Merge pull request #25 from fsr/dsgvo-fix

Anonymize ip adresses in nginx logs
This commit is contained in:
Rouven Seifert 2023-03-03 21:52:13 +01:00 committed by GitHub
commit 1c547557c9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,6 +1,23 @@
{ config, pkgs, ... }:
{
services.nginx.enable = true;
services.nginx = {
enable = true;
appendHttpConfig = ''
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]+:[^:]+): $ip::;
# IP addresses to not anonymize
127.0.0.1 $remote_addr;
::1 $remote_addr;
default 0.0.0.0;
}
log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log anon_ip;
'';
};
security.acme = {
acceptTerms = true;
defaults = {