soopy.moe / gensokyo
nixos config
fork atom

global(nginx): add anonymized access log

i don't entirely consider UA strings to be *that* sensitive. this is
mainly used to figure out what bot/scraper/whatever is hammering the
server.

Cassie Cheung 6036c1fd f9a0216d

options
unified split
Changed files
+8 -3
global
gensokyo
presets
nginx.nix
utils.nix
+8
global/gensokyo/presets/nginx.nix 
···

       
19

       
 

       
        recommendedTlsSettings = lib.mkDefault true;


     

       
20

       
 

       
        recommendedProxySettings = lib.mkDefault true;


     

       
21

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
22

       
 

       
        # prevent people from just being able to take the server down immediately


     

       
23

       
 

       
        eventsConfig = ''


     

       
24

       
 

       
          worker_connections 1024;


     
···

       
19

       
 

       
        recommendedTlsSettings = lib.mkDefault true;


     

       
20

       
 

       
        recommendedProxySettings = lib.mkDefault true;


     

       
21

       
 

       



     

       
22

       
+

       
        logError = "/var/log/nginx/error.log crit"; # override so we don't log to stderr.


     

       
23

       
+

       
        commonHttpConfig = ''


     

       
24

       
+

       
          log_format anonymized_combined '0.0.0.0 - - [$time_local] "$request" '


     

       
25

       
+

       
                                         '$status $body_bytes_sent "-" '


     

       
26

       
+

       
                                         '"$http_user_agent" "host=$host"';


     

       
27

       
+

       
          access_log /var/log/nginx/access.log anonymized_combined;


     

       
28

       
+

       
        '';


     

       
29

       
+

       



     

       
30

       
 

       
        # prevent people from just being able to take the server down immediately


     

       
31

       
 

       
        eventsConfig = ''


     

       
32

       
 

       
          worker_connections 1024;
-3
global/utils.nix 
···

       
34

       
 

       
        };


     

       
35

       
 

       



     

       
36

       
 

       
        extraConfig = ''


     

       
37

       
-

       
          access_log off;


     

       
38

       
-

       
          error_log /var/log/nginx/error.log crit;


     

       
39

       
-

       



     

       
40

       
 

       
          error_page 503 /_cgi/error/503.html;


     

       
41

       
 

       
          error_page 502 /_cgi/error/502.html;


     

       
42

       
 

       
          error_page 404 /_cgi/error/404.html;


     
···

       
34

       
 

       
        };


     

       
35

       
 

       



     

       
36

       
 

       
        extraConfig = ''


     

       

       

       
     

       

       

       
     

       

       

       
     

       
37

       
 

       
          error_page 503 /_cgi/error/503.html;


     

       
38

       
 

       
          error_page 502 /_cgi/error/502.html;


     

       
39

       
 

       
          error_page 404 /_cgi/error/404.html;