wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

nginx: disable ip anonymizing

Browse source
This commit is contained in:
Rouven Seifert 2023-10-08 13:43:04 +02:00
parent 5820741dd2
commit 3d18969471
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
1 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
modules/nginx.nix
View file

@ -9,21 +9,21 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
appendHttpConfig = '' # appendHttpConfig = ''
map $remote_addr $remote_addr_anon { # map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0; # ~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]+:[^:]+): $ip::; # ~(?P<ip>[^:]+:[^:]+): $ip::;
# IP addresses to not anonymize # # IP addresses to not anonymize
127.0.0.1 $remote_addr; # 127.0.0.1 $remote_addr;
::1 $remote_addr; # ::1 $remote_addr;
default 0.0.0.0; # default 0.0.0.0;
} # }
log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" ' # log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' # '$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; # '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log anon_ip; # access_log /var/log/nginx/access.log anon_ip;
''; # '';
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;