Centralisation des journaux (pas encore Elastic) #40

Manually merged
jeltz merged 24 commits from logs-first-phase into master 2024-07-01 01:55:28 +02:00
7 changed files with 54 additions and 0 deletions
Showing only changes of commit 9547868c7d - Show all commits

View file

@ -29,6 +29,24 @@
dest: "/etc/nginx/sites-enabled/default"
state: absent
- name: Add 'extended' log format
template:
src: nginx/conf.d/extended_log.conf.j2
dest: /etc/nginx/conf.d/extended_log.conf
owner: root
group: root
mode: 0644
notify: Reload nginx
- name: Add syslog snippet
template:
src: nginx/snippets/syslog.conf.j2
dest: /etc/nginx/snippets/syslog.conf
owner: root
group: root
mode: 0644
notify: Reload nginx
- name: Copy reverse proxy sites
when: reverseproxy is defined
template:

View file

@ -0,0 +1,7 @@
{{ ansible_managed | comment }}
log_format extended
'$remote_addr - $http_x_forwarded_for - $connection '
'$remote_user [$time_local] '
'"$host" "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';

View file

@ -8,6 +8,8 @@ server {
server_name {{ site.from }};
include "/etc/nginx/snippets/syslog.conf";
{% for realip in nginx.real_ip_from %}
set_real_ip_from {{ realip }};
{% endfor %}
@ -25,6 +27,8 @@ server {
server_name {{ site.from }};
include "/etc/nginx/snippets/syslog.conf";
# SSL common conf
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
@ -52,6 +56,8 @@ server {
server_name {{ from }};
include "/etc/nginx/snippets/syslog.conf";
{% for realip in nginx.real_ip_from %}
set_real_ip_from {{ realip }};
{% endfor %}
@ -72,6 +78,8 @@ server {
# SSL common conf
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
include "/etc/nginx/snippets/syslog.conf";
{% for realip in nginx.real_ip_from %}
set_real_ip_from {{ realip }};
{% endfor %}

View file

@ -15,6 +15,8 @@ server {
server_name {{ site.from }};
include "/etc/nginx/snippets/syslog.conf";
{% for realip in nginx.real_ip_from %}
set_real_ip_from {{ realip }};
{% endfor %}
@ -39,6 +41,8 @@ server {
access_log /var/log/nginx/{{ site.from }}.log;
error_log /var/log/nginx/{{ site.from }}_error.log;
include "/etc/nginx/snippets/syslog.conf";
# Keep the TCP connection open a bit for faster browsing
keepalive_timeout 70;

View file

@ -12,6 +12,8 @@ server {
server_name {{ from }};
include "/etc/nginx/snippets/syslog.conf";
{% for realip in nginx.real_ip_from %}
set_real_ip_from {{ realip }};
{% endfor %}
@ -29,6 +31,8 @@ server {
server_name {{ from }};
include "/etc/nginx/snippets/syslog.conf";
# SSL common conf
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";

View file

@ -19,6 +19,9 @@ upstream {{ upstream.name }} {
server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
include "/etc/nginx/snippets/syslog.conf";
include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf";
server_name _;
@ -50,6 +53,8 @@ server {
# Hide Nginx version
server_tokens off;
include "/etc/nginx/snippets/syslog.conf";
{% for realip in nginx.real_ip_from %}
set_real_ip_from {{ realip }};
{% endfor %}
@ -71,6 +76,8 @@ server {
server_name {{ server.server_name|join(" ") }};
charset utf-8;
include "/etc/nginx/snippets/syslog.conf";
# Hide Nginx version
server_tokens off;
@ -98,6 +105,8 @@ server {
server_name {{ server.server_name|join(" ") }};
charset utf-8;
include "/etc/nginx/snippets/syslog.conf";
# Hide Nginx version
server_tokens off;

View file

@ -0,0 +1,4 @@
{{ ansible_managed | comment }}
access_log syslog:server=unix:/dev/log,tag=nginx,nohostname,severity=info extended;
error_log syslog:server=unix:/dev/log,tag=nginx,nohostname,severity=error;