标签归档:nginx

python+logstash+elasticsearch+Kibana日志方案

python用的是python-logstash库https://github.com/vklochan/python-logstash

这一套用起来都比较方便.

logstash安装,配置,运行

下载并安装logstash

打开https://www.elastic.co/downloads/logstash,找到最新版下载链接,使用wget下载rpm,然后通过yum安装

wget https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.1.1-1.noarch.rpm
yum install logstash-2.1.1-1.noarch.rpm

也可以直接通过repo安装:https://www.elastic.co/guide/en/logstash/current/package-repositories.html

配置logstash

vim /etc/logstash/conf.d/logstash.conf

input {  
  tcp {
    port => 5959
    codec => json
  }  
}
output {
  elasticsearch { hosts => ["localhost:9200"] }
}

运行logstash

chkconfig logstash on
/etc/init.d/logstash start
telnet 127.0.0.1 5959 #test

Python logstash

安装python包

pip install python-logstash

测试脚本 vim test.py

import logging
import logstash
import sys

host = 'localhost'

test_logger = logging.getLogger('python-logstash-logger')
test_logger.setLevel(logging.DEBUG)
test_logger.addHandler(logstash.TCPLogstashHandler(host, 5959, version=1))

test_logger.error('python-logstash: test logstash error message.')
test_logger.info('python-logstash: test logstash info message.')
test_logger.warning('python-logstash: test logstash warning message.')

extra = {
    'test_string': 'python version: ' + repr(sys.version_info),
    'test_boolean': True,
    'test_dict': {'a': 1, 'b': 'c'},
    'test_float': 1.23,
    'test_integer': 123,
    'test_list': [1, 2, '3'],
}
test_logger.info('python-logstash: test extra fields', extra=extra)

检查是否成功

curl http://127.0.0.1:9200/_search?pretty&q=logstash

kibana安装使用

https://www.elastic.co/downloads/kibana找到最新版本的kibana

wget https://download.elastic.co/kibana/kibana/kibana-4.3.1-linux-x64.tar.gz
tar -zxf kibana-4.3.1-linux-x64.tar.gz

vim config/kibana.yml,找到elasticsearch.url这行,根据情况决定是否要修改,如果修改记得去掉前面的注释符号

运行bin/kibana启动服务,访问http://127.0.0.1:5601/,点击创建即可

配置nginx访问

安装htpasswd工具,生成账号密码

 yum install httpd-tools
 htpasswd -b -c /data/kibana.htpasswd username password

配置nginx server

upstream kibana {
    server 127.0.0.1:5601 fail_timeout=0;
}

server {
    listen      80;
    server_name          kibana.domain.com;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /data/kibana.htpasswd;
        proxy_pass http://kibana;
   }
}

重启nginx

nginx -s reload

centos7基本系统安装(php-fpm,mariadb,nginx,epel)

安装epel

su -c 'rpm -Uvh http://mirrors.hust.edu.cn/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm'
su -c 'yum install epel-release-7-0.2'

安装mariadb,php,nginx

su -c 'yum install mariadb mariadb-server php php-cli php-fpm php-pdo nginx'

创建数据库账户

CREATE USER 'th'@'%' IDENTIFIED BY '***';
GRANT ALL PRIVILEGES ON * . * TO 'th'@'%' IDENTIFIED BY '***';
flush privileges;

nginx 502 (Resource temporarily unavailable)

查看连接数和当前的连接数

netstat -ant | grep $ip:80 | wc -l   
netstat -ant | grep $ip:80 | grep EST | wc -l

查看IP访问次数

netstat -nat|grep ":80"|awk '{print $5}' |awk -F: '{print $1}' | sort| uniq -c|sort -n

实时查看连接数

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'  
watch "netstat -n | awk '/^tcp/ {++S[\$NF]} END {for(a in S) print a, S[a]}'"

返回结果示例

LAST_ACK 5
SYN_RECV 30 
ESTABLISHED 1597 
FIN_WAIT1 51 
FIN_WAIT2 504 
TIME_WAIT 1057

说明

  • SYN_RECV 表示正在等待处理的请求数;
  • ESTABLISHED 表示正常数据传输状态;
  • TIME_WAIT 表示处理完毕,等待超时结束的请求数;
  • FIN_WAIT1 表示server端主动要求关闭tcp连接;
  • FIN_WAIT2 表示客户端中断连接;
  • LAST_ACK 关闭一个TCP连接需要从两个方向上分别进行关闭,双方都是通过发送FIN来表示单方向数据的关闭,当通信双方发送了最后一个FIN的时候,发送方此时处于LAST_ACK状态,当发送方收到对方的确认(Fin的Ack确认)后才真正关闭整个TCP连接;

解决办法

/etc/security/limits.conf

www-data   soft    nproc   51200
www-data   hard    nproc   16384
www-data   soft    nofile   51200
www-data   hard    nofile   51200

nginx ssl 配置

生成证书

openssl genrsa -des3 -out xxx.key 1024  
openssl req -new -x509 -key xxx.key -out xxx.crt -days 3650  
openssl rsa -in openssl.key -out xxx_nopass.key

默认配置

ssl                     on;
ssl_certificate         /etc/nginx/certs/xxx.crt;
ssl_certificate_key     /etc/nginx/certs/xxx_nopass.key;
ssl_session_timeout     5m;

ssl_protocols           SSLv2 SSLv3 TLSv1;
ssl_prefer_server_ciphers       on;

ubuntu下使用bind9+mount+nginx搭建企业统一开发环境

公司内部项目较多,希望搭建一个内部环境,满足以下需求:

  1. 每次有新的项目可以不用修改host文件,产品及测试随时查看开发进度(企业内dns解析)
  2. 前端开发人员不用做复杂的服务器配置(mount+virtualhost)

安装bind9

sudo apt-get install bind9 bind9-doc bind9-host bind9utils dnsutils

开启dns缓存(可选)
sudo vim /etc/bind/named.conf.options(dns缓存)

forwarders {
  8.8.8.8;
  202.96.134.133;
  202.96.128.166;
};

增加一个域名
sudo vim /etc/bind/named.conf.local

zone "shining.dev" {
   type master;
   file "/etc/bind/db.shining.dev";
};

域名配置
sudo cp /etc/bind/db.local /etc/bind/db.shining.dev
sudo vim /etc/bind/db.shining.dev

$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@  IN  NS  localhost.
@  IN  A  10.1.0.21
*.shining.dev.  IN  A  10.1.0.21

启动&开机自动启动bind9

sudo chkconfig bind9 on
sudo service bind9 start

linux开启共享

sudo apt-get install samba
sudo vim /etc/samba/smb.conf

[share]
comment = share
path = /home/ning/project
browseable = yes
guest ok = yes
writable = yes

sudo chkconfig samba on
sudo service samba start