严格意义上讲,本篇分享仅仅包含自建logstash的安装和配置流程,elasticsearch和kibana实际上使用的都是云上应用。
一、使用rpm包安装logstash
[root@zht-logstash-pro-app-1 ~]# yum reinstall -y logstash-oss-7.6.2.rpm
Last metadata expiration check: 0:17:26 ago on Fri Apr 26 13:55:45 2024.
Dependencies resolved.
Package Architecture Version Repository Size
Reinstalling:
logstash-oss noarch 1:7.6.2-1 @commandline 165 M
Transaction Summary
Total size: 165 M
Installed size: 290 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: logstash-oss-1:7.6.2-1.noarch 1/2
Reinstalling : logstash-oss-1:7.6.2-1.noarch 1/2
Running scriptlet: logstash-oss-1:7.6.2-1.noarch 1/2
could not find java; set JAVA_HOME or ensure java is in PATH
chmod: cannot access '/etc/default/logstash': No such file or directory
warning: %post(logstash-oss-1:7.6.2-1.noarch) scriptlet failed, exit status 1
Error in POSTIN scriptlet in rpm package logstash-oss
Running scriptlet: logstash-oss-1:7.6.2-1.noarch 2/2
Cleanup : logstash-oss-1:7.6.2-1.noarch 2/2
Verifying : logstash-oss-1:7.6.2-1.noarch 1/2
Verifying : logstash-oss-1:7.6.2-1.noarch 2/2
Reinstalled:
logstash-oss-1:7.6.2-1.noarch
Complete!
二、logstash配置文件:
input {
tcp {
port => 5044 codec => "json_lines"
}
beats {
port => 5045
}
}
filter {
truncate{
fields => "message"
length_bytes => 80000000
}
mutate{
lowercase => ["appname"]
gsub => [
"message",'password":"(\w+)",' ,'password":"********",'
]
gsub => [
"message",'password:\s*(\w+)' ,'password: ********'
]
gsub => [
"message",'passWord":"(\w+)",' ,'passWord":"********",'
]
gsub => [
"message",'Password:(\w+)' ,'Password:********'
]
remove_field => ["@version","cloud","ecs","host."]
}
if "SendMsg.jsp" in [message] and "password" in [message]{
drop {}
}
if "bty" in [tags] {
mutate {
remove_field => ["message"]
}
}
# 10.1.11.214/215
if "bn_nginx_accesslog" in [tags] {
mutate {
gsub => ["message"," ","|"]
remove_field => ["@version","cloud","ecs","host"]
split => { "message" => "|" }
add_field => {
"xforwardedfor" => "%{[message][1]}"
"remote_addr" => "%{[message][2]}"
"upstream_addr" => "%{[message][3]}"
"http_referer" => "%{[message][4]}"
"request" => "%{[message][5]}"
}
}
mutate {
rename => ["xforwardedfor", "clientrouters" ]
split => {"clientrouters" => ","}
add_field => { "xforwardedfor" => "%{[clientrouters][0]}" }
}
mutate {
rename => ["request", "request_info" ]
gsub => ["request_info"," ","|"]
split => { "request_info" => "|" }
add_field => {
"http_method" => "%{[request_info][0]}"
"req_url" => "%{[request_info][1]}"
}
remove_field => ["request_info","request"]
}
}
if "nginx_access_log" in [tags] {
mutate {
gsub => ["message"," ","|"]
remove_field => ["@version","cloud","ecs","host"]
split => { "message" => "|" }
add_field => {
"xforwardedfor" => "%{[message][1]}"
"remote_addr" => "%{[message][2]}"
"upstream_addr" => "%{[message][3]}"
"http_referer" => "%{[message][4]}"
"request" => "%{[message][5]}"
}
}
mutate {
rename => ["request", "request_info" ]
gsub => ["request_info"," ","|"]
split => { "request_info" => "|" }
add_field => {
"http_method" => "%{[request_info][0]}"
"req_url" => "%{[request_info][1]}"
}
remove_field => ["request_info","request"]
}
}
if "nginx_access_log" in [tags] and "," in [xforwardedfor] {
mutate {
remove_field => ["@version","cloud","ecs","host"]
rename => ["xforwardedfor", "clientrouters" ]
split => {"clientrouters" => ","}
add_field => { "xforwardedfor" => "%{[clientrouters][0]}" }
}
}
if "ao-nginxaccess-log" in [tags] {
grok {
match => {
