Nginx
Nginx 將錯誤日誌條目寫入 access.log
我正在嘗試為來自 Nginx 的 403 錯誤配置 fail2ban。但由於某種原因,我的 error.log 文件為空,所有 403(以及所有 4XX、5XX)錯誤都將進入 access.log。但是,我檢查了我的配置,它看起來不錯。
server { listen 80; server_name example.com; return 301 https://$host$request_uri; } server { listen 443; server_name example.com; access_log /var/log/nginx/example.com/access.log; error_log /var/log/nginx/example.com/error.log; ssl on; include /etc/nginx/conf.d/letsencrypt; include /etc/nginx/conf.d/verify-client; location / { include /etc/nginx/conf.d/403-if-not-verified; proxy_pass http://...; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-Proto http; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; } location ^~ /.well-known { root /usr/share/nginx/html/; allow all; } }
結果:
root@raspberrypi:/var/log/nginx/example.com# ls -la total 12 drwxr-xr-x 2 www-data adm 4096 Aug 28 09:55 . drwxr-xr-x 12 www-data adm 4096 Aug 28 08:53 .. -rw-r--r-- 1 www-data adm 1417 Aug 28 09:55 access.log -rw-r--r-- 1 www-data adm 0 Aug 28 09:55 error.log
訪問日誌:
192.168.1.1 - - [28/Aug/2021:09:46:29 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" 192.168.1.1 - - [28/Aug/2021:09:49:53 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" 192.168.1.1 - - [28/Aug/2021:09:50:53 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" 192.168.1.1 - - [28/Aug/2021:09:52:02 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" 192.168.1.1 - - [28/Aug/2021:09:52:30 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
所有包含配置只包含與證書相關的內容,與日誌記錄無關。
更新。另外,我嘗試將error_log指令放在**/**位置內,但沒有任何改變。
**更新2。**嘗試將日誌級別更改為調試,得到了這個:
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN supported by client: h2 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN supported by client: http/1.1 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN selected: http/1.1 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_do_handshake: -1 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_get_error: 2 2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 0 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL handshake handler: 0 2021/08/28 11:07:32 [debug] 10257#10257: *134281 ssl new session: 95794EF3:32:165 2021/08/28 11:07:32 [debug] 10257#10257: *134281 ssl new session: 05E7BF5A:32:166 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_do_handshake: 1 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL: TLSv1.3, cipher: "TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 1 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http wait request handler 2021/08/28 11:07:32 [debug] 10257#10257: *134281 posix_memalign: 01341900:256 @16 2021/08/28 11:07:32 [debug] 10257#10257: *134281 malloc: 012C1660:1024 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_read: 464 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_read: -1 2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_get_error: 2 2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 0 2021/08/28 11:07:32 [debug] 10257#10257: *134281 posix_memalign: 013043B0:4096 @16 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http process request line 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http request line: "GET / HTTP/1.1" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http uri: "/" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http args: "" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http exten: "" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http process request header line 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Host: example.com" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept-Language: en-US,en;q=0.5" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept-Encoding: gzip, deflate, br" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Connection: keep-alive" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Upgrade-Insecure-Requests: 1" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Dest: document" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Mode: navigate" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Site: none" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-User: ?1" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Cache-Control: max-age=0" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header done 2021/08/28 11:07:32 [debug] 10257#10257: *134281 event timer del: 3: 215143200 2021/08/28 11:07:32 [debug] 10257#10257: *134281 generic phase: 0 2021/08/28 11:07:32 [debug] 10257#10257: *134281 rewrite phase: 1 2021/08/28 11:07:32 [debug] 10257#10257: *134281 test location: "/" 2021/08/28 11:07:32 [debug] 10257#10257: *134281 using configuration "/"
**更新3。**兩個日誌文件的權限是相同的,所以就可以了。
error.log
包含有關伺服器端發生的錯誤的詳細資訊,即 HTTP 錯誤程式碼 5xx 和其他啟動/內部錯誤。它不適用於記錄所有 HTTP 錯誤狀態程式碼。
如果您只想記錄特定的 HTTP 錯誤,您可以創建第二個
access_log
帶有過濾的條目。下面的範例來自nginx 文件,稍作修改:map $status $loggable { default 0; ~^4 1; } access_log /path/to/log combined if=$loggable;
該地圖用於檢查狀態程式碼並
$loggable
相應地設置變數。預設操作是不記錄,如果 HTTP 狀態程式碼以 開頭4
,則記錄請求。