我正在嘗試為 Nginx 的 403 錯誤配置fail2ban。但由於某種原因,我的 error.log 檔案為空,所有 403(以及所有 4XX、5XX)錯誤都將寫入 access.log。不過,我檢查了我的配置,看起來不錯。
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name example.com;
access_log /var/log/nginx/example.com/access.log;
error_log /var/log/nginx/example.com/error.log;
ssl on;
include /etc/nginx/conf.d/letsencrypt;
include /etc/nginx/conf.d/verify-client;
location / {
include /etc/nginx/conf.d/403-if-not-verified;
proxy_pass http://...;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
location ^~ /.well-known {
root /usr/share/nginx/html/;
allow all;
}
}
結果:
root@raspberrypi:/var/log/nginx/example.com# ls -la
total 12
drwxr-xr-x 2 www-data adm 4096 Aug 28 09:55 .
drwxr-xr-x 12 www-data adm 4096 Aug 28 08:53 ..
-rw-r--r-- 1 www-data adm 1417 Aug 28 09:55 access.log
-rw-r--r-- 1 www-data adm 0 Aug 28 09:55 error.log
訪問日誌:
192.168.1.1 - - [28/Aug/2021:09:46:29 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:49:53 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:50:53 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:52:02 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:52:30 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
一切包括配置僅包含與憑證相關的內容,與日誌記錄無關。
更新。另外,我試著把錯誤日誌裡面的指令/位置,但一切都沒有改變。
更新2。嘗試更改日誌等級進行調試,得到以下結果:
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN supported by client: h2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN supported by client: http/1.1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN selected: http/1.1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_do_handshake: -1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_get_error: 2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL handshake handler: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 ssl new session: 95794EF3:32:165
2021/08/28 11:07:32 [debug] 10257#10257: *134281 ssl new session: 05E7BF5A:32:166
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_do_handshake: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL: TLSv1.3, cipher: "TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http wait request handler
2021/08/28 11:07:32 [debug] 10257#10257: *134281 posix_memalign: 01341900:256 @16
2021/08/28 11:07:32 [debug] 10257#10257: *134281 malloc: 012C1660:1024
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_read: 464
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_read: -1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_get_error: 2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 posix_memalign: 013043B0:4096 @16
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http process request line
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http request line: "GET / HTTP/1.1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http uri: "/"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http args: ""
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http exten: ""
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http process request header line
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Host: example.com"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept-Language: en-US,en;q=0.5"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept-Encoding: gzip, deflate, br"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Connection: keep-alive"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Upgrade-Insecure-Requests: 1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Dest: document"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Mode: navigate"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Site: none"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-User: ?1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Cache-Control: max-age=0"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header done
2021/08/28 11:07:32 [debug] 10257#10257: *134281 event timer del: 3: 215143200
2021/08/28 11:07:32 [debug] 10257#10257: *134281 generic phase: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 rewrite phase: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 test location: "/"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 using configuration "/"
更新3。兩個日誌檔案的權限是相同的,所以意味著沒問題。
答案1
error.log包含有關伺服器端發生的錯誤的詳細信息,即 HTTP 錯誤代碼 5xx 和其他啟動/內部錯誤。
它並不用於記錄所有 HTTP 錯誤狀態代碼。
如果您只想記錄特定的 HTTP 錯誤,您可以建立第二個access_log具有篩選功能的項目。下面的例子來自Nginx 文檔稍作修改:
map $status $loggable {
default 0;
~^4 1;
}
access_log /path/to/log combined if=$loggable;
該地圖用於檢查狀態代碼並$loggable相應地設定變數。預設操作是不記錄,如果 HTTP 狀態代碼以 開頭4,則記錄該請求。