weblog.sh icon indicating copy to clipboard operation
weblog.sh copied to clipboard

Published 20 hours ago verified publisher icon hmngwy

Stop nginx from storing IPs in logs

Open hmngwy opened this issue 9 years ago • 5 comments

hmngwy avatar Nov 17 '15 09:11 hmngwy

FWIW, I think this is a worthwhile goal but it's not possible to implement this in terms of the data in this repo, as far as I can tell. Maybe move your nginx config files into the repo (with private info scrubbed), and/or include a script to spin up a new nginx instance to serve the content you have in here. I'm not very knowledgeable about nginx, but it seems right now that there could never be a commit that closes this issue, since it doesn't contain nginx-specific configuration.

pscollins avatar Nov 25 '15 05:11 pscollins

The reason I don't include nginx config here is because the production server is on AWS Elastic Beanstalk. On initial commit it didn't make sense to check in the .ebextensions folder because it is too platform specific and has ssl data.

Thinking aloud:

a. I can just exclude the SSL config files and check the folder in for the sake of reference. But because of the auto-instantiation properties of Beanstalk the config files are propagated in the form of grep | sed scripts, then wrapped in yaml files. Which renders them as poor examples for nginx config.

b. or I can just check-in a full nginx config file with the settings we like, so that it's a much more decent reference, and just do the beanstalk config conversion behind the scenes.

What do you think?

On Wed, Nov 25, 2015 at 1:38 PM, Patrick Collins [email protected] wrote:

FWIW, I think this is a worthwhile goal but it's not possible to implement this in terms of the data in this repo, as far as I can tell. Maybe move your nginx config files into the repo (with private info scrubbed), and/or include a script to spin up a new nginx instance to serve the content you have in here. I'm not very knowledgeable about nginx, but it seems right now that there could never be a commit that closes this issue, since it doesn't contain nginx-specific configuration.

— Reply to this email directly or view it on GitHub https://github.com/hmngwy/weblog.sh/issues/7#issuecomment-159497041.

hmngwy avatar Nov 25 '15 05:11 hmngwy

(b) sounds like the better option to me --- that sounds like it will make it as easy as possible for someone else to check out the project and deploy. But again, I'm not sure what standard practice is with this stuff --- maybe the most natural solution is for you to handle this in your local setup and keep out the deployment stuff entirely. Maybe consult your local nginx expert/post on StackOverflow for a more authoritative answer.

pscollins avatar Nov 25 '15 08:11 pscollins

Any news here?

cserb avatar Jan 14 '16 09:01 cserb

I am trying to find the time to get back on this project. Maybe in the next couple of weeks.

Meanwhile it would be great if anyone could point me in the right direction in which file in EB nginx I should replace log_format... to

log_format combined '[$time_local]  '
            '"$request" $status $body_bytes_sent '
            '"$http_referer" "$http_user_agent"';

I don't want to completely disable logging cause that would kill monitoring, so I think reformatting it without $remote_addr - $remote_user would be the next best thing to do.

hmngwy avatar Jan 30 '16 13:01 hmngwy