Apache#
Server monitoring#
By changing the log format you can have a better idea of what is happening in real time to your web server without relying on external trackers. You can install programs that are able to read Apache’s logs in realtime.
Vedi anche
install the dependencies
apt-get install goaccess
edit the log module setup in the main Apache configuration file. I added
ServerName
as variable and changed the date-time format to RFC3339.1# [ ... ] 2 3<IfModule log_config_module> 4 LogFormat "%v %h %l %u [%{%F %T}t %{%z}t] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 5 LogFormat "%v %h %l %u [%{%F %T}t %{%z}t] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common 6 <IfModule logio_module> 7 LogFormat "%v %h %l %u [%{%F %T}t %{%z}t] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio 8 </IfModule> 9 CustomLog "/var/log/apache2/access.log" common 10</IfModule> 11 12# [ ... ]
serve the html file via HTTP by creating a new
Apache virtual host
. ReplaceFQDN
with the appropriate domain and include this file from the Apache configuration. You may notice that the reverse proxy configuration useswss
(WebSocket Secure) instead ofws
(WebSocket)1############ 2# goaccess # 3############ 4<IfModule mod_ssl.c> 5<VirtualHost 192.168.0.100:80> 6 ServerName ${FQDN} 7 8 # Force https. 9 UseCanonicalName on 10 RewriteEngine on 11 RewriteCond %{SERVER_NAME} =${FQDN} 12 13 # Ignore rewrite rules for 127.0.0.1 14 RewriteCond %{HTTP_HOST} !=127.0.0.1 15 RewriteCond %{REMOTE_ADDR} !=127.0.0.1 16 17 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] 18</VirtualHost> 19</IfModule> 20 21<IfModule mod_ssl.c> 22<VirtualHost *:443> 23 UseCanonicalName on 24 25 Keepalive On 26 RewriteEngine on 27 28 ServerName ${FQDN} 29 30 SSLCompression off 31 32 RequestHeader set X-Forwarded-Proto "https" 33 RequestHeader set X-Forwarded-Port "443" 34 RequestHeader set X-Forwarded-Host "${FQDN}" 35 36 DocumentRoot "/srv/http/${FQDN}" 37 <Directory "/srv/http/${FQDN}"> 38 Options -ExecCGI -Includes -indexes 39 # Localhost. 40 AllowOverride None 41 42 # 43 # Controls who can get stuff from this server. 44 # 45 Require all granted 46 </Directory> 47 48 <Location "/"> 49 Require ip 127.0.0.1 50 Require ip 192.168.0. 51 </Location> 52 53 SSLProxyEngine On 54 SSLProxyVerify None 55 SSLProxyCheckPeerCN Off 56 SSLProxyCheckPeerName Off 57 58 ProxyRequests On 59 60 # keep the host 61 ProxyPreserveHost On 62 63 RequestHeader set X-Forwarded-Proto 'https' env=HTTPS 64 Header always set Strict-Transport-Security "max-age=15552000; preload" 65 Header always set X-Content-Type-Options nosniff 66 Header always set X-Robots-Tag none 67 Header always set X-XSS-Protection "1; mode=block" 68 Header always set X-Frame-Options "SAMEORIGIN" 69 Header always set Referrer-Policy "strict-origin-when-cross-origin" 70 71 ProxyPass /wss/ wss://127.0.0.1:7890 72 ProxyPassReverse /wss/ wss://127.0.0.1:7890 73 74 Include /etc/letsencrypt/options-ssl-apache.conf 75 SSLCertificateFile /etc/letsencrypt/live/${FQDN}/fullchain.pem 76 SSLCertificateKeyFile /etc/letsencrypt/live/${FQDN}/privkey.pem 77</VirtualHost> 78</IfModule>
create the jobs directories and files
mkdir -p /home/jobs/scripts/by-user/root/goaccess/goaccess.db chmod 700 /home/jobs/scripts/by-user/root/goaccess
run the program manually without the configuration to check if the supplied formats are working correctly. This command open a curses terminal. Press
q
to quitgoaccess /var/log/apache2/access.log \ --log-format='%v %h %l %u %^[%d %t %^] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"' \ --date-format="%F" \ --time-format="%T"
use this
configuration file
as example. You can find all the options in Debian’s provided configuration file at/etc/goaccess/goaccess.conf
1time-format %T 2date-format %F 3log-format %v %h %l %u %^[%d %t %^] "%r" %>s %b "%{Referer}i" "%{User-Agent}i" 4color-scheme 3 5config-dialog false 6hl-header true 7html-prefs {"theme":"bright","perPage":5,"layout":"horizontal","showTables":true,"visitors":{"plot":{"chartType":"bar"}}} 8html-report-title GoAccess Stats 9json-pretty-print true 10no-color false 11no-column-names false 12no-csv-summary false 13no-progress false 14no-tab-scroll false 15with-mouse false 16addr 127.0.0.1 17origin https://${FQDN} 18port 7890 19pid-file /var/run/goaccess.pid 20real-time-html true 21ws-url wss://${FQDN}:443/wss/ 22agent-list true 23with-output-resolver true 24http-method yes 25http-protocol yes 26no-query-string false 27no-term-resolver false 28444-as-404 false 294xx-to-unique-count false 30all-static-files false 31double-decode false 32ignore-crawlers false 33crawlers-only false 34real-os true 35ssl-cert /etc/letsencrypt/live/${FQDN}/fullchain.pem 36ssl-key /etc/letsencrypt/live/${FQDN}/privkey.pem 37exclude-ip 192.168.0.1-192.168.0.254 38exclude-ip 172.16.0.0-172.31.255.255 39exclude-ip 127.0.0.1 40persist true 41restore true 42db-path /home/jobs/scripts/by-user/root/goaccess/goaccess.db
Nota
Replace
FQDN
with appropriate value.create a
Systemd unit file
1[Unit] 2Requires=network-online.target 3After=network-online.target 4 5[Service] 6Type=simple 7WorkingDirectory=/home/jobs/scripts/by-user/root/goaccess 8Restart=always 9ExecStart=/usr/bin/goaccess /var/log/apache2/access.log -a -p goaccess.conf -o /srv/http/${FQDN}/index.html 10 11[Install] 12WantedBy=multi-user.target
Nota
Replace
FQDN
with appropriate value.run the deploy script
Footnotes