Compare commits

..

2 commits

Author SHA1 Message Date
Tristan Daniël Maat ec0afc6085
fail2ban: Add metrics 2023-10-03 02:26:57 +02:00
Tristan Daniël Maat c7d46f1c2b
WIP: nginx: Add metrics 2023-10-03 02:26:54 +02:00
7 changed files with 41 additions and 0 deletions

View file

@ -140,8 +140,20 @@
domain = "tlater.net";
statusPage = true; # For metrics, should be accessible only from localhost
commonHttpConfig = ''
log_format upstream_time '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'rt=$request_time uct="$upstream_connect_time" '
'uht="$upstream_header_time" urt="$upstream_response_time"';
'';
};
systemd.tmpfiles.rules =
lib.mapAttrsToList (virtualHost: config: "d /var/log/nginx/${virtualHost} 0750 nginx nginx")
config.services.nginx.virtualHosts;
security.acme = {
defaults.email = "tm@tlater.net";
acceptTerms = true;

View file

@ -205,6 +205,7 @@ in {
addSSL = true;
extraConfig = ''
merge_slashes off;
access_log /var/log/nginx/${domain}/access.log upstream_time;
'';
locations = {

View file

@ -25,6 +25,7 @@ in {
enableACME = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
access_log /var/log/nginx/${domain}/access.log upstream_time;
'';
locations."/" = {

View file

@ -33,6 +33,7 @@ in {
enableACME = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
access_log /var/log/nginx/${domain}/access.log upstream_time;
'';
locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";

View file

@ -63,6 +63,27 @@ in {
nginxlog = {
enable = true;
listenAddress = "127.0.0.1";
group = "nginx";
settings.namespaces =
lib.mapAttrsToList (name: virtualHost: {
inherit name;
metrics_override.prefix = "nginxlog";
namespace_label = "vhost";
format = lib.concatStringsSep " " [
"$remote_addr - $remote_user [$time_local]"
''"$request" $status $body_bytes_sent''
''"$http_referer" "$http_user_agent"''
''rt=$request_time uct="$upstream_connect_time"''
''uht="$upstream_header_time" urt="$upstream_response_time"''
];
source.files = [
"/var/log/nginx/${name}/access.log"
];
})
config.services.nginx.virtualHosts;
};
};
@ -116,6 +137,7 @@ in {
enableACME = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
access_log /var/log/nginx/${domain}/access.log upstream_time;
'';
locations."/".proxyPass = "http://localhost:3001";
};

View file

@ -50,6 +50,9 @@ in {
services.nginx.virtualHosts."${hostName}" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
access_log /var/log/nginx/${hostName}/access.log upstream_time;
'';
};
# Block repeated failed login attempts

View file

@ -19,6 +19,7 @@ in {
enableACME = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
access_log /var/log/nginx/${domain}/access.log upstream_time;
'';
locations."/".proxyPass = "http://${addr}:${toString port}";