From 65b5dd6aee7081da61a4c8a525a20452c2a080ac Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 2 Apr 2024 19:00:25 +0200 Subject: nginx/vhost: always configure access_logs and error_logs --- chaos-at-home/ch-http-proxy.yml | 22 ++++++++-------------- .../exporter/base/templates/nginx-vhost.j2 | 3 +++ roles/nginx/vhost/templates/no-tls.conf.j2 | 10 ++-------- roles/nginx/vhost/templates/tls-only.conf.j2 | 10 ++-------- .../vhost/templates/tls-with-redirect.conf.j2 | 20 ++++---------------- 5 files changed, 19 insertions(+), 46 deletions(-) diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index e2de2f2f..dda1ee97 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -171,20 +171,14 @@ vars: nginx_vhost: name: imap - content: | - server { - listen 80; - listen [::]:80; - server_name imap.chaos-at-home.org; - - location /.well-known/acme-challenge/ { - proxy_pass http://{{ network_services.imap.addr }}; - } - - location / { - return 303 https://webmail.chaos-at-home.org; - } - } + template: generic + hostnames: + - imap.chaos-at-home.org + locations: + '/.well-known/acme-challenge/': + proxy_pass: "http://{{ network_services.imap.addr }}" + '/': + return: "303 https://webmail.chaos-at-home.org" include_role: name: nginx/vhost diff --git a/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2 b/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2 index 0e7ad29f..b74f480a 100644 --- a/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2 +++ b/roles/monitoring/prometheus/exporter/base/templates/nginx-vhost.j2 @@ -6,6 +6,9 @@ server { {% endif %} server_name _; + access_log /var/log/nginx/prometheus-exporter_access.log; + error_log /var/log/nginx/prometheus-exporter_error.log; + ssl_certificate /etc/ssl/prometheus/exporter/crt.pem; ssl_certificate_key /etc/ssl/prometheus/exporter/key.pem; ssl_client_certificate /etc/ssl/prometheus/ca-crt.pem; diff --git a/roles/nginx/vhost/templates/no-tls.conf.j2 b/roles/nginx/vhost/templates/no-tls.conf.j2 index 317adaec..29a62c8a 100644 --- a/roles/nginx/vhost/templates/no-tls.conf.j2 +++ b/roles/nginx/vhost/templates/no-tls.conf.j2 @@ -4,14 +4,8 @@ server { {% endfor %} server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }}; -{% if 'logs' in nginx_vhost %} -{% if 'access' in nginx_vhost.logs %} - access_log {{ nginx_vhost.logs.access }}; -{% endif %} -{% if 'error' in nginx_vhost.logs %} - error_log {{ nginx_vhost.logs.error }}; -{% endif %} + access_log {{ nginx_vhost.logs.access | default('/var/log/nginx/' + nginx_vhost.name + '_access.log') }}; + error_log {{ nginx_vhost.logs.error | default('/var/log/nginx/' + nginx_vhost.name + '_error.log') }}; -{% endif %} {% include 'includes/body.j2' %} } diff --git a/roles/nginx/vhost/templates/tls-only.conf.j2 b/roles/nginx/vhost/templates/tls-only.conf.j2 index 122e2f4f..05820d96 100644 --- a/roles/nginx/vhost/templates/tls-only.conf.j2 +++ b/roles/nginx/vhost/templates/tls-only.conf.j2 @@ -4,15 +4,9 @@ server { {% endfor %} server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }}; -{% if 'logs' in nginx_vhost %} -{% if 'access' in nginx_vhost.logs %} - access_log {{ nginx_vhost.logs.access }}; -{% endif %} -{% if 'error' in nginx_vhost.logs %} - error_log {{ nginx_vhost.logs.error }}; -{% endif %} + access_log {{ nginx_vhost.logs.access | default('/var/log/nginx/' + nginx_vhost.name + '_access.log') }}; + error_log {{ nginx_vhost.logs.error | default('/var/log/nginx/' + nginx_vhost.name + '_error.log') }}; -{% endif %} {% if nginx_vhost.tls.certificate_provider == 'acmetool' or nginx_vhost.tls.certificate_provider == 'uacme' %} include snippets/{{ nginx_vhost.tls.certificate_provider }}.conf; {% endif %} diff --git a/roles/nginx/vhost/templates/tls-with-redirect.conf.j2 b/roles/nginx/vhost/templates/tls-with-redirect.conf.j2 index cdf267ab..d131fe2a 100644 --- a/roles/nginx/vhost/templates/tls-with-redirect.conf.j2 +++ b/roles/nginx/vhost/templates/tls-with-redirect.conf.j2 @@ -4,15 +4,9 @@ server { {% endfor %} server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }}; -{% if 'logs' in nginx_vhost %} -{% if 'access' in nginx_vhost.logs %} - access_log {{ nginx_vhost.logs.access }}; -{% endif %} -{% if 'error' in nginx_vhost.logs %} - error_log {{ nginx_vhost.logs.error }}; -{% endif %} + access_log {{ nginx_vhost.logs.access | default('/var/log/nginx/' + nginx_vhost.name + '_access.log') }}; + error_log {{ nginx_vhost.logs.error | default('/var/log/nginx/' + nginx_vhost.name + '_error.log') }}; -{% endif %} {% if 'tls' in nginx_vhost %} {% if nginx_vhost.tls.certificate_provider == 'acmetool' or nginx_vhost.tls.certificate_provider == 'uacme' %} include snippets/{{ nginx_vhost.tls.certificate_provider }}.conf; @@ -29,15 +23,9 @@ server { {% endfor %} server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }}; -{% if 'logs' in nginx_vhost %} -{% if 'access' in nginx_vhost.logs %} - access_log {{ nginx_vhost.logs.access }}; -{% endif %} -{% if 'error' in nginx_vhost.logs %} - error_log {{ nginx_vhost.logs.error }}; -{% endif %} + access_log {{ nginx_vhost.logs.access | default('/var/log/nginx/' + nginx_vhost.name + '_access.log') }}; + error_log {{ nginx_vhost.logs.error | default('/var/log/nginx/' + nginx_vhost.name + '_error.log') }}; -{% endif %} {% if nginx_vhost.tls.certificate_provider == 'acmetool' or nginx_vhost.tls.certificate_provider == 'uacme' %} include snippets/{{ nginx_vhost.tls.certificate_provider }}.conf; {% endif %} -- cgit v1.2.3