From 2cb12d55d1d0c62e23ff20ce1356de6efffa6d1d Mon Sep 17 00:00:00 2001 From: Julien Palard Date: Mon, 13 Feb 2023 23:33:35 +0100 Subject: [PATCH] nginx: Unifying logs, we're at 600+ files in /var/log/nginx, it's unusable. --- afpy.org.yml | 18 ------------------ autoconfig.yml | 4 ---- dl.yml | 8 -------- logs.afpy.org.yml | 4 ---- makemake.yml | 4 ---- ponyconf.yml | 8 -------- pycon.fr.yml | 30 ------------------------------ pydocteur.afpy.org.yml | 4 ---- roles/discourse/tasks/main.yml | 4 ---- roles/gitea/tasks/setup.yml | 4 ---- roles/nginx/defaults/main.yml | 4 ---- roles/nginx/tasks/main.yml | 19 +++++++++++++++++++ 12 files changed, 19 insertions(+), 92 deletions(-) diff --git a/afpy.org.yml b/afpy.org.yml index cf224fe..7440a46 100644 --- a/afpy.org.yml +++ b/afpy.org.yml @@ -46,8 +46,6 @@ { listen [::]:80; listen 80; server_name www.afpy.org afpy.org; - access_log /var/log/nginx/afpy.org-access.log; - error_log /var/log/nginx/afpy.org-error.log; return 301 https://www.afpy.org$request_uri; } @@ -55,8 +53,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name afpy.org; - access_log /var/log/nginx/afpy.org-access.log; - error_log /var/log/nginx/afpy.org-error.log; include snippets/letsencrypt-afpy.org.conf; return 301 https://www.afpy.org$request_uri; } @@ -65,8 +61,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name www.afpy.org; - access_log /var/log/nginx/afpy.org-access.log; - error_log /var/log/nginx/afpy.org-error.log; root /var/www/afpy.org/; include snippets/letsencrypt-afpy.org.conf; index index.html; @@ -211,8 +205,6 @@ { listen [::]:80; listen 80; server_name afpyro.afpy.org; - access_log /var/log/nginx/afpyro.afpy.org-access.log; - error_log /var/log/nginx/afpyro.afpy.org-error.log; return 301 https://discuss.afpy.org/upcoming-events; } @@ -220,8 +212,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name afpyro.afpy.org; - access_log /var/log/nginx/afpyro.afpy.org-access.log; - error_log /var/log/nginx/afpyro.afpy.org-error.log; include snippets/letsencrypt-afpyro.afpy.org.conf; return 301 https://discuss.afpy.org/upcoming-events; } @@ -254,8 +244,6 @@ { listen [::]:80; listen 80; server_name lists.afpy.org; - access_log /var/log/nginx/lists.afpy.org-access.log; - error_log /var/log/nginx/lists.afpy.org-error.log; return 301 https://discuss.afpy.org/; } @@ -263,8 +251,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name lists.afpy.org; - access_log /var/log/nginx/lists.afpy.org-access.log; - error_log /var/log/nginx/lists.afpy.org-error.log; include snippets/letsencrypt-lists.afpy.org.conf; return 301 https://discuss.afpy.org/; } @@ -280,8 +266,6 @@ { listen [::]:80; listen 80; server_name photos.afpy.org; - access_log /var/log/nginx/photos.afpy.org-access.log; - error_log /var/log/nginx/photos.afpy.org-error.log; return 301 https://photos.afpy.org$request_uri; } @@ -289,8 +273,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name photos.afpy.org; - access_log /var/log/nginx/photos.afpy.org-access.log; - error_log /var/log/nginx/photos.afpy.org-error.log; include snippets/letsencrypt-photos.afpy.org.conf; root /var/www/photos.afpy.org/; } diff --git a/autoconfig.yml b/autoconfig.yml index 5691cd8..f8fabf0 100644 --- a/autoconfig.yml +++ b/autoconfig.yml @@ -19,8 +19,6 @@ { listen [::]:80; listen 80; server_name autoconfig.afpy.org autoconfig.pycon.fr; - access_log /var/log/nginx/autoconfig.afpy.org-access.log; - error_log /var/log/nginx/autoconfig.afpy.org-error.log; return 301 https://$host$request_uri; } @@ -28,8 +26,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name autoconfig.afpy.org autoconfig.pycon.fr; - access_log /var/log/nginx/autoconfig.afpy.org-access.log; - error_log /var/log/nginx/autoconfig.afpy.org-error.log; include snippets/letsencrypt-autoconfig.afpy.org.conf; root /var/www/autoconfig.afpy.org; autoindex on; diff --git a/dl.yml b/dl.yml index b95364a..7db2ef1 100644 --- a/dl.yml +++ b/dl.yml @@ -58,8 +58,6 @@ { listen [::]:80; listen 80; server_name dl.afpy.org; - access_log /var/log/nginx/http-access.log; - error_log /var/log/nginx/http-error.log; return 301 https://$host$request_uri; } @@ -67,8 +65,6 @@ { listen [::]:80; listen 80; server_name videos-2015.pycon.fr; - access_log /var/log/nginx/http-access.log; - error_log /var/log/nginx/http-error.log; return 301 https://dl.afpy.org/pycon-fr-15$request_uri; } @@ -76,8 +72,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name videos-2015.pycon.fr; - access_log /var/log/nginx/videos-2015.pycon.fr-access.log; - error_log /var/log/nginx/videos-2015.pycon.fr-error.log; include snippets/letsencrypt-dl.afpy.org.conf; return 301 https://dl.afpy.org/pycon-fr-15$request_uri; } @@ -87,8 +81,6 @@ listen [::]:443 ssl http2; listen 443 ssl http2; server_name dl.afpy.org; charset utf-8; - access_log /var/log/nginx/dl.afpy.org-access.log; - error_log /var/log/nginx/dl.afpy.org-error.log; include snippets/letsencrypt-dl.afpy.org.conf; root /var/www/dl.afpy.org/; diff --git a/logs.afpy.org.yml b/logs.afpy.org.yml index 4ff34c9..e4b2fa9 100644 --- a/logs.afpy.org.yml +++ b/logs.afpy.org.yml @@ -17,8 +17,6 @@ { listen [::]:80; listen 80; server_name logs.afpy.org; - access_log /var/log/nginx/logs.afpy.org-access.log; - error_log /var/log/nginx/logs.afpy.org-error.log; return 301 https://$host$request_uri; } @@ -26,8 +24,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name logs.afpy.org; - access_log /var/log/nginx/logs.afpy.org-access.log; - error_log /var/log/nginx/logs.afpy.org-error.log; include snippets/letsencrypt-logs.afpy.org.conf; location / { diff --git a/makemake.yml b/makemake.yml index fe86225..0f33649 100644 --- a/makemake.yml +++ b/makemake.yml @@ -51,8 +51,6 @@ { listen [::]:80; listen 80; server_name planet.afpy.org; - access_log /var/log/nginx/planet.afpy.org-access.log; - error_log /var/log/nginx/planet.afpy.org-error.log; return 301 https://$host$request_uri; } @@ -60,8 +58,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name planet.afpy.org; - access_log /var/log/nginx/planet.afpy.org-access.log; - error_log /var/log/nginx/planet.afpy.org-error.log; include snippets/letsencrypt-planet.afpy.org.conf; root /home/makemake/www/; } diff --git a/ponyconf.yml b/ponyconf.yml index 305befa..82e92e6 100644 --- a/ponyconf.yml +++ b/ponyconf.yml @@ -48,8 +48,6 @@ { listen [::]:80; listen 80; server_name cfp.pycon.fr; - access_log /var/log/nginx/cfp.pycon.fr-access.log; - error_log /var/log/nginx/cfp.pycon.fr-error.log; return 301 https://cfp-2023.pycon.fr$request_uri; } @@ -57,8 +55,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name cfp.pycon.fr; - access_log /var/log/nginx/cfp.pycon.fr-access.log; - error_log /var/log/nginx/cfp.pycon.fr-error.log; include snippets/letsencrypt-cfp.pycon.fr.conf; return 301 https://cfp-2023.pycon.fr$request_uri; } @@ -75,8 +71,6 @@ { listen [::]:80; listen 80; server_name {{ item.domain }}; - access_log /var/log/nginx/{{ item.domain }}-access.log; - error_log /var/log/nginx/{{ item.domain }}-error.log; return 301 https://{{ item.domain }}$request_uri; } @@ -84,8 +78,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name {{ item.domain }}; - access_log /var/log/nginx/{{ item.domain }}-access.log; - error_log /var/log/nginx/{{ item.domain }}-error.log; include snippets/letsencrypt-{{ item.domain }}.conf; location /static/ { diff --git a/pycon.fr.yml b/pycon.fr.yml index 07d54d8..cd8a3b1 100644 --- a/pycon.fr.yml +++ b/pycon.fr.yml @@ -26,8 +26,6 @@ { listen [::]:80; listen 80; server_name .pycon.fr; - access_log /var/log/nginx/pycon.fr-access.log; - error_log /var/log/nginx/pycon.fr-error.log; return 301 https://$host$request_uri; } @@ -35,8 +33,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name pycon.fr; - access_log /var/log/nginx/pycon.fr-access.log; - error_log /var/log/nginx/pycon.fr-error.log; include snippets/letsencrypt-pycon.fr.conf; return 301 https://www.pycon.fr$request_uri; } @@ -45,8 +41,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name www.pycon.fr; - access_log /var/log/nginx/pycon.fr-access.log; - error_log /var/log/nginx/pycon.fr-error.log; include snippets/letsencrypt-pycon.fr.conf; root /var/www/pycon.fr/; charset utf-8; @@ -80,8 +74,6 @@ { listen [::]:80; listen 80; server_name 2016.pycon.fr; - access_log /var/log/nginx/2016.pycon.fr-access.log; - error_log /var/log/nginx/2016.pycon.fr-error.log; return 301 https://www.pycon.fr/2016/; } @@ -89,8 +81,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name 2016.pycon.fr; - access_log /var/log/nginx/2016.pycon.fr-access.log; - error_log /var/log/nginx/2016.pycon.fr-error.log; include snippets/letsencrypt-2016.pycon.fr.conf; return 301 https://www.pycon.fr/2016/; } @@ -106,8 +96,6 @@ { listen [::]:80; listen 80; server_name 2012.pycon.fr; - access_log /var/log/nginx/2012.pycon.fr-access.log; - error_log /var/log/nginx/2012.pycon.fr-error.log; return 301 https://www.pycon.fr/2012/; } @@ -115,8 +103,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name 2012.pycon.fr; - access_log /var/log/nginx/2012.pycon.fr-access.log; - error_log /var/log/nginx/2012.pycon.fr-error.log; include snippets/letsencrypt-2012.pycon.fr.conf; return 301 https://www.pycon.fr/2012/; } @@ -131,8 +117,6 @@ { listen [::]:80; listen 80; server_name 2011.pycon.fr; - access_log /var/log/nginx/2011.pycon.fr-access.log; - error_log /var/log/nginx/2011.pycon.fr-error.log; return 301 https://www.pycon.fr/2011/; } @@ -140,8 +124,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name 2011.pycon.fr; - access_log /var/log/nginx/2011.pycon.fr-access.log; - error_log /var/log/nginx/2011.pycon.fr-error.log; include snippets/letsencrypt-2011.pycon.fr.conf; return 301 https://www.pycon.fr/2011/; } @@ -156,8 +138,6 @@ { listen [::]:80; listen 80; server_name 2010.pycon.fr; - access_log /var/log/nginx/2010.pycon.fr-access.log; - error_log /var/log/nginx/2010.pycon.fr-error.log; return 301 https://www.pycon.fr/2010/; } @@ -165,8 +145,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name 2010.pycon.fr; - access_log /var/log/nginx/2010.pycon.fr-access.log; - error_log /var/log/nginx/2010.pycon.fr-error.log; include snippets/letsencrypt-2010.pycon.fr.conf; return 301 https://www.pycon.fr/2010/; } @@ -183,8 +161,6 @@ { listen [::]:80; listen 80; server_name paullaroid.pycon.fr; - access_log /var/log/nginx/paullaroid.pycon.fr-access.log; - error_log /var/log/nginx/paullaroid.pycon.fr-error.log; return 301 https://$host$request_uri; } @@ -194,8 +170,6 @@ listen [::]:443 ssl http2; listen 443 ssl http2; charset utf-8; server_name paullaroid.pycon.fr; - access_log /var/log/nginx/paullaroid.pycon.fr-access.log; - error_log /var/log/nginx/paullaroid.pycon.fr-error.log; include snippets/letsencrypt-paullaroid.pycon.fr.conf; root /var/www/paullaroid.pycon.fr/; @@ -212,8 +186,6 @@ { listen [::]:80; listen 80; server_name fr.pycon.org; - access_log /var/log/nginx/fr.pycon.org-access.log; - error_log /var/log/nginx/fr.pycon.org-error.log; return 301 https://www.pycon.fr/; } @@ -221,8 +193,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name fr.pycon.org; - access_log /var/log/nginx/fr.pycon.org-access.log; - error_log /var/log/nginx/fr.pycon.org-error.log; include snippets/letsencrypt-fr.pycon.org.conf; return 301 https://www.pycon.fr/; } diff --git a/pydocteur.afpy.org.yml b/pydocteur.afpy.org.yml index 496477b..d91a1b7 100644 --- a/pydocteur.afpy.org.yml +++ b/pydocteur.afpy.org.yml @@ -22,8 +22,6 @@ { listen [::]:80; listen 80; server_name pydocteur.afpy.org; - access_log /var/log/nginx/pydocteur.afpy.org-access.log; - error_log /var/log/nginx/pydocteur.afpy.org-error.log; return 301 https://$host$request_uri; } @@ -31,8 +29,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name pydocteur.afpy.org; - access_log /var/log/nginx/pydocteur.afpy.org-access.log; - error_log /var/log/nginx/pydocteur.afpy.org-error.log; include snippets/letsencrypt-pydocteur.afpy.org.conf; location / { diff --git a/roles/discourse/tasks/main.yml b/roles/discourse/tasks/main.yml index 9bcfcf0..af61702 100644 --- a/roles/discourse/tasks/main.yml +++ b/roles/discourse/tasks/main.yml @@ -20,8 +20,6 @@ { listen [::]:80; listen 80; server_name {{ discourse_domain }}; - access_log /var/log/nginx/{{ discourse_domain }}-access.log; - error_log /var/log/nginx/{{ discourse_domain }}-error.log; return 301 https://$host$request_uri; } @@ -29,8 +27,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name {{ discourse_domain }}; - access_log /var/log/nginx/{{ discourse_domain }}-access.log; - error_log /var/log/nginx/{{ discourse_domain }}-error.log; include snippets/letsencrypt-{{ discourse_domain }}.conf; client_max_body_size 21m; diff --git a/roles/gitea/tasks/setup.yml b/roles/gitea/tasks/setup.yml index 404be5e..8f4bffd 100644 --- a/roles/gitea/tasks/setup.yml +++ b/roles/gitea/tasks/setup.yml @@ -120,8 +120,6 @@ { listen [::]:80; listen 80; server_name git.afpy.org; - access_log /var/log/nginx/git.afpy.org-access.log; - error_log /var/log/nginx/git.afpy.org-error.log; return 301 https://git.afpy.org$request_uri; } @@ -129,8 +127,6 @@ { listen [::]:443 ssl http2; listen 443 ssl http2; server_name git.afpy.org; - access_log /var/log/nginx/git.afpy.org-access.log; - error_log /var/log/nginx/git.afpy.org-error.log; include snippets/letsencrypt-git.afpy.org.conf; client_max_body_size 16M; diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index cf1a97c..33278a6 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -7,8 +7,6 @@ nginx_conf: | { listen [::]:80; listen 80; server_name {{ nginx_domain }}; - access_log /var/log/nginx/{{ nginx_domain }}-access.log; - error_log /var/log/nginx/{{ nginx_domain }}-error.log; return 301 https://$host$request_uri; } @@ -18,8 +16,6 @@ nginx_conf: | listen [::]:443 ssl http2; listen 443 ssl http2; charset utf-8; server_name {{ nginx_domain }}; - access_log /var/log/nginx/{{ nginx_domain }}-access.log; - error_log /var/log/nginx/{{ nginx_domain }}-error.log; include snippets/letsencrypt-{{ nginx_domain }}.conf; root {{ nginx_path }}; diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index fc1d60e..c5b79e4 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -132,3 +132,22 @@ group: "{{ nginx_owner }}" mode: 0755 when: nginx_owner is defined and nginx_path is defined + +- name: Setup custom log format + copy: + dest: /etc/nginx/conf.d/logging.conf + owner: root + group: root + mode: 0644 + content: | + log_format custom '$host $remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + access_log /var/log/nginx/access.log custom; + +- name: Hide logging setup from nginx.conf + lineinfile: + regex: access_log + state: absent + path: /etc/nginx/nginx.conf + backup: true