防止 nginx 访问日志被静态请求填满

防止 nginx 访问日志被静态请求填满

文件夹中 favicon.ico 和资产的无用 GET 请求/static/充斥着我的 nginx 访问日志。而且这是一台繁忙的服务器 - 这意味着 I/O 也被浪费了。更不用说我的 fail2ban 安装有时会做出扭曲的决定!

我该如何排除这些令人厌烦的日志行?我在 nginx 上1.4.x

我找到了一种方法来做到这一点阿帕奇,但在 nginx 中却不行。


这是我的 nginx 虚拟主机文件:

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=100m inactive=6m;

upstream my_server {

  server unix:/home/myuser/myfolder/myapp/myapp.sock  fail_timeout=0;
}

server {
    server_name example.com www.example.com;

    listen 80;

    return 301 https://example.com$request_uri;
}

server {
    server_name www.example.com;

    listen 443 ssl;
    listen [::]:443 ssl;

    . . . SSL related stuff . . .   

    . . . adding security related headers . . .

    return 301 https://example.com$request_uri;
}



server {

    server_name example.com;
    listen 443 ssl;
    listen [::]:443 ssl;

    . . . SSL related stuff . . .

    . . . adding security related headers . . .

    charset utf-8;
    underscores_in_headers on;

    limit_conn conn_limit_per_ip 10;
    limit_req zone=req_limit_per_ip burst=20;

    # write error log file for https errors:
    error_log /var/log/nginx/https-error_log warn;


    location ~* \.(?:ico|css|js|gif|jpg|jpeg|png|svg|woff|ttf|eot)$ { 

    root /home/myuser/myfolder/myapp; 
    access_log off;
    expires 120d;
    add_header Pragma public;
    add_header Cache-Control public;

    }

    location = /favicon.ico { access_log off; log_not_found off; }

    location /static/ {

    access_log off;
        alias /home/myuser/myfolder/myapp;
    }

    location /status {
        stub_status on;
        allow 127.0.0.1;
        allow 40.114.247.165;
        deny all;
    }




    location / {

        #proxy_pass_request_headers on;
        proxy_buffering on;
        proxy_buffers 24 4k;
        proxy_buffer_size 2k;
        proxy_busy_buffers_size 8k;

        try_files $uri @https_proxy_to_app;
    }

    location @https_proxy_to_app {
        proxy_set_header X-Forwarded-Proto https;
        # additional proxy parameters
        include proxy_params;

        proxy_redirect off;
        proxy_pass http://my_server;
    }


    # Error pages
    error_page 500 502 503 504 /500.html;
    location = /500.html {
        root /home/myuser/myfolder/myapp/templates/;
    }

    location = /backflip.png {
        root /home/myuser/myfolder/myapp/static/img/;
    }

}

在中nginx.conf,我在块中定义了以下内容http

log_format compression '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$gzip_ratio"';

access_log /var/log/nginx/access.log compression;

下面是我在访问日志中看到的内容的一个示例:

192.16.53.127 - - [24/Sep/2017:01:12:24 +0000] "GET /static/emoticons/puke1.png HTTP/1.1" 301 178 "https://example.com/page2/" "service-1460643764266048;Mozilla/5.0 (Linux; Android 6.0; QMobile X32 Power Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/55.0.2883.91 Mobile Safari/537.36" "-"

152.195.94.170 - - [24/Sep/2017:01:12:24 +0000] "GET /static/img/favicon-192.png HTTP/1.1" 301 178 "https://example.com/comment/3" "Opera/9.80 (Android; Opera /24.0.2254/69.162; U; en) Presto/2.12.423 Version/12.16" "-"

答案1

每个server块都会生成日志,每个location块都会生成日志。您不能只是将一个location块添加到现有配置中并期望它能够正常工作,而不考虑它如何与所有其他块交互location到现有配置中并期望它能够正常工作,而不考虑它如何与配置中的如何nginx处理请求了解更多信息。

解决您的问题的一个简单方法可能是使用全局规则来确定是否应该记录请求。

例如,在您的nginx.conf文件中:

log_format compression '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $body_bytes_sent '
                '"$http_referer" "$http_user_agent" "$gzip_ratio"';

map $request_uri $loggable {
    default                                             1;
    ~*\.(ico|css|js|gif|jpg|jpeg|png|svg|woff|ttf|eot)$ 0;
}

access_log /var/log/nginx/access.log compression if=$loggable;

这个文件了解更多信息。

答案2

从 nginx 1.4.x 升级到 nginx 1.13.x(Ubuntu 14.04 LTS):

1) 转到/etc/apt/sources.list.d/nginx.list通过创建sudo nano nginx.list

2)将这两行粘贴到不同的行中:deb http://nginx.org/packages/mainline/ubuntu/ trusty nginxdeb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx

3)保存并退出文件。在终端上输入sudo wget -q -O- http://nginx.org/keys/nginx_signing.key | sudo apt-key add -

4)下一步sudo apt-get update

5) 最后sudo apt-get install nginx。最新版本将被安装。


选择性记录:理查德的回答比我的好,所以贬低了我的。

相关内容