Commit 2774cc7f authored by Till Brehm's avatar Till Brehm

Add access and error log controls for nginx servers.

Add description text for logging options.
parent 5ce5edbe
......@@ -812,6 +812,17 @@ class installer_dist extends installer_base {
//* add a sshusers group
$command = 'groupadd sshusers';
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
// add anonymized log option to nginxx.conf file
$nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
if(is_file($nginx_conf_file)) {
$tmp = file_get_contents($nginx_conf_file);
if(!stristr($tmp, 'log_format anonymized')) {
copy($nginx_conf_file,$nginx_conf_file.'~');
replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
}
}
}
public function configure_bastille_firewall()
......
......@@ -823,6 +823,16 @@ class installer_dist extends installer_base {
//* add a sshusers group
$command = 'groupadd sshusers';
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
// add anonymized log option to nginxx.conf file
$nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
if(is_file($nginx_conf_file)) {
$tmp = file_get_contents($nginx_conf_file);
if(!stristr($tmp, 'log_format anonymized')) {
copy($nginx_conf_file,$nginx_conf_file.'~');
replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
}
}
}
public function configure_bastille_firewall()
......
......@@ -1843,6 +1843,17 @@ class installer_base {
//* add a sshusers group
$command = 'groupadd sshusers';
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
// add anonymized log option to nginxx.conf file
$nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
if(is_file($nginx_conf_file)) {
$tmp = file_get_contents($nginx_conf_file);
if(!stristr($tmp, 'log_format anonymized')) {
copy($nginx_conf_file,$nginx_conf_file.'~');
replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
}
}
}
public function configure_fail2ban() {
......
map $remote_addr $ip_anonym1 {
default 0.0.0;
"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
"~(?P<ip>[^:]+:[^:]+):" $ip;
}
map $remote_addr $ip_anonym2 {
default .0;
"~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
"~(?P<ip>[^:]+:[^:]+):" ::;
}
map $ip_anonym1$ip_anonym2 $ip_anonymized {
default 0.0.0.0;
"~(?P<ip>.*)" $ip;
}
log_format anonymized '$ip_anonymized - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
......@@ -289,7 +289,7 @@ $wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
$wb['migration_mode_txt'] = 'Server Migration Mode';
$wb['nginx_enable_pagespeed_txt'] = 'Makes Pagespeed available';
$wb['logging_txt'] = 'Store website access and error logs';
$wb['logging_desc_txt'] = 'Use Tools > Resync to apply changes to existing sites.';
$wb['logging_desc_txt'] = 'Use Tools > Resync to apply changes to existing sites. For Apache, access and error log can be anonymized. For nginx, only the access log is anonymized, the error log will contain IP addresses.';
$wb['log_retention_txt'] = 'Log retention (days)';
$wb['log_retention_error_ispositive'] = 'Log retention must be a number > 0';
?>
......@@ -110,7 +110,7 @@
<div class="col-sm-9">
<select name="logging" id="logging" class="form-control">
{tmpl_var name='logging'}
</select>
</select> {tmpl_var name='logging_desc_txt'}
</div>
</div>
<div class="form-group">
......
......@@ -110,8 +110,14 @@ server {
}
</tmpl_if>
<tmpl_if name='logging' op='==' value='yes'>
error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
</tmpl_var>
<tmpl_if name='logging' op='==' value='anon'>
error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log anonymized;
</tmpl_var>
## Disable .htaccess and other hidden files
location ~ /\. {
......
......@@ -1524,6 +1524,9 @@ class nginx_plugin {
}
unset($tmp_output, $tmp_retval);
}
// set logging variable
$vhost_data['logging'] = $web_config['logging'];
$tpl->setVar($vhost_data);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment