Nginx访问日志条目不会在某些连接发生时创建 [英] Nginx access logs entries don't get created for some connections when they happen
问题描述
我的网站架构如下:
互联网->负载平衡器-> webserver/api
internet --> loadbalancer --> webserver/api
因此,在负载平衡器计算机设置上有一个nginx作为负载平衡器,并且在webserver/api节点上也有一个nginx充当反向代理.Web服务器服务器(通过负载平衡器)接收来自浏览器的请求,通过HTTP访问api,并将页面呈现给浏览器.Web服务器和api都是nodejs应用.
So there is an nginx on the load balancer machine setup as a load balancer and there is also an nginx on the webserver/api node functioning as a reverse proxy. The webserver server receives requests from browsers (via the load balancer), accesses the api over HTTP and renders the page to the browser. The webserver and api are both nodejs apps.
nginx负载均衡器具有Web服务器的日志条目-> api连接,但是直到关闭浏览器(已通过Chrome和Firefox测试),它才记录初始客户端浏览器-> webserver连接.好像连接一直处于未完成状态,直到浏览器完全关闭,这时才写入日志条目.
The nginx load balancer has log entries for the webserver-->api connections, but it doesn't log the initial client browser-->webserver connections until the browser is closed (tested with Chrome and Firefox). It's as though the connection is kept in an unfinished state until the browser is fully shutdown, at which point the log entry is written.
nginx负载均衡器访问日志:
nginx load balancer access logs:
110.110.110.101 - - [21/Feb/2019:22:21:23 +0000] loadbalancer01 TCP 200 186833 825 0.047 upstream: 10.0.0.100:443
110.110.110.100 - - [21/Feb/2019:22:21:37 +0000] loadbalancer01 TCP 200 24327 3856 21.991 upstream: 10.0.0.100:443 <-- only created after browser is closed
- 110.110.110.100-与Chrome/Firefox连接的客户端的IP地址
- 110.110.110.101-Web服务器/API节点公共接口
- 10.0.0.100-Web服务器/API节点专用接口
首先会记录webserver-> api连接,即使第二次明显发生,并且只有在客户端浏览器完全关闭时才记录客户端浏览器-> webserver连接.
The webserver->api connection is logged first even though it clearly happens second, and the client browser->webserver connection only gets logged when the client browser is completely closed.
是否存在某种缓冲?我没有在流阻止日志记录配置中使用buffer参数:
Is there some sort of buffering happening? I'm not using the buffer parameter in the stream block logging configuration:
log_format combined '$remote_addr - - [$time_local] $hostname $protocol $status $bytes_sent $bytes_received $session_time upstream: $upstream_addr';
access_log /var/log/nginx/access.log combined;
为什么仅在关闭浏览器时才记录连接?如何确保在发生连接时记录初始连接?
Why does the connection only get logged when the browser is closed? How can I ensure that the initial connection is logged when the connection happens?
[更新-添加了日志配置,还请注意,已经编辑了ips]
[update - added log configuration, also note that ips have been redacted]
推荐答案
我通过比较浏览器连接到负载均衡器的标头与脚本启动的连接之间的标头来解决这个问题.原来,浏览器设置了连接:保持活动"标头,其中使连接保持打开状态如此之多可以使用相同的连接发送请求.
I figured this out by comparing the headers between a browser connection to the load balancer compared to a connection initiated from a script. Turns out the browsers set "Connection: keep-alive" header which keeps the connection open so multiple requests can be sent using the same connection.
在负载均衡器公共ip上运行此命令的有用命令,以查看连接头:
Useful commands to run this on the load balancer public ip to see the connection headers:
sudo tcpdump -nn -A -s1500 -l -i eth0端口80
sudo tcpdump -nn -A -s1500 -l -i eth0 port 80
要注意的另一件事是,如果您将ufw用作防火墙,它将设置具有限制的基本iptables规则,因此每分钟仅记录前3个连接.
The other thing to note is that if you are using ufw as firewall, it sets up the underlying iptables rules with limits so it only logs the 1st 3 connections per min.
这篇关于Nginx访问日志条目不会在某些连接发生时创建的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