"message" => "%{HTTPDATE:timestamp}%{SPACE}(?:-|%{IPORHOST:http_x_forwarded_for})%{SPACE}%{IPORHOST:remote_addr}%{SPACE}%{HOSTPORT:upstream_addr}%{SPACE}(?:-|%{URI:http_referer})%{SPACE}%{WORD:method}%{SPACE}(?:-|%{URIPATHPARAM:url})%{SPACE}(?:HTTP/%{NUMBER:httpversion})%{SPACE}%{NUMBER:request_time}%{SPACE}%{NUMBER:upstream_response_time}%{SPACE}(?:-|%{NUMBER:httpcode})%{SPACE}(?:-|%{WORD:http_authorization})"
}
break_on_match => false
}
# if "password" in [url] {
# drop {}
# }
mutate {
gsub => [ "http_referer", "http://aonew/", "http://aonew.test.com.cn/" ]
remove_field => ["@version","cloud","ecs","host"]
}
}
if "cs-nginxaccess-log" in [tags] {
grok {
match => {
"message" => "%{IPORHOST:remote_addr} - - \[%{HTTPDATE:timestamp}\] \"%{WORD:method} (?:-|%{URIPATHPARAM:url}) (?:HTTP/%{NUMBER})\" (?:-|%{NUMBER:httpcode}) (?:-|%{NUMBER:body_bytes_sent}) \"(?:-|%{GREEDYDATA:http_referer})\" \"(%{GREEDYDATA:user_agent}|-)\" \"(?:-|%{GREEDYDATA:http_x_forwarded_for})\""
}
break_on_match => false
}
mutate {
remove_field => ["message","@version","cloud","ecs","host","agent"]
}
}
if "xw-nginxaccess-log" in [tags] {
grok {
match => {
"message" => "ip(?:-|\[%{GREEDYDATA:http_x_forwarded_for}\]) -user(?:-|\[%{GREEDYDATA:user}\]) -time(?:-|\[%{HTTPDATE:timestamp}\]) -request-content\[(?:-|%{GREEDYDATA:method}) (?:-|%{GREEDYDATA:req_url}) (?:-|%{GREEDYDATA:httpversion})\] -request-time(?:-|\[%{NUMBER:request-time}\]) -status(?:-|\[%{NUMBER:statuscode}\]) (?:-|%{NUMBER:bodysize}) -referer(?:-|\[%{GREEDYDATA:http_referer}\]) -agent(?:-|\[%{GREEDYDATA:http_user_agent}\])\"(?:-|\[%{IPORHOST:upstream_addr}\])\" -proxy-host(?:-|\[%{IPORHOST:proxy-host}\])"
}
break_on_match => false
}
mutate {
remove_field => ["@version","agent","ecs","host","cloud"]
}
}
if "xw-nginxaccess-log" in [tags] and "," in [http_x_forwarded_for] {
mutate {
remove_field => ["@version","cloud","ecs","host.","agent"]
rename => ["http_x_forwarded_for", "clientrouters" ]
split => {"clientrouters" => ","}
add_field => { "http_x_forwarded_for" => "%{[clientrouters][0]}" }
}
}
if "ob43-nginxaccess-log" in [tags] {
grok {
match => {
"message" => "%{IPORHOST:remote_addr} - - \[%{HTTPDATE:timestamp}\] %{NUMBER:reqTimeUse} %{NUMBER:rspTimeUse} %{HOSTPORT:remoteAddr} \"%{WORD:method} (?:-|%{URIPATHPARAM:reqUrl}) (?:HTTP/%{NUMBER})\" (?:-|%{NUMBER:httpcode}) (?:-|%{NUMBER:body_bytes_sent}) (?:-|%{NUMBER:UsedTIme}) \"(?:-|%{GREEDYDATA:http_referer})\" \"(%{GREEDYDATA:user_agent}|-)\" \"(?:-|%{GREEDYDATA:http_x_forwarded_for})\""
}
break_on_match => false
}
mutate {
remove_field => ["message","http_referer","http_x_forwarded_for"]
remove_field => ["@version","ecs","host","cloud"]
}
}
if "sce_nginx_access_log" in [tags] {
grok {
match => {
"message" => "%{IPORHOST:clientRealIp} - - \[%{HTTPDATE:time_local}\] - \"%{WORD:method} (?:-|%{URIPATHPARAM:url}) (?:HTTP/%{NUMBER})\" %{NUMBER:request_time} %{NUMBER:status} %{NUMBER:body_bytes_sent} \"(?:-|%{WORD:http_referer})\" \"(?:-|%{GREEDYDATA:http_user_agent})\" \"(?:-|%{GREEDYDATA:http_x_forwarded_for})\" \"(?:-|%{WORD:sa_username})\" \"(?:-|%{WORD:request_body})\" \"(?:-|%{WORD:upstream_addr})\""
}
break_on_match => false
}
mutate {
remove_field => ["message","@version","ecs","host","cloud"]
}
}
if "jd_nginx_accesslog" in [tags] {
grok {
match => {
"message" => "%{IPORHOST:remote_addr} - - \[%{HTTPDATE:time_local}\] \"%{WORD:method} (?:-|%{URIPATHPARAM:reqUrl}) (?:HTTP/%{NUMBER})\" (?:-|%{NUMBER:statuscode}) (?:-|%{NUMBER:body_bytes_sent}) \"(%{GREEDYDATA:http_referer}|-)\" \"(%{GREEDYDATA:user_agent}|-)\" \"(?:-|%{GREEDYDATA:http_x_forwarded_for})\""
