nixos-config/nixos/system/all/nginx.nix

{ pkgs, lib, ... }:
let
  access_log_sink = "<server>:<port>";
  error_log_sink = "<server>:<port>";
in
{

  security.acme.defaults.email = "contact@ingolf-wagner.de";
  security.acme.acceptTerms = true;

  services.nginx = {

    # Use recommended settings
    recommendedGzipSettings = lib.mkDefault true;
    recommendedOptimisation = lib.mkDefault true;
    recommendedProxySettings = lib.mkDefault true;
    recommendedTlsSettings = lib.mkDefault true;

    # for loki logging
    commonHttpConfig = ''
      log_format logfmt escape=json 'timestamp=$time_iso8601 '
        'facility=nginx '
        'src_addr=$remote_addr '
        'body_bytes_sent=$body_bytes_sent '
        'request_time=$request_time '
        'response_status=$status '
        'request="$request" '
        'request_method="$request_method" '
        'host="$host" '
        'upstream_cache_status="$upstream_cache_status" '
        'upstream_addr="$upstream_addr" '
        'http_x_forwarded_for="$http_x_forwarded_for" '
        'http_referrer="$http_referer" '
        'http_user_agent="$http_user_agent"';

      # log to local journald
      access_log syslog:server=unix:/dev/log logfmt;

      # to send logs somewhere
      #access_log syslog:server=${access_log_sink} logfmt;
      #error_log syslog:server=${error_log_sink};
    '';


    # for graylog logging
    #commonHttpConfig = ''
    #  log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
    #    '"facility": "nginx", '
    #    '"src_addr": "$remote_addr", '
    #    '"body_bytes_sent": $body_bytes_sent, '
    #    '"request_time": $request_time, '
    #    '"response_status": $status, '
    #    '"request": "$request", '
    #    '"request_method": "$request_method", '
    #    '"host": "$host",'
    #    '"upstream_cache_status": "$upstream_cache_status",'
    #    '"upstream_addr": "$upstream_addr",'
    #    '"http_x_forwarded_for": "$http_x_forwarded_for",'
    #    '"http_referrer": "$http_referer", '
    #    '"http_user_agent": "$http_user_agent" }';
    #  access_log syslog:server=${access_log_sink} graylog2_json;
    #  error_log syslog:server=${error_log_sink};
    #'';
  };

  services.nginx.package = pkgs.nginxMainline;
}
nextcloud: use upstream nextcloud module 2020-03-06 08:28:19 +01:00			`{ pkgs, lib, ... }:`
init 2019-10-24 02:20:38 +02:00			`let`
improve nginx logging 2023-02-10 03:33:44 +01:00			`access_log_sink = "<server>:<port>";`
			`error_log_sink = "<server>:<port>";`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`in`
			`{`
nextcloud: use upstream nextcloud module 2020-03-06 08:28:19 +01:00
flake update 2022-06-23 09:51:30 +02:00			`security.acme.defaults.email = "contact@ingolf-wagner.de";`
sterni,sputnik: 19.09 -> 20.03 2020-05-19 20:44:20 +02:00			`security.acme.acceptTerms = true;`

nextcloud: use upstream nextcloud module 2020-03-06 08:28:19 +01:00			`services.nginx = {`
nextcloud: add logging 2020-03-06 19:02:43 +01:00
nextcloud: use upstream nextcloud module 2020-03-06 08:28:19 +01:00			`# Use recommended settings`
			`recommendedGzipSettings = lib.mkDefault true;`
			`recommendedOptimisation = lib.mkDefault true;`
			`recommendedProxySettings = lib.mkDefault true;`
			`recommendedTlsSettings = lib.mkDefault true;`

improve nginx logging 2023-02-10 03:33:44 +01:00			`# for loki logging`
			`commonHttpConfig = ''`
			`log_format logfmt escape=json 'timestamp=$time_iso8601 '`
			`'facility=nginx '`
			`'src_addr=$remote_addr '`
			`'body_bytes_sent=$body_bytes_sent '`
			`'request_time=$request_time '`
			`'response_status=$status '`
			`'request="$request" '`
			`'request_method="$request_method" '`
			`'host="$host" '`
			`'upstream_cache_status="$upstream_cache_status" '`
			`'upstream_addr="$upstream_addr" '`
			`'http_x_forwarded_for="$http_x_forwarded_for" '`
			`'http_referrer="$http_referer" '`
			`'http_user_agent="$http_user_agent"';`

			`# log to local journald`
			`access_log syslog:server=unix:/dev/log logfmt;`

			`# to send logs somewhere`
			`#access_log syslog:server=${access_log_sink} logfmt;`
			`#error_log syslog:server=${error_log_sink};`
			`'';`


nginx: put the comment back 2020-03-15 15:53:00 +01:00			`# for graylog logging`
a bit of refactoring 2022-09-20 21:48:36 +02:00			`#commonHttpConfig = ''`
			`# log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '`
			`# '"facility": "nginx", '`
			`# '"src_addr": "$remote_addr", '`
			`# '"body_bytes_sent": $body_bytes_sent, '`
			`# '"request_time": $request_time, '`
			`# '"response_status": $status, '`
			`# '"request": "$request", '`
			`# '"request_method": "$request_method", '`
			`# '"host": "$host",'`
			`# '"upstream_cache_status": "$upstream_cache_status",'`
			`# '"upstream_addr": "$upstream_addr",'`
			`# '"http_x_forwarded_for": "$http_x_forwarded_for",'`
			`# '"http_referrer": "$http_referer", '`
			`# '"http_user_agent": "$http_user_agent" }';`
			`# access_log syslog:server=${access_log_sink} graylog2_json;`
			`# error_log syslog:server=${error_log_sink};`
			`#'';`
nextcloud: use upstream nextcloud module 2020-03-06 08:28:19 +01:00			`};`
init 2019-10-24 02:20:38 +02:00
			`services.nginx.package = pkgs.nginxMainline;`
			`}`