From b995991779a4d480a9d368fe9eff01822f0ed67e Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm@sourcephile.fr>
Date: Wed, 11 Mar 2020 21:34:09 +0100
Subject: [PATCH] nginx: improve logging
---
servers/mermet/nginx.nix | 17 +++++++
servers/mermet/nginx/sourcephile.fr/git.nix | 53 +++++++++++----------
servers/mermet/nginx/sourcephile.fr/www.nix | 12 ++++-
3 files changed, 56 insertions(+), 26 deletions(-)
diff --git a/servers/mermet/nginx.nix b/servers/mermet/nginx.nix
index 49f5b6c..1ab8d6e 100644
--- a/servers/mermet/nginx.nix
+++ b/servers/mermet/nginx.nix
@@ -72,6 +72,19 @@ config = {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
+
+ log_format json escape=json
+ '{'
+ '"time_local":"$time_local",'
+ '"remote_addr":"$remote_addr",'
+ '"status": "$status",'
+ '"request":"$request",'
+ '"body_bytes_sent":"$body_bytes_sent",'
+ '"http_referrer":"$http_referer",'
+ '"http_user_agent":"$http_user_agent",'
+ '"remote_user":"$remote_user",'
+ '"request_time":"$request_time"'
+ '}';
charset UTF-8;
types {
text/html html5;
@@ -166,6 +179,10 @@ config = {
server_names_hash_bucket_size 128;
'';
map = ''
+ map $time_iso8601 $date {
+ default 'date-not-found';
+ '~^(?<year>\d{4})-(?<month>\d{2})-(?<day>\d{2})' $year-$month-$day;
+ }
# User agents that are to be blocked.
#map $http_user_agent $bad_bot {
# default 0;
diff --git a/servers/mermet/nginx/sourcephile.fr/git.nix b/servers/mermet/nginx/sourcephile.fr/git.nix
index 001e923..b5f30b5 100644
--- a/servers/mermet/nginx/sourcephile.fr/git.nix
+++ b/servers/mermet/nginx/sourcephile.fr/git.nix
@@ -1,28 +1,21 @@
{ pkgs, lib, config, ... }:
-let inherit (config) networking;
- inherit (config.services) gitweb gitolite nginx;
- domain = "sourcephile.fr";
- package = pkgs.gitweb.override (lib.optionalAttrs gitweb.gitwebTheme {
- gitwebTheme = true;
- });
- RuntimeDirectory = "gitweb";
- gitwebSocket = "/run/${RuntimeDirectory}/gitweb.sock";
- static-custom = pkgs.writeTextFile {
- name = "static-custom";
- destination = "/static-custom/style.css";
- text = ''
- .project_list {
- width:100%;
- }
- '';
- };
+let
+ inherit (config) networking;
+ inherit (config.services) gitweb gitolite nginx;
+ domain = "sourcephile.fr";
+ srv = "git";
+ gitwebSocket = "/run/gitweb/gitweb.sock";
in
{
services.nginx = {
- virtualHosts."git" = {
- serverName = "git.${domain}";
+ virtualHosts."${srv}" = {
+ serverName = "${srv}.${domain}";
forceSSL = true;
useACMEHost = domain;
+ extraConfig = ''
+ access_log ${nginx.logDir}/${domain}/${srv}/access.log json buffer=32k;
+ error_log ${nginx.logDir}/${domain}/${srv}/error.log warn;
+ '';
locations = {
"/" = {
extraConfig = ''
@@ -35,9 +28,19 @@ in
};
"/static/" = {
alias = "${pkgs.gitweb}/static/";
+ extraConfig = ''
+ access_log off;
+ '';
};
"/static-custom/" = {
- alias = "${static-custom}/static-custom/";
+ root = pkgs.writeTextDir "style.css" ''
+ .project_list {
+ width:100%;
+ }
+ '';
+ extraConfig = ''
+ access_log off;
+ '';
};
"/robots.txt" = {
root = pkgs.writeTextDir "robots.txt" ''
@@ -49,13 +52,15 @@ in
Disallow: /*/snapshot/*
'';
extraConfig = ''
- allow all;
access_log off;
'';
};
};
};
};
+ systemd.services.nginx.preStart = lib.mkBefore ''
+ install -D -d -m 750 -o ${nginx.user} -g ${nginx.group} ${nginx.logDir}/${domain}/${srv}/
+ '';
systemd.services.gitweb = {
description = "GitWeb FastCGI service";
script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
@@ -66,7 +71,7 @@ in
serviceConfig = {
User = gitolite.user;
Group = nginx.group;
- RuntimeDirectory = [ RuntimeDirectory ];
+ RuntimeDirectory = [ "gitweb" ];
Restart = "always";
RestartSec = 10;
};
@@ -89,8 +94,8 @@ in
$export_ok = "git-daemon-export-ok";
$prevent_xss = 0;
@git_base_url_list =
- ( "git://git.${domain}"
- , "git\@git.${domain}:"
+ ( "git://${srv}.${domain}"
+ , "git\@${srv}.${domain}:"
);
# NOTE: more readable URL.
$feature{'pathinfo'}{'default'} = [1];
diff --git a/servers/mermet/nginx/sourcephile.fr/www.nix b/servers/mermet/nginx/sourcephile.fr/www.nix
index cb1a2f4..7bfe10f 100644
--- a/servers/mermet/nginx/sourcephile.fr/www.nix
+++ b/servers/mermet/nginx/sourcephile.fr/www.nix
@@ -2,15 +2,20 @@
let inherit (config) networking;
inherit (config.services) nginx;
domain = "sourcephile.fr";
+ srv = "www";
in
{
services.nginx = {
- virtualHosts."www" = {
- serverName = "www.${domain}";
+ virtualHosts."${srv}" = {
+ serverName = "${srv}.${domain}";
serverAliases = [ domain ];
forceSSL = true;
useACMEHost = domain;
root = "/home/julm/work/sourcephile/doc";
+ extraConfig = ''
+ access_log ${nginx.logDir}/${domain}/${srv}/access.log json buffer=32k;
+ error_log ${nginx.logDir}/${domain}/${srv}/error.log warn;
+ '';
locations."/".extraConfig = ''
#autoindex on;
fancyindex on;
@@ -21,4 +26,7 @@ in
locations."/codes_sources".return = "302 http://git.${domain}";
};
};
+ systemd.services.nginx.preStart = lib.mkBefore ''
+ install -D -d -m 750 -o ${nginx.user} -g ${nginx.group} ${nginx.logDir}/${domain}/${srv}/
+ '';
}
--
2.47.2