}
break_on_match => false
}
mutate {
remove_field => ["message","@version","ecs","host","cloud"]
}
}
if "age-nginxaccess-log" in [tags] {
grok {
match => {
"message" => "%{IPORHOST:remote_addr} - - \[%{HTTPDATE:time_local}\] \"%{WORD:method} (?:-|%{URIPATHPARAM:reqUrl}) (?:HTTP/%{NUMBER})\" (?:-|%{NUMBER:statuscode}) (?:-|%{NUMBER:body_bytes_sent}) \"(%{GREEDYDATA:http_referer}|-)\" \"(%{GREEDYDATA:user_agent}|-)\""
}
break_on_match => false
}
mutate {
remove_field => ["@version","ecs","host","cloud"]
}
}
if "int-nginxaccess-log" in [tags] {
grok {
match => {
"message" => "%{HTTPDATE:timestamp} (?:-|%{IPORHOST:http_x_forwarded_for}) (?:-|%{IPORHOST:remote_addr}) (?:-|%{HOSTPORT:upstream_addr}) (?:-|%{GREEDYDATA:http_referer}) (?:-|%{GREEDYDATA:method}) (?:-|%{GREEDYDATA:req_url}) (?:-|%{GREEDYDATA:httpversion}) (?:-|%{NUMBER:request_time}) (?:-|%{NUMBER:upstream_response_time})"
}
}
if "- 10.25.51 - - GET /" in [message] {
drop {}
}
if "- 10.25.52 - - GET /" in [message] {
drop {}
}
if "- 10.23.51 - - GET /" in [message] {
drop {}
}
if "- 10.23.52 - - GET /" in [message] {
drop {}
}
mutate {
remove_field => ["@version","cloud","ecs","host"]
}
}
}
output {
# lumberjack {
# Heka所在服务器IP
# hosts => ["10.1.116.35"]
# Heka LumberjackInput监听的端口
# port => 9250
# Lumberjack Output必须配置ssl,这里用的是一个临时的ssl cer(后文会提供下载地址)
# ssl_certificate => "/etc/logstash/es.cer"
# 指定output格式
# codec => "json"
# }
# 10.1.23.34/35/36
if "ob43-nginxerror-log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "ob43-nginxerror-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "ob43-nginxaccess-log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "ob43-nginxaccess-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
#
else if "listlog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "listlog-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
# 10.1.105.38
else if "bty38-tomcat-log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "管理38-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
# 10.1.105.42
else if "bty42-tomcat-log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "落库42-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
# 10.1.105.43
else if "bty43-tomcat-log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "落库43-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
# 10.1.105.44
else if "bty44-tomcat-log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "数据同步44-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "nginx_error_log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "gw-nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "nginx_access_log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "gw-nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "app_nginx_accesslog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "app_nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "app_nginx_errorlog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "app_nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "bn_nginx_accesslog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "bn_nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "bn_nginx_errorlog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "bn_nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "jd_nginx_accesslog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "jd_nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "jd_nginx_errorlog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "jd_nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "int_nginx_accesslog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "int_nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "int_nginx_errorlog" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "int_nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
