41 lines
1.3 KiB
Nix
41 lines
1.3 KiB
Nix
{ pkgs, lib, ... }:
|
|
let
|
|
access_log_sink = "workhorse.private:12304";
|
|
error_log_sink = "workhorse.private:12305";
|
|
in
|
|
{
|
|
|
|
security.acme.email = "contact@ingolf-wagner.de";
|
|
security.acme.acceptTerms = true;
|
|
|
|
services.nginx = {
|
|
|
|
# Use recommended settings
|
|
recommendedGzipSettings = lib.mkDefault true;
|
|
recommendedOptimisation = lib.mkDefault true;
|
|
recommendedProxySettings = lib.mkDefault true;
|
|
recommendedTlsSettings = lib.mkDefault true;
|
|
|
|
# for graylog logging
|
|
commonHttpConfig = ''
|
|
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
|
|
'"facility": "nginx", '
|
|
'"src_addr": "$remote_addr", '
|
|
'"body_bytes_sent": $body_bytes_sent, '
|
|
'"request_time": $request_time, '
|
|
'"response_status": $status, '
|
|
'"request": "$request", '
|
|
'"request_method": "$request_method", '
|
|
'"host": "$host",'
|
|
'"upstream_cache_status": "$upstream_cache_status",'
|
|
'"upstream_addr": "$upstream_addr",'
|
|
'"http_x_forwarded_for": "$http_x_forwarded_for",'
|
|
'"http_referrer": "$http_referer", '
|
|
'"http_user_agent": "$http_user_agent" }';
|
|
access_log syslog:server=${access_log_sink} graylog2_json;
|
|
error_log syslog:server=${error_log_sink};
|
|
'';
|
|
};
|
|
|
|
services.nginx.package = pkgs.nginxMainline;
|
|
}
|