最小化安装
腾讯云也是已经安装rpm版httpd
扩展阅读
http://zhidao.baidu.com/link?url=wXZsevUwcgavOX6Sc3eBDHlA2ApifsdEvL4wBHYxODCmaK3VIFLFuDMecjhZZuVJPYJVou2zhHtnBRXeKTtRMa
http://www.server110.com/apache/201310/1984.html
/usr/local/apache/bin/apachectl -k start 启动apache服务是 -k 是什么意思呢?请大侠帮助,谢谢!
是源于UNIX的kill命令向运行中的进程发送信号。
apache官方的解释如下:
为了停止或者重新启动Apache ,必须向正在运行的httpd进程发送信号。有两种发送信号的方法。第一种方法是直接使用UNIX的kill命令向运行中的进程发送信号。也许你会注意到你的系统里运行着很多httpd进程。但你不应该直接对它们中的任何一个发送信号,而只要对已经在PidFile中记载下了自身PID的父进程发送信号。也就是说,你不必对父进程以外的任何进程发送信号。你可以向父进程发送三种信号:TERM、HUP、USR1 。
你可以用下面这样的命令来向父进程发送信号:
kill -TERM `cat /usr/local/apache2/logs/httpd.pid`
第二种方法是使用下面将要描述的httpd二进制可执行文件的 -k 命令行选项:stop、restart、graceful、graceful-stop 。
不过推荐你使用apachectl控制脚本来向httpd二进制可执行文件传递这些选项。
当你向httpd发送信号后,你可以这样来读取它的进行过程:
tail -f /usr/local/apache2/logs/error_log
比如--立即停止
使用信号:TERM
apachectl -k stop发送TERM或stop信号到父进程可以使它立刻杀死所有子进程。这将花费一些时间来杀死所有子进程。然后父进程自己也退出。所有进行中的请求将被强行中止,而且不再接受其它请求。
其实在man httpd有这样一个介绍
-k start|restart|graceful|stop|graceful-stop
Signals httpd to start, restart, or stop. See Stopping Apache for more information.
apachectl是Apache HTTP服务器的前端程序。其设计意图是帮助管理员控制Apache httpd后台守护进程。
apachectl脚本有两种操作模式。
1、首先,作为简单的httpd的前端程序,设置所有必要的环境变量,然后启动httpd ,并传递所有的命令行参数。
2、其次,作为SysV初始化脚本,接受简单的一个单词的参数,如:start, restart, stop ,并把他们翻译为适当的信号发送给httpd
。
如果你的Apache安装在非标准的路径中,你将需要修改apachectl脚本使其中的路径正确地指向httpd程序。此外,还可以指定任何必要的httpd命令行参数。细节可以参见脚本中的注解。
apachectl脚本如果执行成功,则返回0 ;如果出错,则其返回值>0 。更多细节可以参见脚本中的注解。
在扮演传递角色时,apachectl可以接受对httpd程序有效的所有参数。
apachectl [ httpd-argument ]
在SysV初始化模式中,apachectl只接受简单的一个单词的命令,如下:
apachectl command
下列仅说明了SysV初始化类型的选项,其他参数的说明见httpd手册页。
start
启动Apache httpd后台守护进程。如果已经启动,则产生一个错误。它等价于 apachectl -k start 。
stop
停止Apache httpd后台守护进程。它等价于 apachectl -k stop 。
restart
重新启动Apache httpd后台守护进程。如果守护进程尚未运行,则启动它。在重新启动守护进程之前,此命令会使用configtest自动检查配置文件,以确保Apache不会死掉。它等价于 apachectl -k restart 。
fullstatus
显示由mod_status提供的完整的状态报告。要使用这个功能,需要启用服务器上的mod_status模块,并且系统中有一个基于文本的浏览器,如lynx 。修改脚本中的STATUSURL变量,可以修改访问状态报告的URL 。
status
显示一个简要的状态报告。它类似于fullstatus选项,但是省略了正在处理的请求的列表。
graceful
优雅地重新启动Apache httpd后台守护进程。如果守护进程尚未启动,则启动它。它和标准重新启动的不同之处在于:不会中断当前已经打开的连接,也不会立即关闭日志。这意味着,如果在日志滚动脚本使用它,则在处理日志之前必须加入一个实实在在的延迟,以确保老的日志文件在被处理前已经关闭。在重新启动守护进程之前,此命令会使用configtest自动检查配置文件,以确保Apache不会死掉。它等价于 apachectl -k graceful 。
graceful-stop
优雅地停止Apache httpd后台守护进程。它和标准停止的不同之处在于:不会中断当前已经打开的连接,也不会立即关闭日志。它等价于 apachectl -k graceful-stop 。
configtest
执行一次配置文件语法检查。它解析配置文件,并报告 Syntax Ok 或者是特定的语法错误详细信息。它等价于 apachectl -t 。
下列选项仅在早期版本中使用,现在已经被废弃了。
startssl
以支持SSL的方式启动httpd ,你应当编辑配置文件,并在其中包含与SSL支持相关的指令,然后使用 apachectl start 启动服务器。
伪静态
http://baike.baidu.com/link?url=I-21EmJmbOmzvK6HuhS1-R39lITINPdgHPeIrSMiuf9PxRcryz8hSWX5E5FzkuZs8qihikAGQUifbQuZGdhOo4PSDZQg4k41dX2Xk6pvXsOHNpbHiaPXpi0pjC9JfMc2
伪静态是相对真实静态来讲的,通常我们为了增强搜索引擎的友好面,都将文章内容生成静态页面,但是有的朋友为了实时的显示一些信息。或者还想运用动态脚本解决一些问题。不能用静态的方式来展示网站内容。但是这就损失了对搜索引擎的友好面。怎么样在两者之间找个中间方法呢,这就产生了伪静态技术。就是展示出来的是以html一类的静态页面形式,但其实是用ASP一类的动态脚本来处理的。
用IIS的404错误处理机制来实现的。这个比rewrite技术要灵活的多。
这样。用户或蜘蛛看到的URL还是他访问的URL.而我们对内容的处理上可以用到了动态技术。这就是我们想要的结果。说得简单了一些。但是基本思路就是这样了。
区别静态
从URL结构以及页面名称看,伪静态和静态页面是一样的。伪静态的页面后缀可以是html htm 或者是目录格式
伪静态只是改变了URL的表现形式,实际上还是动态页面
静态页面可以节省服务器资源,而伪静态严格说是增加服务器资源消耗的
总结,在SEO方面,伪静态和静态页面的功能是相同的,但是伪静态本质上还是动态页面,所以消耗资源是和动态页面一样的,而且因为Rewrite服务器还需要消耗额外的资源。
logstash的角色:shipper和indexer P83
logstash作为无状态的软件,配合消息队列系统,可以做线性扩展,两个消息队列系统:kafka和redis
rsyslog P95
rsyslog从v6版本开始,设计了一套rainerscript作为配置中的DSL
rsyslog从v7版本开始带有omelasticsearch插件可以直接写入数据到elasticsearch集群
rsyslog当前官方稳定版是v8
rpm -qa|grep syslog
rsyslog-5.8.10-10.el6_6.x86_64
f
