Nginx escribe entradas de registro de errores en access.log

tag-icon tag-icon nginx logging http-status-code-403
Nginx escribe entradas de registro de errores en access.log

Estoy intentando configurar fail2ban para errores 403 de Nginx. Pero por alguna razón mi archivo error.log está vacío y todos los errores 403 (y todos los 4XX, 5XX) van a access.log. Sin embargo, revisé mi configuración y se ve bien.

server {
    listen 80;
    server_name example.com;

    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name example.com;

    access_log  /var/log/nginx/example.com/access.log;
    error_log   /var/log/nginx/example.com/error.log;

    ssl on;
    include /etc/nginx/conf.d/letsencrypt;
    include /etc/nginx/conf.d/verify-client;

    location / {
        include /etc/nginx/conf.d/403-if-not-verified;

        proxy_pass http://...;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }

    location ^~ /.well-known {
        root /usr/share/nginx/html/;
        allow all;
    }
}

Resultado:

root@raspberrypi:/var/log/nginx/example.com# ls -la
total 12
drwxr-xr-x  2 www-data adm 4096 Aug 28 09:55 .
drwxr-xr-x 12 www-data adm 4096 Aug 28 08:53 ..
-rw-r--r--  1 www-data adm 1417 Aug 28 09:55 access.log
-rw-r--r--  1 www-data adm    0 Aug 28 09:55 error.log

acceso.log:

192.168.1.1 - - [28/Aug/2021:09:46:29 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:49:53 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:50:53 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:52:02 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:52:30 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"

TodosincluirLas configuraciones contienen solo elementos relacionados con certificados, nada que ver con el registro.

arriba.Además, intenté ponerregistro de erroresdirectiva dentro de/ubicación, pero nada ha cambiado.

upd2.Intenté cambiar el nivel de registro para depurar y obtuve esto:

2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN supported by client: h2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN supported by client: http/1.1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN selected: http/1.1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_do_handshake: -1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_get_error: 2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL handshake handler: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 ssl new session: 95794EF3:32:165
2021/08/28 11:07:32 [debug] 10257#10257: *134281 ssl new session: 05E7BF5A:32:166
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_do_handshake: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL: TLSv1.3, cipher: "TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http wait request handler
2021/08/28 11:07:32 [debug] 10257#10257: *134281 posix_memalign: 01341900:256 @16
2021/08/28 11:07:32 [debug] 10257#10257: *134281 malloc: 012C1660:1024
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_read: 464
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_read: -1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_get_error: 2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 posix_memalign: 013043B0:4096 @16
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http process request line
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http request line: "GET / HTTP/1.1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http uri: "/"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http args: ""
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http exten: ""
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http process request header line
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Host: example.com"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept-Language: en-US,en;q=0.5"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept-Encoding: gzip, deflate, br"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Connection: keep-alive"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Upgrade-Insecure-Requests: 1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Dest: document"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Mode: navigate"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Site: none"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-User: ?1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Cache-Control: max-age=0"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header done
2021/08/28 11:07:32 [debug] 10257#10257: *134281 event timer del: 3: 215143200
2021/08/28 11:07:32 [debug] 10257#10257: *134281 generic phase: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 rewrite phase: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 test location: "/"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 using configuration "/"

upd3.Los permisos para ambos archivos de registro son los mismos, lo que significa que está bien.

Respuesta1

error.logcontiene información detallada sobre los errores que ocurren en el lado del servidor, es decir, códigos de error HTTP 5xx y otros errores internos/de inicio.

No está diseñado para registrar todos los códigos de estado de error HTTP.

Si desea registrar solo errores HTTP específicos, puede crear una segunda access_logentrada con filtrado. El siguiente ejemplo es dedocumentación nginxcon ligera modificación:

map $status $loggable {
    default 0;
    ~^4 1;
}

access_log /path/to/log combined if=$loggable;

El mapa se utiliza para verificar el código de estado y configurar $loggablela variable en consecuencia. La acción predeterminada es no iniciar sesión y, si el código de estado HTTP comienza con 4, la solicitud se registra.

información relacionada