From c5e05ef777febb01dc82dfe5763fa927b1c250c7 Mon Sep 17 00:00:00 2001 From: kbrianngeno Date: Tue, 10 Mar 2026 09:34:08 +0000 Subject: [PATCH] Enable access and error logging on all services --- data/conf.d/adminer.conf | 4 ++-- data/conf.d/auth.conf | 4 ++-- data/conf.d/book.conf | 28 ++++++++++++++-------------- data/conf.d/cluster.conf | 4 ++-- data/conf.d/drone.conf | 4 ++++ data/conf.d/gitea.conf | 4 ++-- data/conf.d/harbor.conf | 7 ++++--- data/conf.d/hugo.conf | 4 ++-- data/conf.d/mailcow.conf | 6 +++++- data/conf.d/minio.conf | 8 ++++---- data/conf.d/opencloud.conf | 4 ++++ data/conf.d/plane.conf | 4 ++-- data/conf.d/tre.conf | 4 ++-- data/conf.d/umami.conf | 4 ++-- data/conf.d/vault.conf | 6 +++--- data/nginx.conf | 21 ++++++++++++++++++++- 16 files changed, 74 insertions(+), 42 deletions(-) diff --git a/data/conf.d/adminer.conf b/data/conf.d/adminer.conf index 76b5aae..33fe17b 100644 --- a/data/conf.d/adminer.conf +++ b/data/conf.d/adminer.conf @@ -62,8 +62,8 @@ server { # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/adminer.novicelab.io_access.log; + error_log /var/log/nginx/adminer.novicelab.io_error.log; # Root and index # root /var/www/html; diff --git a/data/conf.d/auth.conf b/data/conf.d/auth.conf index 5714140..369db3f 100644 --- a/data/conf.d/auth.conf +++ b/data/conf.d/auth.conf @@ -62,8 +62,8 @@ server { # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/auth.novicelab.io_access.log; + error_log /var/log/nginx/auth.novicelab.io_error.log; # Root and index # root /var/www/html; diff --git a/data/conf.d/book.conf b/data/conf.d/book.conf index cdd5b48..0b4110a 100644 --- a/data/conf.d/book.conf +++ b/data/conf.d/book.conf @@ -1,18 +1,18 @@ # # Redirect HTTP to HTTPS -# server { -# listen 80; -# listen [::]:80; -# server_name book.novicelab.io; +server { + listen 80; + listen [::]:80; + server_name book.novicelab.io; -# # ACME challenge for Let's Encrypt certificate renewal -# location /.well-known/acme-challenge/ { -# root /var/www/certbot; -# } + # ACME challenge for Let's Encrypt certificate renewal + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } -# location / { -# return 301 https://$server_name$request_uri; -# } -# } + location / { + return 301 https://$server_name$request_uri; + } +} server { listen 443 ssl; #http2; @@ -62,8 +62,8 @@ server { # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/book.novicelab.io_access.log; + error_log /var/log/nginx/book.novicelab.io_error.log; # Root and index # root /var/www/html; diff --git a/data/conf.d/cluster.conf b/data/conf.d/cluster.conf index 77add02..fa86c9a 100644 --- a/data/conf.d/cluster.conf +++ b/data/conf.d/cluster.conf @@ -38,8 +38,8 @@ server { add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/*.novicelab.io_access.log; + error_log /var/log/nginx/*.novicelab.io_error.log; location / { proxy_pass http://10.0.0.20:80; # Assuming HAProxy is on port 8080 diff --git a/data/conf.d/drone.conf b/data/conf.d/drone.conf index 1111099..ce4bc80 100644 --- a/data/conf.d/drone.conf +++ b/data/conf.d/drone.conf @@ -14,6 +14,10 @@ server { ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; + # Logging + access_log /var/log/nginx/drone.novicelab.io_access.log; + error_log /var/log/nginx/drone.novicelab.io_error.log; + # Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; diff --git a/data/conf.d/gitea.conf b/data/conf.d/gitea.conf index d4b09a6..298c795 100644 --- a/data/conf.d/gitea.conf +++ b/data/conf.d/gitea.conf @@ -31,8 +31,8 @@ server { add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/gitea.novicelab.io_access.log; + error_log /var/log/nginx/gitea.novicelab.io_error.log; set $gitea_backend gitea:3000; diff --git a/data/conf.d/harbor.conf b/data/conf.d/harbor.conf index 02c0c69..bf6fecf 100644 --- a/data/conf.d/harbor.conf +++ b/data/conf.d/harbor.conf @@ -31,10 +31,11 @@ server { add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/harbor.novicelab.io_access.log; + error_log /var/log/nginx/harbor.novicelab.io_error.log; - set $harbor_backend 10.0.0.251:9090; + # set $harbor_backend 10.0.0.251:9090; + set $harbor_backend nginx-harbor:80; client_max_body_size 0; diff --git a/data/conf.d/hugo.conf b/data/conf.d/hugo.conf index 6481d93..dbb26ae 100644 --- a/data/conf.d/hugo.conf +++ b/data/conf.d/hugo.conf @@ -62,8 +62,8 @@ server { # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/novicelab.io_access.log; + error_log /var/log/nginx/novicelab.io_error.log; # Root and index # root /var/www/html; diff --git a/data/conf.d/mailcow.conf