LAMP架构用户认证、域名跳转及访问日志

11月15日任务

11.18 Apache用户认证

11.19/11.20 域名跳转

11.21 Apache访问日志

 

 

apache用户认证

针对目录

先确保主配置文件内开启了虚拟主机服务

[root@localhost ~]# vim /usr/local/apache2.4/conf/httpd.conf
# Virtual hosts
# Include conf/extra/httpd-vhosts.conf 
删除Include行首的#，保存退出

• 编辑虚拟主机配置文件

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把111.com那个虚拟主机编辑成如下内容
<VirtualHost *:80>
    # 指定网页文件存储的根目录
    DocumentRoot "/data/wwwroot/111.com" 
    # 指定服务器的主机名
    ServerName www.111.com  
    # 指定服务器的别名
    ServerAlias www.example.com
    # 指定认证的目录
    <Directory /data/wwwroot/111.com> 
        # 这个相当于打开认证的开关
        AllowOverride AuthConfig 
        # 自定义认证的名字，作用不大
        AuthName "111.com user auth" 
        # 认证的类型，一般为Basic
        AuthType Basic 
        # 指定密码文件所在位置
        AuthUserFile /data/.htpasswd  
        # 指定需要认证的用户为全部可用用户
        require valid-user 
    </Directory>
    # 指定错误日志
    ErrorLog "logs/111.com-error_log"
    # 指定错误日志记录级别
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

• 用户加密 -c 创建 -m md5加密

[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd castiel
# 这里我简单设为了1
New password: 
Re-type new password: 
Adding password for user castiel、

[root@localhost ~]# cat /data/.htpasswd 
castiel:$apr1$iqyfAY.M$zJ12wj68C6BDDIpe41sWQ1

• 验证

# 访问时报401，需要认证
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

# 输入账户密码成功访问，状态码转为200
[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 www.example.com
111.com

[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 www.example.com -I
HTTP/1.1 200 OK
Date: ..., ... 12:58:50 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

针对单个文件的用户认证

同样的需要使用htpasswd创建用户密码文件

• 修改虚拟主机配置文件

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    # 注释掉原先配置认证的目录
    # <Directory /data/wwwroot/111.com>
    # 指定特定的文件123.php
    <FilesMatch 123.php>  
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </FilesMatch>
    # </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

• 验证

# 访问其他网页无需账户密码即可正常登陆
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com
111.com
[root@localhost ~]# curl -x 192.168.65.133:80 www.example.com -I
HTTP/1.1 200 OK
Date: ..., ... 13:01:54 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

# 访问特定的123.php文件时需要认证
[root@localhost ~]# curl -x 192.168.65.133:80 -ucastiel:1 111.com/123.php
123.php
[root@localhost ~]# curl -x 192.168.65.133:80 111.com/123.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

域名跳转（域名重定向）

基本知识介绍

可以通过域名来访问网站，当一个网站的域名更改后，通过对老域名设置域名跳转功能后，将用户跳转到新网址。例如在访问www.123.com时，对于设置了域名跳转的网址，浏览器将自动跳转到新网址www.abc.com。

网站的SEO：搜索引擎会将网络中的域名、网址进行记录，用户通过搜索引擎搜索网址，搜索引擎将以权重从高到低顺序显示，方便用户使用。如果不进行域名跳转，老域名的权重将一直比新域名高，导致无法找到新域名网址。可以通过设置新域名的状态码为301，来降低域名的权重。

如何配置

先在主配置文件内开启rewrite模块

[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
将“#LoadModule rewrite_module modules/mod_rewrite.so”开头的#去掉后保存退出

修改虚拟主机配置文件

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
...
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        
        #定义rewrite的条件，主机名（域名）不是111.com的才满足
        RewriteCond %{HTTP_HOST} !^111.com$ 
        
        # 定义rewrite规则：当满足条件时，设置跳转规则，并定义状态；
        # ^/即DocumentRoot，为该默认虚拟主机的根路径
        # $1代替前面匹配的内容
        # 状态码为301(永久重定向)，L表示跳转结束
        RewriteRule ^/(.*)$ http://111.com/$1 [r=301,L] 
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

修改完成检验后重新加载

[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M | grep rewrite
 rewrite_module (shared)
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful

测试，检验是否跳转

[root@localhost ~]# curl -x 127.0.0.1:80 111.com -I
HTTP/1.1 301 Moved Permanently
Date: ..., ... 11:45:49 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
Location: http://www.111.com/
Content-Type: text/html; charset=iso-8859-1

关于状态码

# 200 允许访问
# 403 禁止访问 配置文件中设置Require all denied
# 404 找不到网页
# 301 永久重定向

访问日志

访问日志记录了用户的每一个请求

• 默认的访问日志

# logs目录下存储的访问日志
[root@localhost ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log

# 简单记录了访问的ip、时间、位置、状态码等信息
[root@localhost ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
192.168.65.133 - - [...:19:25:48 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [...:19:44:37 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 301 227
127.0.0.1 - - [...:19:45:09 +0800] "GET HTTP://111.com/ HTTP/1.1" 301 227
127.0.0.1 - - [...:19:45:49 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 301 -
127.0.0.1 - - [...:19:46:39 +0800] "HEAD HTTP://111.com/index.html HTTP/1.1" 301 -
127.0.0.1 - - [...:19:46:53 +0800] "HEAD HTTP://111.com/index.php HTTP/1.1" 301 -
127.0.0.1 - - [...:19:50:14 +0800] "HEAD HTTP://111.com/index.php HTTP/1.1" 301 -

• 访问日志格式

# 默认使用common那条格式记录日志
[root@localhost ~]# grep -n "LogFormat" /usr/local/apache2.4/conf/httpd.conf
284:    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
285:    LogFormat "%h %l %u %t \"%r\" %>s %b" common
289:      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
# Referer表示网页跳转前所在的网址。

• 修改日志格式

[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [r=301,L]
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    
    # 上述的代码都没有变化
    # 修改common为combined，这个是httpf.conf内设置的FormatLog
    CustomLog "logs/111.com-access_log" combined 
</VirtualHost>

重启服务

[root@localhost logs]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost logs]# /usr/local/apache2.4/bin/apachectl graceful

验证效果

[root@localhost logs]# curl -x 192.168.65.133:80 111.com -I
HTTP/1.1 200 OK
Date: ..., ... 12:46:25 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

# 查看日志格式是否变化
[root@localhost logs]# cat /usr/local/apache2.4/logs/111.com-access_log 
...
192.168.65.133 - - [...:20:46:25 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - "-"