{ pkgs, lib, ... }: let access_log_sink = ":"; error_log_sink = ":"; in { security.acme.defaults.email = "contact@ingolf-wagner.de"; security.acme.acceptTerms = true; services.nginx = { # Use recommended settings recommendedGzipSettings = lib.mkDefault true; recommendedOptimisation = lib.mkDefault true; recommendedProxySettings = lib.mkDefault true; recommendedTlsSettings = lib.mkDefault true; # for loki logging commonHttpConfig = '' log_format logfmt escape=json 'timestamp=$time_iso8601 ' 'facility=nginx ' 'src_addr=$remote_addr ' 'body_bytes_sent=$body_bytes_sent ' 'request_time=$request_time ' 'response_status=$status ' 'request="$request" ' 'request_method="$request_method" ' 'host="$host" ' 'upstream_cache_status="$upstream_cache_status" ' 'upstream_addr="$upstream_addr" ' 'http_x_forwarded_for="$http_x_forwarded_for" ' 'http_referrer="$http_referer" ' 'http_user_agent="$http_user_agent"'; # log to local journald access_log syslog:server=unix:/dev/log logfmt; # to send logs somewhere #access_log syslog:server=${access_log_sink} logfmt; #error_log syslog:server=${error_log_sink}; ''; # for graylog logging #commonHttpConfig = '' # log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' # '"facility": "nginx", ' # '"src_addr": "$remote_addr", ' # '"body_bytes_sent": $body_bytes_sent, ' # '"request_time": $request_time, ' # '"response_status": $status, ' # '"request": "$request", ' # '"request_method": "$request_method", ' # '"host": "$host",' # '"upstream_cache_status": "$upstream_cache_status",' # '"upstream_addr": "$upstream_addr",' # '"http_x_forwarded_for": "$http_x_forwarded_for",' # '"http_referrer": "$http_referer", ' # '"http_user_agent": "$http_user_agent" }'; # access_log syslog:server=${access_log_sink} graylog2_json; # error_log syslog:server=${error_log_sink}; #''; }; services.nginx.package = pkgs.nginxMainline; }