first test for nginx logging

2025-12-13 07:45:54 +00:00 · 2022-01-16 10:02:51 +01:00 · 2022-01-16 10:02:51 +01:00 · b8148eb21e
commit b8148eb21e
parent 8e7dff0bcf
7 changed files with 31 additions and 18 deletions
--- a/deployment/bare_metal/.env.dist
+++ b/deployment/bare_metal/.env.dist
@ -10,6 +10,7 @@ NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem
 NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem
 NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf
 NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page
 NGINX_LOG_PATH=/home/gradido/gradido/deployment/bare_metal/log
 # webhook
 WEBHOOK_GITHUB_SECRET=secret
--- a/deployment/bare_metal/nginx/common/logging.conf
+++ b/deployment/bare_metal/nginx/common/logging.conf
@ -0,0 +1,4 @@
 log_format gradido_log '$http_x_forwarded_for - $remote_user [$time_local] '
 '"$request_method $scheme://$host$request_uri $server_protocol" '
 '$status $body_bytes_sent "$http_referer" '
 '"$http_user_agent" $request_time';
--- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template
+++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template
@ -21,7 +21,7 @@ server {
    include /etc/nginx/common/protect.conf;
    include /etc/nginx/common/protect_add_header.conf;
-	#include /etc/nginx/common/ssl.conf;
+	include /etc/nginx/common/logging.conf
    #gzip_static  on;
    gzip on;
@ -52,6 +52,8 @@ server {
 		proxy_pass         http://127.0.0.1:3000;
 		proxy_redirect     off;
        access_log $NGINX_LOG_PATH/nginx-access.frontend.log gradido_log;
 	}
    # Backend
@ -65,6 +67,8 @@ server {
        proxy_pass         http://127.0.0.1:4000;
        proxy_redirect     off;
        access_log $NGINX_LOG_PATH/nginx-access.backend.log gradido_log;
    }
    # Backend webhooks
@ -78,11 +82,15 @@ server {
        proxy_pass         http://127.0.0.1:4000/hook;
        proxy_redirect     off;
        access_log $NGINX_LOG_PATH/nginx-access.backend.hook.log gradido_log;
    }
    # Webhook reverse proxy
    location /hooks/ {
        proxy_pass http://127.0.0.1:9000/hooks/;
        access_log $NGINX_LOG_PATH/nginx-access.hooks.log gradido_log;
    }
    # Admin Frontend
@ -96,6 +104,8 @@ server {
        proxy_pass         http://127.0.0.1:8080/;
        proxy_redirect     off;
        access_log $NGINX_LOG_PATH/nginx-access.admin.log gradido_log;
    }
    # TODO this could be a performance optimization
@ -108,6 +118,4 @@ server {
    #    }
    #    try_files $uri $uri/ /index.html = 404;
    #}
    #access_log /var/log/nginx/access.log main;
 }
--- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template
+++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template
@ -6,7 +6,7 @@ server {
    include /etc/nginx/common/protect.conf;
    include /etc/nginx/common/protect_add_header.conf;
-	#include /etc/nginx/common/ssl.conf;
+	include /etc/nginx/common/logging.conf
    #gzip_static  on;
    gzip on;
@ -37,6 +37,8 @@ server {
 		proxy_pass         http://127.0.0.1:3000;
 		proxy_redirect     off;
        access_log $NGINX_LOG_PATH/nginx-access.frontend.log gradido_log;
 	}
    # Backend
@ -50,6 +52,8 @@ server {
        proxy_pass         http://127.0.0.1:4000;
        proxy_redirect     off;
        access_log $NGINX_LOG_PATH/nginx-access.backend.log gradido_log;
    }
    # Backend webhooks
@ -64,11 +68,15 @@ server {
        # no trailing slash to keep the hook/ prefix
        proxy_pass         http://127.0.0.1:4000/hook;
        proxy_redirect     off;
        access_log $NGINX_LOG_PATH/nginx-access.backend.hook.log gradido_log;
    }
    # Webhook reverse proxy
    location /hooks/ {
        proxy_pass http://127.0.0.1:9000/hooks/;
        access_log $NGINX_LOG_PATH/nginx-access.hooks.log gradido_log;
    }
    # Admin Frontend
@ -82,6 +90,8 @@ server {
        proxy_pass         http://127.0.0.1:8080/;
        proxy_redirect     off;
        access_log $NGINX_LOG_PATH/nginx-access.admin.log gradido_log;
    }
    # TODO this could be a performance optimization
@ -94,6 +104,4 @@ server {
    #    }
    #    try_files $uri $uri/ /index.html = 404;
    #}
    #access_log /var/log/nginx/access.log main;
 }
--- a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template
+++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template
@ -21,6 +21,7 @@ server {
    include /etc/nginx/common/protect.conf;
    include /etc/nginx/common/protect_add_header.conf;
    include /etc/nginx/common/logging.conf
    gzip on;
@ -31,7 +32,6 @@ server {
        try_files /updating.html =404;
    }
-    #access_log /var/log/nginx/access.log main;
+    access_log $NGINX_LOG_PATH/nginx-access.update-page.log gradido_log;
 }
--- a/deployment/bare_metal/nginx/sites-available/update-page.conf.template
+++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.template
@ -6,6 +6,7 @@ server {
    include /etc/nginx/common/protect.conf;
    include /etc/nginx/common/protect_add_header.conf;
    include /etc/nginx/common/logging.conf
    gzip on;
@ -16,6 +17,6 @@ server {
      try_files /updating.html =404;
    }
-    #access_log /var/log/nginx/access.log main;
+    access_log $NGINX_LOG_PATH/nginx-access.update-page.log gradido_log;
 }
--- a/deployment/bare_metal/old/setup_server_online_ubuntu18.sh
+++ b/deployment/bare_metal/old/setup_server_online_ubuntu18.sh
@ -1,12 +1,3 @@
 # nginx security
 cd /etc/nginx/conf.d
 sudo cat <<EOF > logging.conf
 log_format main '$http_x_forwarded_for - $remote_user [$time_local] '
 '"$request_method $scheme://$host$request_uri $server_protocol" '
 '$status $body_bytes_sent "$http_referer" '
 '"$http_user_agent" $request_time';
 EOF
 # phpmyadmin
 echo "install and secure phpmyadmin"
 sudo apt install phpmyadmin