Verified Commit f5ee7a08 authored by Florian Pritz's avatar Florian Pritz
Browse files

nginx: Reduce access log content for static data



For proxy/fastcgi/uwsgi blocks, logging is still set to the old format,
but for everything else (= static data) a reduced format is used that
excludes items that no longer make sense (request_time, remote_user) and
those that are personal information all the time (remote_addr, http_x_forwarded_for).
Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent ebd659d6
......@@ -4,7 +4,7 @@ server {
server_name {{ arch32_mirror_domain }} pool.mirror.archlinux32.org;
root {{ arch32_mirror_dir }};
access_log /var/log/nginx/{{ arch32_mirror_domain }}/access.log main;
access_log /var/log/nginx/{{ arch32_mirror_domain }}/access.log reduced;
error_log /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -18,7 +18,7 @@ server {
server_name {{ arch32_mirror_domain }};
root {{ arch32_mirror_dir }};
access_log /var/log/nginx/{{ arch32_mirror_domain }}/access.log main;
access_log /var/log/nginx/{{ arch32_mirror_domain }}/access.log reduced;
error_log /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem;
......
......@@ -3,7 +3,7 @@ server {
listen [::]:80;
server_name {{ archive_domain }};
access_log /var/log/nginx/{{ archive_domain }}/access.log main;
access_log /var/log/nginx/{{ archive_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archive_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -19,7 +19,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ archive_domain }};
access_log /var/log/nginx/{{ archive_domain }}/access.log main;
access_log /var/log/nginx/{{ archive_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archive_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ archive_domain }}/fullchain.pem;
......
......@@ -9,7 +9,7 @@ server {
listen [::]:80;
server_name {{ domain }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -25,7 +25,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ domain }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ archweb_domain }}/fullchain.pem;
......@@ -53,7 +53,7 @@ server {
listen [::]:80;
server_name {{ archweb_domain }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -75,7 +75,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ archweb_domain }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archweb_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ archweb_domain }}/fullchain.pem;
......@@ -135,6 +135,7 @@ server {
}
location / {
access_log /var/log/nginx/{{ archweb_domain }}/access.log main;
include uwsgi_params;
uwsgi_pass archweb;
}
......
......@@ -7,7 +7,7 @@ server {
listen [::]:80;
server_name {{ archwiki_domain }};
access_log /var/log/nginx/{{ archwiki_domain }}/access.log main;
access_log /var/log/nginx/{{ archwiki_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archwiki_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -23,7 +23,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ archwiki_domain }};
access_log /var/log/nginx/{{ archwiki_domain }}/access.log main;
access_log /var/log/nginx/{{ archwiki_domain }}/access.log reduced;
error_log /var/log/nginx/{{ archwiki_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ archwiki_domain }}/fullchain.pem;
......@@ -40,6 +40,7 @@ server {
# special case due to our '/index.php/Main_Page' type URLs
location ~ ^/(?:index|redirect)\.php(?:/.*)$ {
access_log /var/log/nginx/{{ archwiki_domain }}/access.log main;
fastcgi_pass archwiki;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
......@@ -51,6 +52,7 @@ server {
# normal PHP FastCGI handler
location ~ ^/[^/]+\.php$ {
access_log /var/log/nginx/{{ archwiki_domain }}/access.log main;
fastcgi_pass archwiki;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
......
......@@ -7,7 +7,7 @@ server {
listen [::]:80;
server_name {{ flyspray_domain }};
access_log /var/log/nginx/{{ flyspray_domain }}/access.log main;
access_log /var/log/nginx/{{ flyspray_domain }}/access.log reduced;
error_log /var/log/nginx/{{ flyspray_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -23,7 +23,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ flyspray_domain }};
access_log /var/log/nginx/{{ flyspray_domain }}/access.log main;
access_log /var/log/nginx/{{ flyspray_domain }}/access.log reduced;
error_log /var/log/nginx/{{ flyspray_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ flyspray_domain }}/fullchain.pem;
......@@ -120,6 +120,7 @@ server {
}
location ~ \.php$ {
access_log /var/log/nginx/{{ flyspray_domain }}/access.log main;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass flyspray;
......
