我正在尝试为来自 Nginx 的 403 错误配置 fail2ban。但由于某种原因,我的 error.log 文件为空,所有 403(以及所有 4XX、5XX)错误都将进入 access.log。但是,我检查了我的配置,它看起来不错。
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name example.com;
access_log /var/log/nginx/example.com/access.log;
error_log /var/log/nginx/example.com/error.log;
ssl on;
include /etc/nginx/conf.d/letsencrypt;
include /etc/nginx/conf.d/verify-client;
location / {
include /etc/nginx/conf.d/403-if-not-verified;
proxy_pass http://...;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
location ^~ /.well-known {
root /usr/share/nginx/html/;
allow all;
}
}
结果:
root@raspberrypi:/var/log/nginx/example.com# ls -la
total 12
drwxr-xr-x 2 www-data adm 4096 Aug 28 09:55 .
drwxr-xr-x 12 www-data adm 4096 Aug 28 08:53 ..
-rw-r--r-- 1 www-data adm 1417 Aug 28 09:55 access.log
-rw-r--r-- 1 www-data adm 0 Aug 28 09:55 error.log
访问日志:
192.168.1.1 - - [28/Aug/2021:09:46:29 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:49:53 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:50:53 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:52:02 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
192.168.1.1 - - [28/Aug/2021:09:52:30 +0300] "GET / HTTP/1.1" 403 135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
所有包含配置只包含与证书相关的内容,与日志记录无关。
更新。另外,我尝试将error_log指令放在/位置内,但没有任何改变。
更新2。尝试将日志级别更改为调试,得到了这个:
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN supported by client: h2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN supported by client: http/1.1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL ALPN selected: http/1.1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_do_handshake: -1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_get_error: 2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL handshake handler: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 ssl new session: 95794EF3:32:165
2021/08/28 11:07:32 [debug] 10257#10257: *134281 ssl new session: 05E7BF5A:32:166
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_do_handshake: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL: TLSv1.3, cipher: "TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http wait request handler
2021/08/28 11:07:32 [debug] 10257#10257: *134281 posix_memalign: 01341900:256 @16
2021/08/28 11:07:32 [debug] 10257#10257: *134281 malloc: 012C1660:1024
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_read: 464
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_read: -1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 SSL_get_error: 2
2021/08/28 11:07:32 [debug] 10257#10257: *134281 reusable connection: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 posix_memalign: 013043B0:4096 @16
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http process request line
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http request line: "GET / HTTP/1.1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http uri: "/"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http args: ""
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http exten: ""
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http process request header line
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Host: example.com"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept-Language: en-US,en;q=0.5"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Accept-Encoding: gzip, deflate, br"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Connection: keep-alive"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Upgrade-Insecure-Requests: 1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Dest: document"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Mode: navigate"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-Site: none"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Sec-Fetch-User: ?1"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header: "Cache-Control: max-age=0"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 http header done
2021/08/28 11:07:32 [debug] 10257#10257: *134281 event timer del: 3: 215143200
2021/08/28 11:07:32 [debug] 10257#10257: *134281 generic phase: 0
2021/08/28 11:07:32 [debug] 10257#10257: *134281 rewrite phase: 1
2021/08/28 11:07:32 [debug] 10257#10257: *134281 test location: "/"
2021/08/28 11:07:32 [debug] 10257#10257: *134281 using configuration "/"
更新3。两个日志文件的权限是相同的,所以就可以了。
error.log
包含有关服务器端发生的错误的详细信息,即 HTTP 错误代码 5xx 和其他启动/内部错误。它不适用于记录所有 HTTP 错误状态代码。
如果您只想记录特定的 HTTP 错误,您可以创建第二个
access_log
带有过滤的条目。下面的示例来自nginx 文档,稍作修改:该地图用于检查状态代码并
$loggable
相应地设置变量。默认操作是不记录,如果 HTTP 状态代码以 开头4
,则记录请求。