b/data/conf.d/mailcow.conf index 4f22b2e..5e0e410 100644 --- a/data/conf.d/mailcow.conf +++ b/data/conf.d/mailcow.conf @@ -17,10 +17,14 @@ server { # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations # An example config is given below - ssl_protocols TLSv1.2; + # ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; ssl_prefer_server_ciphers off; + # Logging + access_log /var/log/nginx/mailcow.novicelab.io_access.log; + error_log /var/log/nginx/mailcow.novicelab.io_error.log; + location /Microsoft-Server-ActiveSync { proxy_pass https://10.0.0.251:7443/Microsoft-Server-ActiveSync; proxy_set_header Host $http_host; diff --git a/data/conf.d/minio.conf b/data/conf.d/minio.conf index 1d84c49..27e5b9c 100644 --- a/data/conf.d/minio.conf +++ b/data/conf.d/minio.conf @@ -41,8 +41,8 @@ server { add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/minio.novicelab.io_access.log; + error_log /var/log/nginx/minio.novicelab.io_error.log; # resolver 127.0.0.11 valid=30s; set $minio_backend minio:9001; @@ -107,8 +107,8 @@ server { add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/s3.novicelab.io_access.log; + error_log /var/log/nginx/s3.novicelab.io_error.log; # resolver 127.0.0.11 valid=30s; set $s3_backend minio:9000; diff --git a/data/conf.d/opencloud.conf b/data/conf.d/opencloud.conf index 5341b4f..f95ed0a 100644 --- a/data/conf.d/opencloud.conf +++ b/data/conf.d/opencloud.conf @@ -14,6 +14,10 @@ server { ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; + # Logging + access_log /var/log/nginx/opencloud.novicelab.io_access.log; + error_log /var/log/nginx/opencloud.novicelab.io_error.log; + # Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; diff --git a/data/conf.d/plane.conf b/data/conf.d/plane.conf index 5aae9fd..074feac 100644 --- a/data/conf.d/plane.conf +++ b/data/conf.d/plane.conf @@ -40,8 +40,8 @@ server { add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/plane.novicelab.io_access.log; + error_log /var/log/nginx/plane.novicelab.io_error.log; # resolver 127.0.0.11 valid=30s; # set $plane_backend 10.0.0.251:9020; diff --git a/data/conf.d/tre.conf b/data/conf.d/tre.conf index bfef2bf..9d41ee3 100644 --- a/data/conf.d/tre.conf +++ b/data/conf.d/tre.conf @@ -35,8 +35,8 @@ server { add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/tre.novicelab.io_access.log; + error_log /var/log/nginx/tre.novicelab.io_error.log; location /data-catalog { proxy_pass https://10.0.0.251:8888; # Assuming HAProxy is on port 8080 diff --git a/data/conf.d/umami.conf b/data/conf.d/umami.conf index dc0f241..e8b8392 100644 --- a/data/conf.d/umami.conf +++ b/data/conf.d/umami.conf @@ -62,8 +62,8 @@ server { # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/umami.novicelab.io_access.log; + error_log /var/log/nginx/umami.novicelab.io_error.log; # Root and index # root /var/www/html; diff --git a/data/conf.d/vault.conf b/data/conf.d/vault.conf index 6599799..eb70608 100644 --- a/data/conf.d/vault.conf +++ b/data/conf.d/vault.conf @@ -31,14 +31,14 @@ server { add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # Logging - access_log /var/log/nginx/example.com_access.log; - error_log /var/log/nginx/example.com_error.log; + access_log /var/log/nginx/vault.novicelab.io_access.log; + error_log /var/log/nginx/vault.novicelab.io_error.log; set $vault_backend vaultwarden:443; location / { # proxy_pass http://$vault_backend; # proxy_pass https://10.0.0.251:8100; - proxy_pass http://10.0.0.251:8090; + proxy_pass http://10.0.0.250:8090; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/data/nginx.conf b/data/nginx.conf index 0e051d7..622a580 100644 --- a/data/nginx.conf +++ b/data/nginx.conf @@ -12,6 +12,7 @@ events { http { include mime.types; default_type application/octet-stream; + keepalive_timeout 65; keepalive_requests 100000; @@ -26,7 +27,25 @@ http { '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log; + # JSON format — preferred for log aggregators (ELK, Loki, Datadog, etc.) + log_format json_log escape=json + '{' + '"time":"$time_iso8601",' + '"remote_addr":"$remote_addr",' + '"method":"$request_method",' + '"uri":"$request_uri",' + '"status":$status,' + '"bytes_sent":$body_bytes_sent,' + '"request_time":$request_time,' + '"upstream_response_time":"$upstream_response_time",' + '"referer":"$http_referer",' + '"user_agent":"$http_user_agent",' + '"x_forwarded_for":"$http_x_forwarded_for",' + '"host":"$host"' + '}'; + + + access_log /var/log/nginx/access.log json_log; error_log /var/log/nginx/error.log; sendfile on;