......@@ -7,7 +7,7 @@ server {
listen [::]:80;
server_name {{ grafana_domain }};
access_log /var/log/nginx/{{ grafana_domain }}/access.log main;
access_log /var/log/nginx/{{ grafana_domain }}/access.log reduced;
error_log /var/log/nginx/{{ grafana_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -23,7 +23,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ grafana_domain }};
access_log /var/log/nginx/{{ grafana_domain }}/access.log main;
access_log /var/log/nginx/{{ grafana_domain }}/access.log reduced;
error_log /var/log/nginx/{{ grafana_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ grafana_domain }}/fullchain.pem;
......@@ -33,6 +33,7 @@ server {
root {{ grafana_domain }};
location / {
access_log /var/log/nginx/{{ grafana_domain }}/access.log main;
proxy_pass http://grafana;
}
}
......@@ -7,7 +7,7 @@ server {
listen [::]:80;
server_name {{ kanboard_domain }};
access_log /var/log/nginx/{{ kanboard_domain }}/access.log main;
access_log /var/log/nginx/{{ kanboard_domain }}/access.log reduced;
error_log /var/log/nginx/{{ kanboard_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -23,7 +23,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ kanboard_domain }};
access_log /var/log/nginx/{{ kanboard_domain }}/access.log main;
access_log /var/log/nginx/{{ kanboard_domain }}/access.log reduced;
error_log /var/log/nginx/{{ kanboard_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ kanboard_domain }}/fullchain.pem;
......@@ -39,6 +39,7 @@ server {
}
location ~ \.php$ {
access_log /var/log/nginx/{{ kanboard_domain }}/access.log main;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
......
......@@ -3,7 +3,7 @@ server {
listen [::]:80;
server_name mailman.archlinux.org;
access_log /var/log/nginx/{{ mailman_domain }}/access.log main;
access_log /var/log/nginx/{{ mailman_domain }}/access.log reduced;
error_log /var/log/nginx/{{ mailman_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -19,7 +19,7 @@ server {
listen [::]:443 ssl http2;
server_name mailman.archlinux.org;
access_log /var/log/nginx/{{ mailman_domain }}/access.log main;
access_log /var/log/nginx/{{ mailman_domain }}/access.log reduced;
error_log /var/log/nginx/{{ mailman_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/mailman.archlinux.org/fullchain.pem;
......
......@@ -7,7 +7,7 @@ server {
listen [::]:80;
server_name {{ matrix_domain }};
access_log /var/log/nginx/{{ matrix_domain }}/access.log main;
access_log /var/log/nginx/{{ matrix_domain }}/access.log reduced;
error_log /var/log/nginx/{{ matrix_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -23,7 +23,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ matrix_domain }};
access_log /var/log/nginx/{{ matrix_domain }}/access.log main;
access_log /var/log/nginx/{{ matrix_domain }}/access.log reduced;
error_log /var/log/nginx/{{ matrix_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem;
......@@ -31,6 +31,7 @@ server {
ssl_trusted_certificate /etc/letsencrypt/live/{{ matrix_domain }}/chain.pem;
location /_matrix {
access_log /var/log/nginx/{{ matrix_domain }}/access.log main;
proxy_pass http://matrix;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 900s;
......
......@@ -16,6 +16,9 @@ http {
log_format main '$remote_addr $host $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" $request_time';
log_format reduced '$host [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
sendfile on;
keepalive_timeout 65;
......
......@@ -7,7 +7,7 @@ server {
listen [::]:80;
server_name {{ patchwork_domain }};
access_log /var/log/nginx/{{ patchwork_domain }}/access.log main;
access_log /var/log/nginx/{{ patchwork_domain }}/access.log reduced;
error_log /var/log/nginx/{{ patchwork_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -23,7 +23,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ patchwork_domain }};
access_log /var/log/nginx/{{ patchwork_domain }}/access.log main;
access_log /var/log/nginx/{{ patchwork_domain }}/access.log reduced;
error_log /var/log/nginx/{{ patchwork_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ patchwork_domain }}/fullchain.pem;
......@@ -35,6 +35,7 @@ server {
}
location / {
access_log /var/log/nginx/{{ patchwork_domain }}/access.log main;
include uwsgi_params;
uwsgi_pass patchwork;
}
......
