nginx自定義配置
nginx日志
- nginx日志可以讓我們更好地排除錯誤以及監控
上圖顯示錯誤信息在第二行,此時執行最后一步
日志信息概覽
[root@web01 ~]# cat /var/log/nginx/access.log
{"@timestamp":"2022-01-04T16:55:24+08:00","host":"172.16.1.7","service":"nginxTest","trace":"-","log":"log","clientip":"172.16.1.1","remote_user":"-","request":"GET /sounds/stomp.mp3 HTTP/1.1","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","size":555,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"172.16.1.7","url":"/sounds/stomp.mp3","domain":"172.16.1.7","xff":"-","referer":"http://172.16.1.7/","status":"404"}
# nginx中較為重要的兩個配置(后面細說 )
$remote_addr : 客戶端IP (上一次訪問的客戶端IP)
$http_x_forwarded_for : 真實的客戶端IP(真正的訪問IP,在反向代理中生效)
日志配置文件需要注意的點(配圖)
Nginx 訪問控制模塊
- 網站訪問限制模塊
- ngx_http_access_module
- 如果有人惡意訪問網站次數過多,可能會導致網站請求速率降低,而限制訪問的作用就是可控制訪問
允許或者拒絕某些IP訪問
deny : 拒絕
allow :允許
案例1:允許192.168.15.1訪問,不允許其他IP訪問
allow 192.168.15.1;
deny all;
案例2:允許192.168.15.0這個網段訪問,不允許其他網段訪問
allow 192.168.15.0/24;
deny all;
案例3:只允許通過VPN來訪問
allow 172.16.1.81;
deny all;