# 10.1.13.37/38
else if "ao-nginxerror-log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "ao-nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "ao-nginxaccess-log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "ao-nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "cs-nginxerror-log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "cs-nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "cs-nginxaccess-log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "cs-nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "xw-nginxerror-log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "xw-nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "xw-nginxaccess-log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "xw-nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "sce_nginx_access_log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "sce-nginx-access-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "sce_nginx_error_log" in [tags] {
elasticsearch {
hosts => ["10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200"]
index => "sce-nginx-error-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "int-nginxaccess-log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "int-nginxaccess-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else if "age-nginxaccess-log" in [tags] {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
index => "age-nginxaccess-%{+YYYY.MM.dd}"
http_compression => "true"
ssl => true
ilm_enabled => false
ssl_certificate_verification => true
user => "logstash"
password => "logstash"
cacert => "/etc/logstash/es.cer"
}
}
else {
elasticsearch {
hosts => [ "10.1.53.146:9200","10.1.52.114:9200","10.1.53.197:9200" ]
# hosts => [ "10.1.116.249:9200" ]
user => "logstash"
password => "logstash"
ilm_enabled => false
ssl_certificate_verification => true
ssl => true
cacert => "/etc/logstash/es.cer"
}
}
}
三、启动logstash
systemctl start logstash
systemctl enable logstash
四、安装和配置kiban(安装插件难度高)
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["https://10.1.53.146:9200","https://10.1.52.114:9200","https://10.1.53.197:9200"]
elasticsearch.username: "admin"
elasticsearch.password: "admin"
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opendistro_security.multitenancy.enabled: false
opendistro_security.multitenancy.tenants.enable_global: true
opendistro_security.multitenancy.tenants.enable_private: true
opendistro_security.multitenancy.tenants.preferred: ["Private", "Global", "admin_tenant"]
opendistro_security.multitenancy.enable_filter: false
opendistro_security.allow_client_certificates: true
logging.dest: /usr/share/kibana/log/kibana.log
elasticsearch.ssl.certificateAuthorities: /etc/kibana/es.cer
五、使用nginx反向代理云上css自带kibana
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
upstream kibana-pro {
server 10.1.53.146:5601;
server 10.1.53.197:5601;
server 10.1.52.114:5601;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 5601;
server_name kibana.pro;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass https://kibana-pro;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
最后修改时间:2024-07-09 13:52:03
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
评论
目录
