replace access log ip anonymization with vars to control access logs

2025-08-04 21:43:06 +02:00 · 2025-07-30 14:40:48 +01:00
parent 5de4b5c657
commit cbbf20004c
5 changed files with 19 additions and 21 deletions
--- a/roles/custom/matrix-client-cinny/defaults/main.yml
+++ b/roles/custom/matrix-client-cinny/defaults/main.yml
@ -159,6 +159,9 @@ matrix_client_cinny_self_check_validate_certificates: true
 # See `matrix_client_cinny_config_homeserverList`.
 matrix_client_cinny_default_hs_url: ""
 # Controls whether the Cinny access log is enabled
 matrix_client_cinny_access_log_enabled: true
 # Controls the `defaultHomeserver` value in the `config.json` file.
 matrix_client_cinny_config_defaultHomeserver: 0  # noqa var-naming
--- a/roles/custom/matrix-client-cinny/templates/nginx.conf.j2
+++ b/roles/custom/matrix-client-cinny/templates/nginx.conf.j2
@ -31,17 +31,15 @@ http {
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
-	map $remote_addr $remote_addr_anon {
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 		~(?P<ip>\d+\.\d+\.\d+)\.    $ip.0;
 		~(?P<ip>[^:]+:[^:]+):       $ip::;
 		default                     0.0.0.0;
 	}
 	log_format main '$remote_addr_anon - $remote_user [$time_local] "$request" '
 		'$status $body_bytes_sent "$http_referer" '
 		'"$http_user_agent" "$http_x_forwarded_for"';
 	{% if matrix_client_cinny_access_log_enabled %}
 	access_log /var/log/nginx/access.log main;
 	{% else %}
 	access_log off;
 	{% endif %}
 	sendfile on;
 	#tcp_nopush on;
--- a/roles/custom/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml
@ -154,6 +154,9 @@ matrix_client_hydrogen_path_prefix: /
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_client_hydrogen_self_check_validate_certificates: true
 # Controls whether the access log is enabled.
 matrix_client_hydrogen_access_log_enabled: true
 # config.json
 matrix_client_hydrogen_push:
  appId: io.element.hydrogen.web
--- a/roles/custom/matrix-client-hydrogen/templates/nginx.conf.j2
+++ b/roles/custom/matrix-client-hydrogen/templates/nginx.conf.j2
@ -31,17 +31,15 @@ http {
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
-	map $remote_addr $remote_addr_anon {
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 		~(?P<ip>\d+\.\d+\.\d+)\.    $ip.0;
 		~(?P<ip>[^:]+:[^:]+):       $ip::;
 		default                     0.0.0.0;
 	}
 	log_format main '$remote_addr_anon - $remote_user [$time_local] "$request" '
 		'$status $body_bytes_sent "$http_referer" '
 		'"$http_user_agent" "$http_x_forwarded_for"';
 	{% if matrix_client_hydrogen_access_log_enabled %}
 	access_log /var/log/nginx/access.log main;
 	{% else %}
 	access_log off;
 	{% endif %}
 	sendfile on;
 	#tcp_nopush on;
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
@ -33,18 +33,14 @@ http {
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
-	map $remote_addr $remote_addr_anon {
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 		~(?P<ip>\d+\.\d+\.\d+)\.    $ip.0;
 		~(?P<ip>[^:]+:[^:]+):       $ip::;
 		default                     0.0.0.0;
 	}
 	log_format main '$remote_addr_anon - $remote_user [$time_local] "$request" '
 		'$status $body_bytes_sent "$http_referer" '
 		'"$http_user_agent" "$http_x_forwarded_for"';
 	{% if matrix_synapse_reverse_proxy_companion_access_log_enabled %}
 	access_log /var/log/nginx/access.log main;
 	{% else %}
 	access_log off;
 	{% endif %}
 	{% if matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled %}