IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-12 23:35:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

first test for nginx logging

Browse Source
This commit is contained in:
Ulf Gebhardt 2022-01-16 10:02:51 +01:00
parent 8e7dff0bcf
commit b8148eb21e
Signed by: ulfgebhardt
GPG Key ID: DA6B843E748679C9
7 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deployment/bare_metal/.env.dist
View File

@ -10,6 +10,7 @@ NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem
NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem
NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf
NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page
NGINX_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log
# webhook
WEBHOOK_GITHUB_SECRET=secret

4
deployment/bare_metal/nginx/common/logging.conf Normal file
View File

@ -0,0 +1,4 @@
log_format gradido_log '$http_x_forwarded_for - $remote_user [$time_local] '
'"$request_method $scheme://$host$request_uri $server_protocol" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $request_time';

14
deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template
View File

@ -21,7 +21,7 @@ server {
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
#include /etc/nginx/common/ssl.conf;
include /etc/nginx/common/logging.conf
#gzip_static on;
gzip on;
@ -52,6 +52,8 @@ server {
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
access_log $NGINX_LOG_PATH/nginx-access.frontend.log gradido_log;
}
# Backend
@ -65,6 +67,8 @@ server {
proxy_pass http://127.0.0.1:4000;
proxy_redirect off;
access_log $NGINX_LOG_PATH/nginx-access.backend.log gradido_log;
}
# Backend webhooks
@ -78,11 +82,15 @@ server {
proxy_pass http://127.0.0.1:4000/hook;
proxy_redirect off;
access_log $NGINX_LOG_PATH/nginx-access.backend.hook.log gradido_log;
}
# Webhook reverse proxy
location /hooks/ {
proxy_pass http://127.0.0.1:9000/hooks/;
access_log $NGINX_LOG_PATH/nginx-access.hooks.log gradido_log;
}
# Admin Frontend
@ -96,6 +104,8 @@ server {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
access_log $NGINX_LOG_PATH/nginx-access.admin.log gradido_log;
}
# TODO this could be a performance optimization
@ -108,6 +118,4 @@ server {
# }
# try_files $uri $uri/ /index.html = 404;
#}
#access_log /var/log/nginx/access.log main;
}

14
deployment/bare_metal/nginx/sites-available/gradido.conf.template
View File

@ -6,7 +6,7 @@ server {
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
#include /etc/nginx/common/ssl.conf;
include /etc/nginx/common/logging.conf
#gzip_static on;
gzip on;
@ -37,6 +37,8 @@ server {
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
access_log $NGINX_LOG_PATH/nginx-access.frontend.log gradido_log;
}
# Backend
@ -50,6 +52,8 @@ server {
proxy_pass http://127.0.0.1:4000;
proxy_redirect off;
access_log $NGINX_LOG_PATH/nginx-access.backend.log gradido_log;
}
# Backend webhooks
@ -64,11 +68,15 @@ server {
# no trailing slash to keep the hook/ prefix
proxy_pass http://127.0.0.1:4000/hook;
proxy_redirect off;
access_log $NGINX_LOG_PATH/nginx-access.backend.hook.log gradido_log;
}
# Webhook reverse proxy
location /hooks/ {
proxy_pass http://127.0.0.1:9000/hooks/;
access_log $NGINX_LOG_PATH/nginx-access.hooks.log gradido_log;
}
# Admin Frontend
@ -82,6 +90,8 @@ server {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
access_log $NGINX_LOG_PATH/nginx-access.admin.log gradido_log;
}
# TODO this could be a performance optimization
@ -94,6 +104,4 @@ server {
# }
# try_files $uri $uri/ /index.html = 404;
#}
#access_log /var/log/nginx/access.log main;
}

4
deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template
View File

@ -21,6 +21,7 @@ server {
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
include /etc/nginx/common/logging.conf
gzip on;
@ -31,7 +32,6 @@ server {
try_files /updating.html =404;
}
#access_log /var/log/nginx/access.log main;
access_log $NGINX_LOG_PATH/nginx-access.update-page.log gradido_log;
}

3
deployment/bare_metal/nginx/sites-available/update-page.conf.template
View File

@ -6,6 +6,7 @@ server {
include /etc/nginx/common/protect.conf;
include /etc/nginx/common/protect_add_header.conf;
include /etc/nginx/common/logging.conf
gzip on;
@ -16,6 +17,6 @@ server {
try_files /updating.html =404;
}
#access_log /var/log/nginx/access.log main;
access_log $NGINX_LOG_PATH/nginx-access.update-page.log gradido_log;
}

9
deployment/bare_metal/old/setup_server_online_ubuntu18.sh
View File

@ -1,12 +1,3 @@
# nginx security
cd /etc/nginx/conf.d
sudo cat <<EOF > logging.conf
log_format main '$http_x_forwarded_for - $remote_user [$time_local] '
'"$request_method $scheme://$host$request_uri $server_protocol" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $request_time';
EOF
# phpmyadmin
echo "install and secure phpmyadmin"
sudo apt install phpmyadmin