generated from nhcarrigan/template
refactor: extract custom nginx.conf settings into conf.d files
Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m6s
Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m6s
Moves custom log formats to conf.d/logging.conf and the server_names_hash_bucket_size tweak to conf.d/tuning.conf, leaving nginx.conf as close to stock as possible.
This commit is contained in:
@@ -0,0 +1,47 @@
|
|||||||
|
log_format custom_format '$remote_addr - $remote_user [$time_local] '
|
||||||
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent" '
|
||||||
|
'"$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log custom_format;
|
||||||
|
|
||||||
|
log_format json_analytics escape=json '{'
|
||||||
|
'"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
|
||||||
|
'"connection": "$connection", ' # connection serial number
|
||||||
|
'"connection_requests": "$connection_requests", ' # number of requests made in connection
|
||||||
|
'"pid": "$pid", ' # process pid
|
||||||
|
'"request_id": "$request_id", ' # the unique request id
|
||||||
|
'"request_length": "$request_length", ' # request length (including headers and body)
|
||||||
|
'"remote_addr": "$remote_addr", ' # client IP
|
||||||
|
'"remote_user": "$remote_user", ' # client HTTP username
|
||||||
|
'"remote_port": "$remote_port", ' # client port
|
||||||
|
'"time_local": "$time_local", '
|
||||||
|
'"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
|
||||||
|
'"request": "$request", ' # full path no arguments if the request
|
||||||
|
'"request_uri": "$request_uri", ' # full path and arguments if the request
|
||||||
|
'"args": "$args", ' # args
|
||||||
|
'"status": "$status", ' # response status code
|
||||||
|
'"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
|
||||||
|
'"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
|
||||||
|
'"http_referer": "$http_referer", ' # HTTP referer
|
||||||
|
'"http_user_agent": "$http_user_agent", ' # user agent
|
||||||
|
'"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
|
||||||
|
'"http_host": "$http_host", ' # the request Host: header
|
||||||
|
'"server_name": "$server_name", ' # the name of the vhost serving the request
|
||||||
|
'"request_time": "$request_time", ' # request processing time in seconds with msec resolution
|
||||||
|
'"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
|
||||||
|
'"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
|
||||||
|
'"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
|
||||||
|
'"upstream_response_time": "$upstream_response_time", ' # time spent receiving upstream body
|
||||||
|
'"upstream_response_length": "$upstream_response_length", ' # upstream response length
|
||||||
|
'"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
|
||||||
|
'"ssl_protocol": "$ssl_protocol", ' # TLS protocol
|
||||||
|
'"ssl_cipher": "$ssl_cipher", ' # TLS cipher
|
||||||
|
'"scheme": "$scheme", ' # http or https
|
||||||
|
'"request_method": "$request_method", ' # request method
|
||||||
|
'"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
|
||||||
|
'"pipe": "$pipe", ' # "p" if request was pipelined, "." otherwise
|
||||||
|
'"gzip_ratio": "$gzip_ratio", '
|
||||||
|
'}';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/json_access.log json_analytics;
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
server_names_hash_bucket_size 128;
|
||||||
+1
-50
@@ -13,7 +13,6 @@ http {
|
|||||||
##
|
##
|
||||||
# Basic Settings
|
# Basic Settings
|
||||||
##
|
##
|
||||||
server_names_hash_bucket_size 128;
|
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
@@ -61,55 +60,7 @@ http {
|
|||||||
include /etc/nginx/sites-enabled/*;
|
include /etc/nginx/sites-enabled/*;
|
||||||
|
|
||||||
# Look at the real IP, not the cloudflare IP.
|
# Look at the real IP, not the cloudflare IP.
|
||||||
include /etc/nginx/cloudflare_ips.conf;
|
include /etc/nginx/cloudflare_ips.conf;
|
||||||
|
|
||||||
log_format custom_format '$remote_addr - $remote_user [$time_local] '
|
|
||||||
'"$request" $status $body_bytes_sent '
|
|
||||||
'"$http_referer" "$http_user_agent" '
|
|
||||||
'"$http_x_forwarded_for"';
|
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log custom_format;
|
|
||||||
|
|
||||||
log_format json_analytics escape=json '{'
|
|
||||||
'"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
|
|
||||||
'"connection": "$connection", ' # connection serial number
|
|
||||||
'"connection_requests": "$connection_requests", ' # number of requests made in connection
|
|
||||||
'"pid": "$pid", ' # process pid
|
|
||||||
'"request_id": "$request_id", ' # the unique request id
|
|
||||||
'"request_length": "$request_length", ' # request length (including headers and body)
|
|
||||||
'"remote_addr": "$remote_addr", ' # client IP
|
|
||||||
'"remote_user": "$remote_user", ' # client HTTP username
|
|
||||||
'"remote_port": "$remote_port", ' # client port
|
|
||||||
'"time_local": "$time_local", '
|
|
||||||
'"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
|
|
||||||
'"request": "$request", ' # full path no arguments if the request
|
|
||||||
'"request_uri": "$request_uri", ' # full path and arguments if the request
|
|
||||||
'"args": "$args", ' # args
|
|
||||||
'"status": "$status", ' # response status code
|
|
||||||
'"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
|
|
||||||
'"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
|
|
||||||
'"http_referer": "$http_referer", ' # HTTP referer
|
|
||||||
'"http_user_agent": "$http_user_agent", ' # user agent
|
|
||||||
'"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
|
|
||||||
'"http_host": "$http_host", ' # the request Host: header
|
|
||||||
'"server_name": "$server_name", ' # the name of the vhost serving the request
|
|
||||||
'"request_time": "$request_time", ' # request processing time in seconds with msec resolution
|
|
||||||
'"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
|
|
||||||
'"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
|
|
||||||
'"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
|
|
||||||
'"upstream_response_time": "$upstream_response_time", ' # time spent receiving upstream body
|
|
||||||
'"upstream_response_length": "$upstream_response_length", ' # upstream response length
|
|
||||||
'"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
|
|
||||||
'"ssl_protocol": "$ssl_protocol", ' # TLS protocol
|
|
||||||
'"ssl_cipher": "$ssl_cipher", ' # TLS cipher
|
|
||||||
'"scheme": "$scheme", ' # http or https
|
|
||||||
'"request_method": "$request_method", ' # request method
|
|
||||||
'"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
|
|
||||||
'"pipe": "$pipe", ' # "p" if request was pipelined, "." otherwise
|
|
||||||
'"gzip_ratio": "$gzip_ratio", '
|
|
||||||
'}';
|
|
||||||
|
|
||||||
access_log /var/log/nginx/json_access.log json_analytics;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user