anonymize ip adresses in nginx logs

This commit is contained in:
Rouven Seifert 2023-03-01 16:39:41 +01:00
parent 7dceb93e89
commit c06161a62a
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09

View file

@ -1,6 +1,23 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
services.nginx.enable = true; services.nginx = {
enable = true;
appendHttpConfig = ''
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]+:[^:]+): $ip::;
# IP addresses to not anonymize
127.0.0.1 $remote_addr;
::1 $remote_addr;
default 0.0.0.0;
}
log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log anon_ip;
'';
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {