理论+实验·Apache配置与应用(Apache连接保持,Apache访问控制,Apache日志分割,AWStats分析系统部署及应用)
文章目录
Apache连接保持
Apache连接保持相关参数
KeepAlive
是否打开连接保持, OFF关闭, ON打开
KeepAlive Timeout
一次连接多次请求之间的最大间隔时间,两次请求超过该时间连接断开
MaxKeepAliveRequests
一次长连接能够传输的最大请求数量
Apache访问控制概述
Apache访问控制
作用
控制对网站资源的访问
为特定的网站目录添加访问授权
常用访问控制方式
客户机地址限制
用户授权限制
基于客户端地址的访问控制
使用Require配置项实现访问控制,按先后顺序限制
可用于, 、. 配置段中
Require配置项的常见语法
Require all granted
Require all denied
Require local
Require [not] host <主机名或域名列表>
Require [not] ip <IP地址或网段列表>
#使用not禁止访问时要将其置于 窄器中并在容器中指定相应的限制策略
用户授权限制
创建用户认证数据库
[root@localhost ~]# cd /usr/local/httpd/
[root@localhost httpd]# htpasswd -c /usr/local/httpd/conf/.user jerry ===>新建密码文件;新建使用,再次建用户则不需要
New password:
Re-type new password:
Adding password for user webadmin
[root@localhost httpd]# cat /usr/local/httpd/confl.user ===>确认用户数据库文件
webadmin:$apr1$L53Ws/Y2$3L4xhs4zZKDbJb.9p 1Ng.
添加用户授权配置
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
......
<Directory "/usr/local/httpd/htdocs">
......
AuthName "DocumentRoot" ===>受保护的领域名称
AuthType Basic ===>认证类型
AuthUserFile /etc/httpd/conf/.user ===>用户认证账号文件
Require valid-user ===>要求通过认证才能访问
</Directory>
[root@localhost ~ ]# systemctl restart httpd
实验环境
CentOS 7.6
实验步骤
#安装软件
[root@localhost ~]# yum -y install httpd
#查看是否有htpasswd
[root@localhost ~]# which htpasswd
/usr/bin/htpasswd
#创建密码
[root@localhost httpd]# htpasswd -c /usr/local/httpd/conf/.user jerry
#查看一下密码
[root@localhost httpd]# cat /usr/local/httpd/confl.user
#修改配置文件
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
...... ===>将Require all granted注释掉
AuthName "DocumentRoot" ===>受保护的领域名称
AuthType Basic ===>认证类型
AuthUserFile /etc/httpd/conf/.user ===>用户认证账号文件
Require valid-user ===>要求通过认证才能访问
</Directory>
#启动服务,关闭核心防护,关闭防火墙
[root@localhost httpd]# systemctl start httpd
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
实验结果
日志分割
随着网站的访问量增加,默认情况下Apache的单个日志文件也会越来越大
日志文件占用磁盘空间很大
查看相关信息不方便
对日志文件进行分割
Apache自带rotatelogs分割工具实现
第三方工具cronolog分割
rotatelogs分割工具
配置网站的日志文件转交给rotatelogs分割处理
配置格式
ErrorLog "I rotatelogs命令的绝对路径-日志文件路径/网站名-error_%Y%m%d.log 86400"
......
CustomLog "1 rotatelogs命令的绝对路径-日志文件路径/网站名.access_%Y%m%d.log 86400" combined
#实际生产环境中,一个服务器绝大多数对应N个子域名站点,为了方便统一管理,可以用虚拟主机的方式进行配置,并用网站名标识日志文件
实验环境
CentOS 7.6
利用Apach自带的分割工具进行分割日志
实验步骤
#安装软件包
[root@localhost ~]# yum -y install httpd
#修改配置文件
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
......
ErrorLog "| /usr/sbin/rotatelogs -l logs/www.test.com.error_%Y%m%d.log 86400" ===>修改成功这个
......
CustomLog "| /usr/sbin/rotatelogs -l logs/www.test.com.access_%Y%m%d.log 86400" combined ===>修改成这个
......
Listen 20.0.0.26:80
......
ServerName www.test.com:80
......
#启动服务,关闭核心防护,关闭防火墙
[root@localhost httpd]# systemctl restart httpd
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
实验结果
#进入该目录查看日志
[root@localhost httpd]# ll /var/log/httpd/
总用量 16
-rw-r--r--. 1 root root 11484 8月 5 19:24 www.test.com.access_20200805.log
-rw-r--r--. 1 root root 632 8月 5 19:26 www.test.com.error_20200805.log
第三方工具cronolog
源码编译安装cronolog工具
配置网站日志文件转交给cronolog分割处理
配置格式
ErrorLog "l cronolog命令的绝对路径 日志文件路径/网站名-error-%Y%m%d.log'
......
CustomLog "I cronolog命令的绝对路径 日志文件路径/网站名-%Y%m%d.log" combinec
AWStats日志分析系统介绍
Perl语言开发的一款开源日志分析系统
可用来分析Apache, Samba, Vsftpd, IIS等服务器的访问日志
结合crond等计划任务服务,可对日志内容定期进行分析
实验环境
CentOS 7.6
cronolog rpm包
实验步骤
#安装rpm包
[root@localhost opt]# rpm -ivh cronolog-1.6.2-14.el7.x86_64.rpm
#查看命令的绝对路径写配置文件的时候需要用到
[root@localhost opt]# which cronolog
/usr/sbin/cronolog
#修改配置文件
[root@localhost opt]# vim /etc/httpd/conf/httpd.conf
ErrorLog "| /usr/sbin/cronolog logs/www.test.com.error_%Y%m%d.log"
......
