nginx: support ip anonymization
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
2070c32a26
commit
af56fd8dcd
@ -30,7 +30,7 @@
|
|||||||
- /etc/nginx/dhparam.pem
|
- /etc/nginx/dhparam.pem
|
||||||
|
|
||||||
- name: Configure nginx
|
- name: Configure nginx
|
||||||
copy: src=nginx.conf dest=/etc/nginx/nginx.conf
|
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
||||||
notify: Restart nginx
|
notify: Restart nginx
|
||||||
|
|
||||||
- name: Configure default vhost
|
- name: Configure default vhost
|
||||||
|
@ -47,7 +47,32 @@ http {
|
|||||||
# Logging Settings
|
# Logging Settings
|
||||||
##
|
##
|
||||||
|
|
||||||
|
{% if nginx_anonymize %}
|
||||||
|
map $remote_addr $ip_anonym1 {
|
||||||
|
default 0.0.0;
|
||||||
|
"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
|
||||||
|
"~(?P<ip>[^:]+:[^:]+):" $ip;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $remote_addr $ip_anonym2 {
|
||||||
|
default .0;
|
||||||
|
"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
|
||||||
|
"~(?P<ip>[^:]+:[^:]+):" ::;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $ip_anonym1$ip_anonym2 $ip_anonymized {
|
||||||
|
default 0.0.0.0;
|
||||||
|
"~(?P<ip>.*)" $ip;
|
||||||
|
}
|
||||||
|
|
||||||
|
log_format anonymized '$ip_anonymized - $remote_user [$time_local] '
|
||||||
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log anonymized;
|
||||||
|
{% else %}
|
||||||
access_log /var/log/nginx/access.log;
|
access_log /var/log/nginx/access.log;
|
||||||
|
{% endif %}
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
##
|
##
|
@ -2,4 +2,4 @@
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- { role: acertmgr }
|
- { role: acertmgr }
|
||||||
- { role: nginx, nginx_ssl: True }
|
- { role: nginx, nginx_anonymize: True, nginx_ssl: True }
|
||||||
|
Loading…
Reference in New Issue
Block a user