nginx: support ip anonymization
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Markus 2020-10-20 15:59:08 +02:00
parent 2070c32a26
commit af56fd8dcd
3 changed files with 27 additions and 2 deletions

View File

@ -30,7 +30,7 @@
- /etc/nginx/dhparam.pem - /etc/nginx/dhparam.pem
- name: Configure nginx - name: Configure nginx
copy: src=nginx.conf dest=/etc/nginx/nginx.conf template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: Restart nginx notify: Restart nginx
- name: Configure default vhost - name: Configure default vhost

View File

@ -47,7 +47,32 @@ http {
# Logging Settings # Logging Settings
## ##
{% if nginx_anonymize %}
map $remote_addr $ip_anonym1 {
default 0.0.0;
"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
"~(?P<ip>[^:]+:[^:]+):" $ip;
}
map $remote_addr $ip_anonym2 {
default .0;
"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
"~(?P<ip>[^:]+:[^:]+):" ::;
}
map $ip_anonym1$ip_anonym2 $ip_anonymized {
default 0.0.0.0;
"~(?P<ip>.*)" $ip;
}
log_format anonymized '$ip_anonymized - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log anonymized;
{% else %}
access_log /var/log/nginx/access.log; access_log /var/log/nginx/access.log;
{% endif %}
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
## ##

View File

@ -2,4 +2,4 @@
dependencies: dependencies:
- { role: acertmgr } - { role: acertmgr }
- { role: nginx, nginx_ssl: True } - { role: nginx, nginx_anonymize: True, nginx_ssl: True }