diff --git a/roles/loki/files/rules.yaml b/roles/loki/files/rules.yaml
index 2ae22208b2bf883586919e84d0f5fa755f1de61f..c9ea6e547cb8fed7801ff01c869709012f6f3bb2 100644
--- a/roles/loki/files/rules.yaml
+++ b/roles/loki/files/rules.yaml
@@ -1 +1,6 @@
-groups: []
+groups:
+ - name: NginxRules
+ interval: 1m
+ rules:
+ - record: nginx:requests:rate1m
+ expr: 'sum by (instance, server_protocol, ssl_protocol, ssl_cipher) (rate({job="nginx"}[1m] | json))'
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
index f2fb8734db0d76659cd4412c849b08c60f024760..bb1344f3ce6a4099381624b3d4644e3aaaeacc04 100644
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -28,12 +28,13 @@ http {
'$remote_addr $host $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" $request_time '
- '$server_protocol';
+ '$server_protocol $ssl_protocol $ssl_cipher';
log_format reduced
'$host [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" $server_protocol';
+ '"$http_user_agent" $server_protocol $ssl_protocol '
+ '$ssl_cipher';
log_format json_main escape=json
'{'
@@ -50,6 +51,8 @@ http {
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"request_time":"$request_time",'
'"server_protocol":"$server_protocol",'
+ '"ssl_protocol":"$ssl_protocol",'
+ '"ssl_cipher":"$ssl_cipher",'
# This was added to keep every log line unique as Loki drops
# log line with the same timestamp and log text:
# https://grafana.com/docs/loki/latest/overview/#timestamp-ordering
@@ -68,6 +71,8 @@ http {
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"server_protocol":"$server_protocol",'
+ '"ssl_protocol":"$ssl_protocol",'
+ '"ssl_cipher":"$ssl_cipher",'
# This was added to keep every log line unique as Loki drops
# log line with the same timestamp and log text:
# https://grafana.com/docs/loki/latest/overview/#timestamp-ordering