Apache:使用内部 DNS 名称进行日志记录,但仍关闭 CanonicalName

Apache:使用内部 DNS 名称进行日志记录,但仍关闭 CanonicalName

在负载均衡器后面运行几个相同的 Apache 服务器。所有外部请求都带有Host标头,例如“www.domain.com”。

我希望能够将每个服务器的实际主机名放入 Apache 日志中,但%v解析为“www.domain.com”。这是因为默认情况下UseCanonicalName设置为Off,导致使用请求标头内容。我可以使用指令UseCanonicalName On让 Apache 使用ServerNameUseCanonicalName DNS使用内部 DNS 名称。在这两种情况下,%v都将是“server1”,例如,这很好,因为这就是我想要记录的内容。

现在的问题是,修改UseCanonicalName也会影响重定向。对“www.domain.com/dir”的请求将导致“server1/dir/”的响应,这显然是不可取的。

问题:如何使用每个单独服务器的内部 DNS 名称进行日志记录,但不会产生重定向被破坏等副作用?

答案1

以下是我使用 Apache 2.4.51 进行的测试:

$ cat /etc/apache2/httpd.conf
ServerRoot "/usr/lib64/apache2"
User apache
Group apache
PidFile /var/run/apache2.pid

LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule actions_module modules/mod_actions.so
LoadModule mime_module modules/mod_mime.so
LoadModule env_module modules/mod_env.so 

ServerLimit             16
StartServers            2
MaxRequestWorkers       400
MinSpareThreads         25
MaxSpareThreads         75
ThreadsPerChild         25
MaxRequestsPerChild     10000

KeepAlive On
Timeout 300
MaxKeepAliveRequests 100
KeepAliveTimeout 15
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
TraceEnable Off
EnableSendfile Off
HostnameLookups Off

LogLevel warn
ErrorLog /var/log/apache2/error_log
LogFormat "%v %V %h %l %u %t \"%r\" %>s %b" special2
CustomLog /var/log/apache2/access2_log special2

TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>

<FilesMatch "^\.ht">
Order deny,allow
Deny from all
</FilesMatch>

Listen 0.0.0.0:80
ServerName localhost

<VirtualHost 0.0.0.0:80>
    ServerName dummy
    ServerAlias foo.example.com
    ServerAlias bar.example.com
    DocumentRoot /var/www/install/htdocs
    ErrorLog /var/www/install/logs/error_log
    CustomLog /var/www/install/logs/access2_log special2
    AddType application/x-ns-proxy-autoconfig .pac .proxy .dat

    <Directory /var/www/install/htdocs>
        Order allow,deny
        allow from all
        AllowOverride All
    </Directory>
</VirtualHost>

发出这些 curl 命令:

$ curl -s -D - --http1.1 -v --resolv foo.example.com:80:127.0.0.1 http://foo.example.com/wpad.dat |head -12
* Added foo.example.com:80:127.0.0.1 to DNS cache
* Hostname foo.example.com was found in DNS cache
*   Trying 127.0.0.1:80...
* Connected to foo.example.com (127.0.0.1) port 80 (#0)
> GET /wpad.dat HTTP/1.1
> Host: foo.example.com
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 07 Nov 2021 00:21:16 GMT
< Server: Apache
<HTTP/1.1 200 OK
 Last-Modified: Fri, 22 Jan 2021 12:07:17 GMT
Date: Sun, 07 Nov 2021 00:21:16 GMT
Server: Apache
<Last-Modified: Fri, 22 Jan 2021 12:07:17 GMT
 ETag: "ed-5b97c078add69"
< Accept-Ranges: bytes
< Content-Length: 237
< Content-Type: application/x-ns-proxy-autoconfig
< 
{ [237 bytes data]
* Connection #0 to host foo.example.com left intact
ETag: "ed-5b97c078add69"
Accept-Ranges: bytes
Content-Length: 237
Content-Type: application/x-ns-proxy-autoconfig

alert("!!!!!!!!! PAC script start parse !!!!!!!!");
function FindProxyForURL(url, host)
{
$ curl -s -D - --http1.1 -v --resolv bar.example.com:80:127.0.0.1 http://bar.example.com/wpad.dat | head -12
* Added bar.example.com:80:127.0.0.1 to DNS cache
* Hostname bar.example.com was found in DNS cache
*   Trying 127.0.0.1:80...
* Connected to bar.example.com (127.0.0.1) port 80 (#0)
> GET /wpad.dat HTTP/1.1
> Host: bar.example.com
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 07 Nov 2021 00:21:18 GMT
< Server: Apache
< Last-Modified: Fri, 22 Jan 2021 12:07:17 GMT
< ETag: "ed-5b97c078add69"
HTTP/1.1 200 OK
<Date: Sun, 07 Nov 2021 00:21:18 GMT
 Server: Apache
Accept-Ranges: bytes
Last-Modified: Fri, 22 Jan 2021 12:07:17 GMT
ETag: "ed-5b97c078add69"
Accept-Ranges: bytes
< Content-Length: 237
<Content-Length: 237
 Content-Type: application/x-ns-proxy-autoconfig
<Content-Type: application/x-ns-proxy-autoconfig

 
{ [237 bytes data]
* Connection #0 to host bar.example.com left intact
alert("!!!!!!!!! PAC script start parse !!!!!!!!");
function FindProxyForURL(url, host)
{

将生成以下日志文​​件:

$ cat /var/www/install/logs/access2_log
dummy foo.example.com 127.0.0.1 - - [07/Nov/2021:01:21:16 +0100] "GET /wpad.dat HTTP/1.1" 200 237
dummy bar.example.com 127.0.0.1 - - [07/Nov/2021:01:21:18 +0100] "GET /wpad.dat HTTP/1.1" 200 237

答案2

如果它导致问题,您可以保持UseCanonicalName关闭状态,并使用其他方法在日志消息中获取正确的服务器名称。

例如,您可以在每个服务器中设置一个包含其名称的环境变量,并在日志消息中使用该变量,语法如下: %{VARNAME}e

相关内容