CustomLog "| /usr/sbin/cronolog logs/www.test.com.access_%Y%m%d.log" combined
......
实验结果
[root@localhost httpd]# ll /var/log/httpd
总用量 16
-rw-r--r--. 1 root root 10208 8月 5 19:38 www.test.com.access_20200805.log
-rw-r--r--. 1 root root 2640 8月 5 19:38 www.test.com.error_20200805.log
部署AWStats日志分析系统
安装AWStats软件包
[root@localhost ~]# tar zxf awstats-7.7.tar.gz ===>解压源码包
[root@localhost ~]# mv awstats-7.7 /usr/local/awstats ===>将源码包移动到/usr/local/awstats
为要统计的站点建立配置文件
[root@localhost ~]# cd /usr/local/awstats/tools/
#添加执行权限
[root@localhost tools]# chmod +x awstats_configure.pl
#执行该工具软件
[root@localhost tools]#./awstats-configure.pl
......
Config file path ('none' to skip web server setup):
>/etc/httpd/conf/httpd.conf ===>输入安装httpd的路径
......
Do you want me to build a new AWStats config/profilefile (required if first install) (y/N] ? y ===>输入y
Your web site, virtual server or profile name
>www.test.com ===>输入网页的地址
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf ===>修改配置文件
<lfModule !mpm_prefork_module>
LoadModule cgid_module modules/mod_cgia.so
</fModule>
<lfModule mpm_prefork_module>
LoadModule cgi module modules/mod_cgi.so
<TIModule>
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
Require all granted
</Directory>
修改站点统计配置文件
[root@localhost tools]# vim /etc/awstats/awstats.www.test.com.conf
LogFile="/varllog/httpd/access_log" ===>默认是my.log需要自行修改成自己对应的日志名字
DirData="/var/lib/awstats" ===>本身是没有这个目录的需要自己去创建
......
[root@localhost tools]# mkdir /var/ib/awstats
执行日志分析,并设置cron计划任务
[root@localhost tools]# chmod +x awstats-updateall.pl
[root@localhost tools]#./awstats_updateall.pl now
[root@localhost ~]# crontab-e ===>利用周期性计划任务实现自动化
*/5 * * * */usr/local/awstats/tools/awstats_updateall.pl now
访问AWStats分析系统
查看统计页面
设置网页自动跳转,方便访问
[root@localhost ~]# vim /var/www/html/awb.html
<html>
<head>
<meta http-equiv=refresh content="0;url=http://www.test.com/awstats/awstats.pl?config-www.test.com">
</head>
<body></body>
</html>
实验环境
CentOS 7.6
AWStats 源码包
实验步骤
#解压源码包并安装相关软件
[root@localhost opt]# tar zxvf awstats-7.6.tar.gz
[root@localhost opt]# yum -y install httpd bind
#移动解压好的软件包
[root@localhost opt]# mv awstats-7.6 /usr/local/awstats
[root@localhost opt]# cd /usr/local/awstats/
[root@localhost awstats]# cd tools/
[root@localhost tools]# ./awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 20140126) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
-----> Running OS detected: Linux, BSD or Unix
-----> Check for web server install
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
```
> /etc/httpd/conf/httpd.conf ===>输入配置文件路径
```
-----> Check and complete web server config file '/etc/httpd/conf/httpd.conf'
Add 'Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"'
Add 'Alias /awstatscss "/usr/local/awstats/wwwroot/css/"'
Add 'Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"'
Add 'ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"'
Add '<Directory>' directive
AWStats directives added to Apache config file.
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
File awstats.model.conf updated.
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
```
> www.test.com ===>输入网址
```
```
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>
-----> Create config file '/etc/awstats/awstats.www.test.com.conf'
Config file /etc/awstats/awstats.www.test.com.conf created.
-----> Restart Web server with '/sbin/service httpd restart'
Redirecting to /bin/systemctl restart httpd.service
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.test.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
A SIMPLE config file has been created: /etc/awstats/awstats.www.test.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'www.test.com' with command:
> perl awstats.pl -update -config=www.test.com
> You can also read your statistics for 'www.test.com' with URL:
> http://localhost/awstats/awstats.pl?config=www.test.com
Press ENTER to finish...
```
[root@localhost tools]# vim /etc/httpd/conf/httpd.conf
......
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
#Order allow,deny
#Allow from all
Require all granted
</Directory>
......
[root@localhost tools]# vim /etc/awstats/awstats.www.test.com.conf
......
LogFile="/var/log/httpd/access_log" ===>修改成access_log
......
DirData="/var/lib/awstats" ===>没有这个目录需要自己创建
......
#创建配置文件里面需要的目录
[root@localhost tools]# cd /var/lib
[root@localhost lib]# mkdir awstats
#关闭防火墙,关闭核心防护
[root@localhost httpd]# systemctl stop firewalld
[root@localhost httpd]# setenforce 0
#添加周期性计划任务
[root@localhost httpd]# crontab -e
*/1 * * * * /usr/local/awstats/tools/awstats_updateall.pl now
#优化网页地址
[root@localhost httpd]# cd /var/www/html/
[root@localhost html]# vim logs.html
<html>
<head>
<meta http-equiv=refresh content="0;url=http://20.0.0.26/awstats/awstats.pl?config=www.test.com">
</head>
<body></body>
</html>
实验结果
在Win10 浏览器上输入"http://20.0.0.26/awstats/awstats.pl?config=www.test.com"
做完优化之后可以直接在浏览器上面输入"20.0.0.26/logs.html"