nginx日志
nginx自定义配置
nginx日志
- nginx日志可以让我们更好地排除错误以及监控
上图显示错误信息在第二行,此时执行最后一步
日志信息概览
[root@web01 ~]# cat /var/log/nginx/access.log
{"@timestamp":"2022-01-04T16:55:24+08:00","host":"172.16.1.7","service":"nginxTest","trace":"-","log":"log","clientip":"172.16.1.1","remote_user":"-","request":"GET /sounds/stomp.mp3 HTTP/1.1","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","size":555,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"172.16.1.7","url":"/sounds/stomp.mp3","domain":"172.16.1.7","xff":"-","referer":"http://172.16.1.7/","status":"404"}
# nginx中较为重要的两个配置(后面细说 )
$remote_addr : 客户端IP (上一次访问的客户端IP)
$http_x_forwarded_for : 真实的客户端IP(真正的访问IP,在反向代理中生效)
日志配置文件需要注意的点(配图)
Nginx 访问控制模块
- 网站访问限制模块
- ngx_http_access_module
- 如果有人恶意访问网站次数过多,可能会导致网站请求速率降低,而限制访问的作用就是可控制访问
允许或者拒绝某些IP访问
deny : 拒绝
allow :允许
案例1:允许192.168.15.1访问,不允许其他IP访问
allow 192.168.15.1;
deny all;
案例2:允许192.168.15.0这个网段访问,不允许其他网段访问
allow 192.168.15.0/24;
deny all;
案例3:只允许通过VPN来访问
allow 172.16.1.81;
deny all;
