From 433a560dee55de7573869034d32ea071e2098c48 Mon Sep 17 00:00:00 2001 From: Sreeram R Date: Mon, 11 Sep 2023 16:17:40 +0530 Subject: [PATCH 1/5] Move nginx logs from container logs to host --- docker-compose.prod.yml | 1 + etc/nginx/nginx.conf | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 325f0229b..cd0cfd670 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -48,6 +48,7 @@ services: - ./etc/nginx/nginx.conf:/etc/nginx/nginx.conf - ./etc/nginx/proxy_spot_params:/etc/nginx/proxy_spot_params - ./searx/static:/var/www/spot/static + - /var/log/containers/spot-${ENVIRONMENT_NAME}:/var/log/nginx/ labels: - "com.centurylinklabs.watchtower.scope=staging-spot" diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 9621f159f..678606f16 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -17,9 +17,9 @@ http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$remote_addr"'; - - error_log stderr warn; - access_log /dev/stdout main; + + error_log /var/log/nginx/spot-error.log warn; + access_log /var/log/nginx/spot-access.log main; sendfile on; #tcp_nopush on; -- GitLab From 3af59da087a95114f10b53e641512b737fdf09f5 Mon Sep 17 00:00:00 2001 From: Sreeram R Date: Fri, 15 Sep 2023 13:57:43 +0530 Subject: [PATCH 2/5] Fix for log path --- docker-compose.prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index cd0cfd670..9ffffcb05 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -48,7 +48,7 @@ services: - ./etc/nginx/nginx.conf:/etc/nginx/nginx.conf - ./etc/nginx/proxy_spot_params:/etc/nginx/proxy_spot_params - ./searx/static:/var/www/spot/static - - /var/log/containers/spot-${ENVIRONMENT_NAME}:/var/log/nginx/ + - ${LOG_DIRECTORY}:/var/log/nginx/ labels: - "com.centurylinklabs.watchtower.scope=staging-spot" -- GitLab From 60e3d5d50e4dab6e2cb6d8a03494f5dbef88278f Mon Sep 17 00:00:00 2001 From: Sreeram R Date: Fri, 15 Sep 2023 13:58:09 +0530 Subject: [PATCH 3/5] Get client IP in nginx logs from x-Forward-For header --- etc/nginx/nginx.conf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 678606f16..7cdda1be1 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -14,9 +14,10 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$remote_addr"'; + log_format main '$http_x_forwarded_for - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + error_log /var/log/nginx/spot-error.log warn; access_log /var/log/nginx/spot-access.log main; -- GitLab From e7806e02a2542ec500203d51b5127f6f08266af4 Mon Sep 17 00:00:00 2001 From: Sreeram R Date: Tue, 19 Sep 2023 20:14:18 +0530 Subject: [PATCH 4/5] Update for bringing client IP to nginx logs --- .gitlab-ci.yml | 1 + etc/nginx/nginx.conf | 9 ++++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0494caf6b..ee048f9c7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -69,6 +69,7 @@ test:unit: - scp $ENV_FILE $SSH_USER@$BACKEND_HOST:$DEPLOYMENT_PATH/.env - ssh $SSH_USER@$BACKEND_HOST "cd $DEPLOYMENT_PATH && sed -i 's/SPOT_DOCKER_TAG=master/SPOT_DOCKER_TAG=$SPOT_DOCKER_TAG/g' .env + && sed -i "s/GATEWAY_WG_IP/$GATEWAY_WG_IP/g" etc/nginx/nginx.conf && docker-compose pull && sleep 2 && docker-compose up -d --remove-orphans && docker-compose restart spot-nginx" deploy:spot.murenatest.io.backend1: diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 7cdda1be1..a930fd673 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -14,13 +14,12 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - log_format main '$http_x_forwarded_for - $remote_user [$time_local] ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - + set_real_ip_from GATEWAY_WG_IP; + real_ip_header X-Forwarded-For; + real_ip_recursive on; error_log /var/log/nginx/spot-error.log warn; - access_log /var/log/nginx/spot-access.log main; + access_log /var/log/nginx/spot-access.log; sendfile on; #tcp_nopush on; -- GitLab From 7259d0173dfce8eab0fd426753b62e51637d71e3 Mon Sep 17 00:00:00 2001 From: Sreeram R Date: Tue, 19 Sep 2023 20:15:59 +0530 Subject: [PATCH 5/5] Use --password-stdin for docker login --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ee048f9c7..ed9c3d5d2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -28,7 +28,7 @@ build:web: tags: - generic_privileged before_script: - - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY + - echo $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY script: - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG @@ -62,7 +62,7 @@ test:unit: - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts - chmod 600 ~/.ssh/id_ed25519 - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub - - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY + - echo $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY script: - echo "Deploying to ($SSH_USER@$BACKEND_HOST)" - ssh $SSH_USER@$BACKEND_HOST "cd $DEPLOYMENT_PATH && git stash && git fetch && git fetch --tags -f && git checkout $SPOT_COMMIT && git reset --hard && mv docker-compose.prod.yml docker-compose.yml" -- GitLab