为什么需要域名重定向,第一是为了防止恶意绑定,最简单的道理就是,域名是别人买的,别人想把域名指向公网中的任意一台主机我们也没有办法。但是用了域名重定向后,可以在使用恶意域名访问我们的服务器后,会在地址栏重定向为我们指定的域名,并访问指定的站点。(理解一个原理,在一个未知域名访问我们的主机时其实是以IP的形式访问,也就是说我们重定向的其实是IP地址)
还有就是多域名指向同意服务器,提高访问量。
------------------------------------------------------------------
vim /application/nginx/conf/extra/rewrite.conf
##编译rewirte.conf文件不存在则创建,内容如下
server {
listen 80;
server_name ;
rewrite ^/(.*) http://www.easy.linuxidc.com/$1 permanent;
#^/表示
#
#永久有效
}
----OK------------------------------------------------------------
------------------------------------------------------------------
vim /application/nginx/conf/nginx.conf
##修改nginx的主配置文件,注意include的顺序这个很重要否则域名重定向就没用了
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/rewrite.conf;
include extra/blog.conf;
include extra/easy.conf;
include extra/bad.conf;
}
----OK------------------------------------------------------------
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
vim /etc/hosts
127.0.0.1 localhost
ping -c 1
curl -L
curl -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.12.0
Date: Sun, 16 Apr 2017 14:19:58 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://www.easy.linuxidc.com/
隐藏nginx版本号:
vim /application/nginx/conf/nginx.conf
##修改为以下内容
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server{
listen 8080;
server_name ;
rewrite ^/(.*) http://www.blog.linuxidc.com/$1 permanent;
}
include extra/easy.conf;
include extra/bad.conf;
include extra/blog.conf;
server_tokens off;
}
apache隐藏版本号的方法:
----------------------------
cat /application/apache/conf/extra/httpd-default.conf
.............
ServerTokens Prod
ServerSignature Off
.............
-----------------------
nginx日志管理
使用mv工具和crontab工具
具体方法如下:
----------------------------------------------------------------------------
vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include extra/rewrite.conf;
include extra/bad.conf;
include extra/blog.conf;
include extra/easy.conf;
server_tokens off;
}
vim extra/blog.conf
server {
listen 80;
server_name ;
access_log logs/blog.access.log main;
location / {
root html/blog;
index index.html index.htm;
}
}
##其他的配置文件也一样在server标签里添加日志信息
----OK------------------------------------------------------------
#sed -i '/server_name ;/a\\taccess_log logs\/bad.access.log
main; ' extra/bad.conf
../sbin/nginx -t
../sbin/nginx -s reload
ll ../logs/
total 220
-rw-r--r-- 1 root root 110155 Apr 17 15:42 access.log
-rw-r--r-- 1 root root 0 Apr 17 15:42 bad.access.log
-rw-r--r-- 1 root root 0 Apr 17 15:42 blog.access.log
-rw-r--r-- 1 root root 0 Apr 17 15:42 easy.access.log
-rw-r--r-- 1 root root 98802 Apr 17 15:43 error.log
-rw-r--r-- 1 root root 6 Apr 16 22:29 nginx.pid
-rw-r--r-- 1 root root 0 Apr 17 15:42 rewrite.access.log
##可见日志文件已经生成
---------------------------------------------------------------------------------
vim /application/nginx/logs/backlog.sh
##写一个自动备份的脚本
#!/bin/sh
for name in rewrite bad blog easy;
do
/bin/mv /application/nginx/logs/${name}.access.log /applog/nginx/access/$(date +%F)_${name}.log
if [ $? -eq 0 ]
then
echo "$(date +%F) ${name}" >> /applog/nginx/access/successfully.txt
else
echo "$(date +%F) ${name}" >> /applog/nginx/access/error.txt
fi
done
/bin/find /applog/nginx/access/ -mtime +7 -exec rm -rf {} \;
---脚本完成------OK------------------------------------------------------------
chmod +x /application/nginx/logs/backlog.sh
crontab -e
30 1 * * * /application/nginx/logs/backlog.sh
##晚上访问量少,适合做备份等工作
mkdir -p /applog/nginx/access/
总结:
基于域名的虚拟主机普遍常用到,基于IP和端口的一般在公司内部使用
在修改配置文件之前一定要做好备份,一边修改和对比