wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

anonymize ip adresses in nginx logs

Browse source
This commit is contained in:
Rouven Seifert 2023-03-01 16:39:41 +01:00
parent 7dceb93e89
commit c06161a62a
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
1 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
modules/nginx.nix
View file

@ -1,6 +1,23 @@
{ config, pkgs, ... }:
{
services.nginx.enable = true;
services.nginx = {
enable = true;
appendHttpConfig = ''
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]+:[^:]+): $ip::;
# IP addresses to not anonymize
127.0.0.1 $remote_addr;
::1 $remote_addr;
default 0.0.0.0;
}
log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log anon_ip;
'';
};
security.acme = {
acceptTerms = true;
defaults = {