novicelab.io/nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable access and error logging on all services

Browse Source
This commit is contained in:
kbrianngeno
2026-03-10 09:34:08 +00:00
parent 53a37dde34
commit c5e05ef777
16 changed files with 74 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
data/conf.d/adminer.conf
View File

@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/adminer.novicelab.io_access.log;
error_log /var/log/nginx/adminer.novicelab.io_error.log;
# Root and index
# root /var/www/html;

4
data/conf.d/auth.conf
View File

@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/auth.novicelab.io_access.log;
error_log /var/log/nginx/auth.novicelab.io_error.log;
# Root and index
# root /var/www/html;

28
data/conf.d/book.conf
View File

@@ -1,18 +1,18 @@
# # Redirect HTTP to HTTPS
# server {
# listen 80;
# listen [::]:80;
# server_name book.novicelab.io;
server {
listen 80;
listen [::]:80;
server_name book.novicelab.io;
# # ACME challenge for Let's Encrypt certificate renewal
# location /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
# ACME challenge for Let's Encrypt certificate renewal
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# location / {
# return 301 https://$server_name$request_uri;
# }
# }
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl; #http2;
@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/book.novicelab.io_access.log;
error_log /var/log/nginx/book.novicelab.io_error.log;
# Root and index
# root /var/www/html;

4
data/conf.d/cluster.conf
View File

@@ -38,8 +38,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/*.novicelab.io_access.log;
error_log /var/log/nginx/*.novicelab.io_error.log;
location / {
proxy_pass http://10.0.0.20:80; # Assuming HAProxy is on port 8080

4
data/conf.d/drone.conf
View File

@@ -14,6 +14,10 @@ server {
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
# Logging
access_log /var/log/nginx/drone.novicelab.io_access.log;
error_log /var/log/nginx/drone.novicelab.io_error.log;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;

4
data/conf.d/gitea.conf
View File

@@ -31,8 +31,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/gitea.novicelab.io_access.log;
error_log /var/log/nginx/gitea.novicelab.io_error.log;
set $gitea_backend gitea:3000;

7
data/conf.d/harbor.conf
View File

@@ -31,10 +31,11 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/harbor.novicelab.io_access.log;
error_log /var/log/nginx/harbor.novicelab.io_error.log;
set $harbor_backend 10.0.0.251:9090;
# set $harbor_backend 10.0.0.251:9090;
set $harbor_backend nginx-harbor:80;
client_max_body_size 0;

4
data/conf.d/hugo.conf
View File

@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/novicelab.io_access.log;
error_log /var/log/nginx/novicelab.io_error.log;
# Root and index
# root /var/www/html;

6
data/conf.d/mailcow.conf
View File

@@ -17,10 +17,14 @@ server {
# See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations
# An example config is given below
ssl_protocols TLSv1.2;
# ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
ssl_prefer_server_ciphers off;
# Logging
access_log /var/log/nginx/mailcow.novicelab.io_access.log;
error_log /var/log/nginx/mailcow.novicelab.io_error.log;
location /Microsoft-Server-ActiveSync {
proxy_pass https://10.0.0.251:7443/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host;

8
data/conf.d/minio.conf
View File

@@ -41,8 +41,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/minio.novicelab.io_access.log;
error_log /var/log/nginx/minio.novicelab.io_error.log;
# resolver 127.0.0.11 valid=30s;
set $minio_backend minio:9001;
@@ -107,8 +107,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/s3.novicelab.io_access.log;
error_log /var/log/nginx/s3.novicelab.io_error.log;
# resolver 127.0.0.11 valid=30s;
set $s3_backend minio:9000;

4
data/conf.d/opencloud.conf
View File

@@ -14,6 +14,10 @@ server {
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
# Logging
access_log /var/log/nginx/opencloud.novicelab.io_access.log;
error_log /var/log/nginx/opencloud.novicelab.io_error.log;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;

4
data/conf.d/plane.conf
View File

@@ -40,8 +40,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/plane.novicelab.io_access.log;
error_log /var/log/nginx/plane.novicelab.io_error.log;
# resolver 127.0.0.11 valid=30s;
# set $plane_backend 10.0.0.251:9020;

4
data/conf.d/tre.conf
View File

@@ -35,8 +35,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/tre.novicelab.io_access.log;
error_log /var/log/nginx/tre.novicelab.io_error.log;
location /data-catalog {
proxy_pass https://10.0.0.251:8888; # Assuming HAProxy is on port 8080

4
data/conf.d/umami.conf
View File

@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/umami.novicelab.io_access.log;
error_log /var/log/nginx/umami.novicelab.io_error.log;
# Root and index
# root /var/www/html;

6
data/conf.d/vault.conf
View File

@@ -31,14 +31,14 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
access_log /var/log/nginx/vault.novicelab.io_access.log;
error_log /var/log/nginx/vault.novicelab.io_error.log;
set $vault_backend vaultwarden:443;
location / {
# proxy_pass http://$vault_backend;
# proxy_pass https://10.0.0.251:8100;
proxy_pass http://10.0.0.251:8090;
proxy_pass http://10.0.0.250:8090;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

21
data/nginx.conf
View File

@@ -12,6 +12,7 @@ events {
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
keepalive_requests 100000;
@@ -26,7 +27,25 @@ http {
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
# JSON format — preferred for log aggregators (ELK, Loki, Datadog, etc.)
log_format json_log escape=json
'{'
'"time":"$time_iso8601",'
'"remote_addr":"$remote_addr",'
'"method":"$request_method",'
'"uri":"$request_uri",'
'"status":$status,'
'"bytes_sent":$body_bytes_sent,'
'"request_time":$request_time,'
'"upstream_response_time":"$upstream_response_time",'
'"referer":"$http_referer",'
'"user_agent":"$http_user_agent",'
'"x_forwarded_for":"$http_x_forwarded_for",'
'"host":"$host"'
'}';
access_log /var/log/nginx/access.log json_log;
error_log /var/log/nginx/error.log;
sendfile on;