Nginx核心知识100讲学习笔记（陶辉）：初始Nginx（二）

一 、Acess 日志演示

1、实现代码

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status [$request_length:$bytes_sent] "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
......
server {
......

access_log logs/access.log main;

location / {
alias dlib/;
autoindex on;
set $limit_rate 1k;
}

2、查看日志

192.168.0.109 - - [01/Mar/2020:17:57:57 +0800] "GET /dlib.js HTTP/1.1" 304 [397:180] "http://192.168.0.123:8080/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.5 Safari/537.36" "-"
192.168.0.109 - - [01/Mar/2020:17:57:58 +0800] "GET /dlib.css HTTP/1.1" 304 [416:181] "http://192.168.0.123:8080/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.5 Safari/537.36" "-"
192.168.0.109 - - [01/Mar/2020:17:57:58 +0800] "GET /dlib-logo.png HTTP/1.1" 304 [442:181] "http://192.168.0.123:8080/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.5 Safari/537.36" "-"
192.168.0.1

二、用nginx搭建一个具备缓存功能的反向代理

1、nginx web 服务正常

1、nginx web配置如下：

[root@nginx conf]# 
[root@nginx conf]# ifconfig eth0|awk 'NR==2 {print $2}'
192.168.118.155

cat nginx.conf
server {
listen 8080;
server_name www.luoahong.com;

#charset koi8-r;

access_log logs/access.log main;

location / {
alias dlib/;
autoindex on;
set $limit_rate 1k;
}

location /report.html {
alias /usr/local/nginx/html/report.html;
}
[root@nginx conf]# ../sbin/nginx
[root@nginx conf]# ps -ef|grep nginx
root 17093 1 0 Mar02 ? 00:00:00 nginx: master process ../sbin/nginx
nobody 17094 17093 0 Mar02 ? 00:00:00 nginx: worker process

2、反向代理OpenResty配置如下：

[root@luoahong conf]# ifconfig eth0|awk 'NR==2 {print $2}'
192.168.118.157
[root@luoahong conf]# cat nginx.conf
......

http {
include mime.types;
......

upstream test {
server 192.168.118.155:8080;
}

server {
listen 80;
server_name www.luoahong.com;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;

proxy_cache my_cache;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 302 1d;
proxy_pass http://test;
} 
location /lua {
default_type text/html;
content_by_lua 'ngx.say("User-Agent: ", ngx.req.get_headers()["User-Agent"])';
}

3、nginx web测试截图

 

 

4、反向代理测试截图

2、nginx web 服务异常

1、关闭nginx web服务

[root@nginx conf]# ../sbin/nginx -s stop
[root@nginx conf]# ps -ef|grep nginx
root 19104 9461 0 09:32 pts/0 00:00:00 grep --color=auto nginx

2、nginx web访问测试截图

3、服务依然正常访问

三、用 GoAccess 实现可视化并实时监控 access 日志

1、安装依赖包

yum install -y GeoIP-devel.x86_64 ncurses-devel

2、安装GeoIP

tar -xzvf GeoIP-1.6.11.tar.gz
cd GeoIP-1.6.11
./configure
make && make install

3、安装go access

wget https://tar.goaccess.io/goaccess-1.3.tar.gz
tar -xzvf goaccess-1.3.tar.gz
cd goaccess-1.3/
./configure --enable-utf8 --enable-geoip=legacy
make && make install

4、配置nginx

location /report.html {
alias /usr/local/nginx/html/report.html;
}

5、运行

goaccess access.log -o /usr/local/nginx/html/report.html --real-time-html --time-format='%H:%M:%S' --date-format='%d/%b/%Y' --log-format=COMBINED

6、浏览器上查看

 四、对称加密与非对称加密各自的应用场景

1、TLS/SSL发展

2、TLS 安全密码套件解读

 五、对称加密与非对称加密各自的应用场景

1、对称加密

加密示例

 

2、非对称加密

 3、PKI公钥基础设施