wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

nginx: split logs per vhost

Browse source
This commit is contained in:
Rouven Seifert 2023-11-13 09:51:07 +01:00
parent 3e70f7a0fc
commit 075bc2b6fa
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
1 changed files with 36 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
modules/nginx.nix
View file

@ -1,30 +1,43 @@
{ config, pkgs, ... }: { lib, config, pkgs, ... }:
{ {
services.nginx = { services.nginx =
let
# manually write the hosts in here since automatic grabbing leads to an unfixable infinite recursion
hosts = [ "mail" "rspamd" "chat" "matrix" "kpp" "kurse" "git" "ftp" "users" "pad" "list.pad" "manual" "infoscreen" "kanboard" "kb" "lists" "nc" "oc" "sharepic" "vault" "www" "wiki" ];
in
{
additionalModules = [ pkgs.nginxModules.pam ]; additionalModules = [ pkgs.nginxModules.pam ];
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
# split up nginx access logs per vhost
virtualHosts = lib.genAttrs (lib.lists.forEach hosts (h: h + ".ifsr.de")) (host: {
extraConfig = ''
access_log /var/log/nginx/${host}_access.log;
error_log /var/log/nginx/${host}_error.log;
# appendHttpConfig = '' '';
# map $remote_addr $remote_addr_anon { });
# ~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
# ~(?P<ip>[^:]+:[^:]+): $ip::;
# # IP addresses to not anonymize
# 127.0.0.1 $remote_addr;
# ::1 $remote_addr;
# default 0.0.0.0;
# }
# log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# access_log /var/log/nginx/access.log anon_ip; # appendHttpConfig = ''
# ''; # map $remote_addr $remote_addr_anon {
}; # ~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
# ~(?P<ip>[^:]+:[^:]+): $ip::;
# # IP addresses to not anonymize
# 127.0.0.1 $remote_addr;
# ::1 $remote_addr;
# default 0.0.0.0;
# }
# log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# access_log /var/log/nginx/access.log anon_ip;
# '';
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {