LAMP架構用戶認證、域名跳轉及訪問日誌 原

11月15日任務

11.18 Apache用戶認證

11.19/11.20 域名跳轉

11.21 Apache訪問日誌

 

 

apache用戶認證

針對目錄

先確保主配置文件內開啓了虛擬主機服務

[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf
# Virtual hosts
# Include conf/extra/httpd-vhosts.conf 
刪除Include行首的#，保存退出

• 編輯虛擬主機配置文件

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把111.com那個虛擬主機編輯成如下內容
<VirtualHost *:80>
    # 指定網頁文件存儲的根目錄
    DocumentRoot "/data/wwwroot/111.com" 
    # 指定服務器的主機名
    ServerName www.111.com  
    # 指定服務器的別名
    ServerAlias www.example.com
    # 指定認證的目錄
    <Directory /data/wwwroot/111.com> 
        # 這個相當於打開認證的開關
        AllowOverride AuthConfig 
        # 自定義認證的名字，作用不大
        AuthName "111.com user auth" 
        # 認證的類型，一般爲Basic
        AuthType Basic 
        # 指定密碼文件所在位置
        AuthUserFile /data/.htpasswd  
        # 指定需要認證的用戶爲全部可用用戶
        require valid-user 
    </Directory>
    # 指定錯誤日誌
    ErrorLog "logs/111.com-error_log"
    # 指定錯誤日誌記錄級別
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

• 用戶加密 -c 創建 -m md5加密

[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd castiel
# 這裏我簡單設爲了1
New password: 
Re-type new password: 
Adding password for user castiel、

[root@localhost ~]# cat /data/.htpasswd 
castiel:$apr1$iqyfAY.M$zJ12wj68C6BDDIpe41sWQ1

• 驗證

# 訪問時報401，需要認證
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

# 輸入賬戶密碼成功訪問，狀態碼轉爲200
[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 www.example.com
111.com

[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 www.example.com -I
HTTP/1.1 200 OK
Date: ..., ... 12:58:50 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

針對單個文件的用戶認證

同樣的需要使用htpasswd創建用戶密碼文件

• 修改虛擬主機配置文件

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    # 註釋掉原先配置認證的目錄
    # <Directory /data/wwwroot/111.com>
    # 指定特定的文件123.php
    <FilesMatch 123.php>  
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </FilesMatch>
    # </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

• 驗證

# 訪問其他網頁無需賬戶密碼即可正常登陸
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com
111.com
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com -I
HTTP/1.1 200 OK
Date: ..., ... 13:01:54 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

# 訪問特定的123.php文件時需要認證
[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 111.com/123.php
123.php
[root@localhost ~]# curl -x 192.168.65.133:80 111.com/123.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

域名跳轉（域名重定向）

基本知識介紹

可以通過域名來訪問網站，當一個網站的域名更改後，通過對老域名設置域名跳轉功能後，將用戶跳轉到新網址。例如在訪問www.123.com時，對於設置了域名跳轉的網址，瀏覽器將自動跳轉到新網址www.abc.com。

網站的SEO：搜索引擎會將網絡中的域名、網址進行記錄，用戶通過搜索引擎搜索網址，搜索引擎將以權重從高到低順序顯示，方便用戶使用。如果不進行域名跳轉，老域名的權重將一直比新域名高，導致無法找到新域名網址。可以通過設置新域名的狀態碼爲301，來降低域名的權重。

如何配置

先在主配置文件內開啓rewrite模塊

[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
將“#LoadModule rewrite_module modules/mod_rewrite.so”開頭的#去掉後保存退出

修改虛擬主機配置文件

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
...
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        
        #定義rewrite的條件，主機名（域名）不是111.com的才滿足
        RewriteCond %{HTTP_HOST} !^111.com$ 
        
        # 定義rewrite規則：當滿足條件時，設置跳轉規則，並定義狀態；
        # ^/即DocumentRoot，爲該默認虛擬主機的根路徑
        # $1代替前面匹配的內容
        # 狀態碼爲301(永久重定向)，L表示跳轉結束
        RewriteRule ^/(.*)$ http://111.com/$1 [r=301,L] 
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

修改完成檢驗後重新加載

[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M | grep rewrite
 rewrite_module (shared)
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful

測試，檢驗是否跳轉

[root@localhost ~]# curl -x 127.0.0.1:80 111.com -I
HTTP/1.1 301 Moved Permanently
Date: ..., ... 11:45:49 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
Location: http://www.111.com/
Content-Type: text/html; charset=iso-8859-1

關於狀態碼

# 200 允許訪問
# 403 禁止訪問 配置文件中設置Require all denied
# 404 找不到網頁
# 301 永久重定向

訪問日誌

訪問日誌記錄了用戶的每一個請求

• 默認的訪問日誌

# logs目錄下存儲的訪問日誌
[root@localhost ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log

# 簡單記錄了訪問的ip、時間、位置、狀態碼等信息
[root@localhost ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
192.168.65.133 - - [...:19:25:48 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [...:19:44:37 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 301 227
127.0.0.1 - - [...:19:45:09 +0800] "GET HTTP://111.com/ HTTP/1.1" 301 227
127.0.0.1 - - [...:19:45:49 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 301 -
127.0.0.1 - - [...:19:46:39 +0800] "HEAD HTTP://111.com/index.html HTTP/1.1" 301 -
127.0.0.1 - - [...:19:46:53 +0800] "HEAD HTTP://111.com/index.php HTTP/1.1" 301 -
127.0.0.1 - - [...:19:50:14 +0800] "HEAD HTTP://111.com/index.php HTTP/1.1" 301 -

• 訪問日誌格式

# 默認使用common那條格式記錄日誌
[root@localhost ~]# grep -n "LogFormat" /usr/local/apache2.4/conf/httpd.conf
284:    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
285:    LogFormat "%h %l %u %t \"%r\" %>s %b" common
289:      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
# Referer表示網頁跳轉前所在的網址。

• 修改日誌格式

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [r=301,L]
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    
    # 上述的代碼都沒有變化
    # 修改common爲combined，這個是httpf.conf內設置的FormatLog
    CustomLog "logs/111.com-access_log" combined 
</VirtualHost>

重啓服務

[root@localhost logs]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost logs]# /usr/local/apache2.4/bin/apachectl graceful

驗證效果

[root@localhost logs]# curl -x 192.168.65.133:80 111.com -I
HTTP/1.1 200 OK
Date: ..., ... 12:46:25 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

# 查看日誌格式是否變化
[root@localhost logs]# cat /usr/local/apache2.4/logs/111.com-access_log 
...
192.168.65.133 - - [...:20:46:25 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - "-"