From b8148eb21e47ab0feee5fa97bfe2faa06b9a15f0 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sun, 16 Jan 2022 10:02:51 +0100 Subject: [PATCH] first test for nginx logging --- deployment/bare_metal/.env.dist | 1 + deployment/bare_metal/nginx/common/logging.conf | 4 ++++ .../sites-available/gradido.conf.ssl.template | 14 +++++++++++--- .../nginx/sites-available/gradido.conf.template | 14 +++++++++++--- .../sites-available/update-page.conf.ssl.template | 4 ++-- .../sites-available/update-page.conf.template | 3 ++- .../bare_metal/old/setup_server_online_ubuntu18.sh | 9 --------- 7 files changed, 31 insertions(+), 18 deletions(-) create mode 100644 deployment/bare_metal/nginx/common/logging.conf diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 684dc1eab..3349e73b3 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -10,6 +10,7 @@ NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page +NGINX_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log # webhook WEBHOOK_GITHUB_SECRET=secret diff --git a/deployment/bare_metal/nginx/common/logging.conf b/deployment/bare_metal/nginx/common/logging.conf new file mode 100644 index 000000000..feebfe814 --- /dev/null +++ b/deployment/bare_metal/nginx/common/logging.conf @@ -0,0 +1,4 @@ +log_format gradido_log '$http_x_forwarded_for - $remote_user [$time_local] ' + '"$request_method $scheme://$host$request_uri $server_protocol" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" $request_time'; \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 4137b12a4..ea01e4a13 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -21,7 +21,7 @@ server { include /etc/nginx/common/protect.conf; include /etc/nginx/common/protect_add_header.conf; - #include /etc/nginx/common/ssl.conf; + include /etc/nginx/common/logging.conf #gzip_static on; gzip on; @@ -52,6 +52,8 @@ server { proxy_pass http://127.0.0.1:3000; proxy_redirect off; + + access_log $NGINX_LOG_PATH/nginx-access.frontend.log gradido_log; } # Backend @@ -65,6 +67,8 @@ server { proxy_pass http://127.0.0.1:4000; proxy_redirect off; + + access_log $NGINX_LOG_PATH/nginx-access.backend.log gradido_log; } # Backend webhooks @@ -78,11 +82,15 @@ server { proxy_pass http://127.0.0.1:4000/hook; proxy_redirect off; + + access_log $NGINX_LOG_PATH/nginx-access.backend.hook.log gradido_log; } # Webhook reverse proxy location /hooks/ { proxy_pass http://127.0.0.1:9000/hooks/; + + access_log $NGINX_LOG_PATH/nginx-access.hooks.log gradido_log; } # Admin Frontend @@ -96,6 +104,8 @@ server { proxy_pass http://127.0.0.1:8080/; proxy_redirect off; + + access_log $NGINX_LOG_PATH/nginx-access.admin.log gradido_log; } # TODO this could be a performance optimization @@ -108,6 +118,4 @@ server { # } # try_files $uri $uri/ /index.html = 404; #} - - #access_log /var/log/nginx/access.log main; } \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 4d982f91c..bf315c0a6 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -6,7 +6,7 @@ server { include /etc/nginx/common/protect.conf; include /etc/nginx/common/protect_add_header.conf; - #include /etc/nginx/common/ssl.conf; + include /etc/nginx/common/logging.conf #gzip_static on; gzip on; @@ -37,6 +37,8 @@ server { proxy_pass http://127.0.0.1:3000; proxy_redirect off; + + access_log $NGINX_LOG_PATH/nginx-access.frontend.log gradido_log; } # Backend @@ -50,6 +52,8 @@ server { proxy_pass http://127.0.0.1:4000; proxy_redirect off; + + access_log $NGINX_LOG_PATH/nginx-access.backend.log gradido_log; } # Backend webhooks @@ -64,11 +68,15 @@ server { # no trailing slash to keep the hook/ prefix proxy_pass http://127.0.0.1:4000/hook; proxy_redirect off; + + access_log $NGINX_LOG_PATH/nginx-access.backend.hook.log gradido_log; } # Webhook reverse proxy location /hooks/ { proxy_pass http://127.0.0.1:9000/hooks/; + + access_log $NGINX_LOG_PATH/nginx-access.hooks.log gradido_log; } # Admin Frontend @@ -82,6 +90,8 @@ server { proxy_pass http://127.0.0.1:8080/; proxy_redirect off; + + access_log $NGINX_LOG_PATH/nginx-access.admin.log gradido_log; } # TODO this could be a performance optimization @@ -94,6 +104,4 @@ server { # } # try_files $uri $uri/ /index.html = 404; #} - - #access_log /var/log/nginx/access.log main; } \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template index d2205c883..01fee510a 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template @@ -21,6 +21,7 @@ server { include /etc/nginx/common/protect.conf; include /etc/nginx/common/protect_add_header.conf; + include /etc/nginx/common/logging.conf gzip on; @@ -31,7 +32,6 @@ server { try_files /updating.html =404; } - #access_log /var/log/nginx/access.log main; - + access_log $NGINX_LOG_PATH/nginx-access.update-page.log gradido_log; } diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.template index 79fc22de9..a5f4fdfc1 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.template @@ -6,6 +6,7 @@ server { include /etc/nginx/common/protect.conf; include /etc/nginx/common/protect_add_header.conf; + include /etc/nginx/common/logging.conf gzip on; @@ -16,6 +17,6 @@ server { try_files /updating.html =404; } - #access_log /var/log/nginx/access.log main; + access_log $NGINX_LOG_PATH/nginx-access.update-page.log gradido_log; } diff --git a/deployment/bare_metal/old/setup_server_online_ubuntu18.sh b/deployment/bare_metal/old/setup_server_online_ubuntu18.sh index 86059a815..7cc267e33 100644 --- a/deployment/bare_metal/old/setup_server_online_ubuntu18.sh +++ b/deployment/bare_metal/old/setup_server_online_ubuntu18.sh @@ -1,12 +1,3 @@ -# nginx security -cd /etc/nginx/conf.d -sudo cat < logging.conf -log_format main '$http_x_forwarded_for - $remote_user [$time_local] ' - '"$request_method $scheme://$host$request_uri $server_protocol" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" $request_time'; -EOF - # phpmyadmin echo "install and secure phpmyadmin" sudo apt install phpmyadmin