......@@ -3,7 +3,7 @@ server {
listen [::]:80;
server_name {{ planet_domain }};
access_log /var/log/nginx/{{ planet_domain }}/access.log main;
access_log /var/log/nginx/{{ planet_domain }}/access.log reduced;
error_log /var/log/nginx/{{ planet_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -19,7 +19,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ planet_domain }};
access_log /var/log/nginx/{{ planet_domain }}/access.log main;
access_log /var/log/nginx/{{ planet_domain }}/access.log reduced;
error_log /var/log/nginx/{{ planet_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ planet_domain }}/fullchain.pem;
......
......@@ -4,7 +4,7 @@ server {
server_name {{ public_domain }} www.{{ public_domain }};
root /srv/public_html;
access_log /var/log/nginx/{{ public_domain }}/access.log main;
access_log /var/log/nginx/{{ public_domain }}/access.log reduced;
error_log /var/log/nginx/{{ public_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -22,7 +22,7 @@ server {
server_name {{ public_domain }} www.{{ public_domain }};
root /srv/public_html;
access_log /var/log/nginx/{{ public_domain }}/access.log main;
access_log /var/log/nginx/{{ public_domain }}/access.log reduced;
error_log /var/log/nginx/{{ public_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ public_domain }}/fullchain.pem;
......
......@@ -7,7 +7,7 @@ server {
listen [::]:80;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log main;
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log reduced;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -23,7 +23,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log main;
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log reduced;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/fullchain.pem;
......@@ -40,6 +40,7 @@ server {
}
location / {
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log main;
include uwsgi_params;
uwsgi_pass security-tracker;
}
......
......@@ -3,7 +3,7 @@ server {
listen [::]:80;
server_name {{ sources_domain }};
access_log /var/log/nginx/{{ sources_domain }}/access.log main;
access_log /var/log/nginx/{{ sources_domain }}/access.log reduced;
error_log /var/log/nginx/{{ sources_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -19,7 +19,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ sources_domain }};
access_log /var/log/nginx/{{ sources_domain }}/access.log main;
access_log /var/log/nginx/{{ sources_domain }}/access.log reduced;
error_log /var/log/nginx/{{ sources_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ sources_domain }}/fullchain.pem;
......
......@@ -4,7 +4,7 @@ server {
server_name {{ mirror_domain }};
root /srv/ftp;
access_log /var/log/nginx/{{ mirror_domain }}/access.log main;
access_log /var/log/nginx/{{ mirror_domain }}/access.log reduced;
error_log /var/log/nginx/{{ mirror_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -18,7 +18,7 @@ server {
server_name {{ mirror_domain }};
root /srv/ftp;
access_log /var/log/nginx/{{ mirror_domain }}/access.log main;
access_log /var/log/nginx/{{ mirror_domain }}/access.log reduced;
error_log /var/log/nginx/{{ mirror_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
......
......@@ -7,7 +7,7 @@ server {
listen [::]:80;
server_name {{ zabbix_domain }};
access_log /var/log/nginx/{{ zabbix_domain }}/access.log main;
access_log /var/log/nginx/{{ zabbix_domain }}/access.log reduced;
error_log /var/log/nginx/{{ zabbix_domain }}/error.log;
include snippets/letsencrypt.conf;
......@@ -23,7 +23,7 @@ server {
listen [::]:443 ssl http2;
server_name {{ zabbix_domain }};
access_log /var/log/nginx/{{ zabbix_domain }}/access.log main;
access_log /var/log/nginx/{{ zabbix_domain }}/access.log reduced;
error_log /var/log/nginx/{{ zabbix_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ zabbix_domain }}/fullchain.pem;
......@@ -39,6 +39,7 @@ server {
}
location ~ \.php$ {
access_log /var/log/nginx/{{ zabbix_domain }}/access.log main;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment