Mirrored_Repos/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/jc21/nginx-proxy-manager.git synced 2024-08-30 18:22:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1140 from jc21/adds-logrotation

Browse Source 
Adds logrotation
This commit is contained in:
jc21 2021-07-12 07:54:02 +10:00 committed by GitHub
commit e91019feb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 76 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backend/setup.js
View File

@ -201,9 +201,29 @@ const setupCertbotPlugins = () => {
}); });
}; };
/**
* Starts a timer to call run the logrotation binary every two days
* @returns {Promise}
*/
const setupLogrotation = () => {
const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days
const runLogrotate = async () => {
await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager');
logger.info('Logrotate completed.');
};
logger.info('Logrotate Timer initialized');
setInterval(runLogrotate, intervalTimeout);
// And do this now as well
return runLogrotate();
};
module.exports = function () { module.exports = function () {
return setupJwt() return setupJwt()
.then(setupDefaultUser) .then(setupDefaultUser)
.then(setupDefaultSettings) .then(setupDefaultSettings)
.then(setupCertbotPlugins); .then(setupCertbotPlugins)
.then(setupLogrotation);
}; };

3
backend/templates/dead_host.conf
View File

@ -7,7 +7,8 @@ server {
{% include "_hsts.conf" %} {% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %} {% include "_forced_ssl.conf" %}
access_log /data/logs/dead_host-{{ id }}.log standard; access_log /data/logs/dead-host-{{ id }}_access.log standard;
error_log /data/logs/dead-host-{{ id }}_error.log warn;
{{ advanced_config }} {{ advanced_config }}

3
backend/templates/default.conf
View File

@ -12,7 +12,8 @@ server {
#listen [::]:80; #listen [::]:80;
{% endif %} {% endif %}
server_name default-host.localhost; server_name default-host.localhost;
access_log /data/logs/default_host.log combined; access_log /data/logs/default-host_access.log combined;
error_log /data/logs/default-host_error.log warn;
{% include "_exploits.conf" %} {% include "_exploits.conf" %}
{%- if value == "404" %} {%- if value == "404" %}

3
backend/templates/letsencrypt-request.conf
View File

@ -8,7 +8,8 @@ server {
server_name {{ domain_names | join: " " }}; server_name {{ domain_names | join: " " }};
access_log /data/logs/letsencrypt-requests.log standard; access_log /data/logs/letsencrypt-requests_access.log standard;
error_log /data/logs/letsencrypt-requests_error.log warn;
include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/letsencrypt-acme-challenge.conf;

4
backend/templates/proxy_host.conf
View File

@ -19,8 +19,8 @@ proxy_set_header Connection $http_connection;
proxy_http_version 1.1; proxy_http_version 1.1;
{% endif %} {% endif %}
access_log /data/logs/proxy-host-{{ id }}_access.log proxy;
access_log /data/logs/proxy_host-{{ id }}.log proxy; error_log /data/logs/proxy-host-{{ id }}_error.log warn;
{{ advanced_config }} {{ advanced_config }}

3
backend/templates/redirection_host.conf
View File

@ -9,7 +9,8 @@ server {
{% include "_hsts.conf" %} {% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %} {% include "_forced_ssl.conf" %}
access_log /data/logs/redirection_host-{{ id }}.log standard; access_log /data/logs/redirection-host-{{ id }}_access.log standard;
error_log /data/logs/redirection-host-{{ id }}_error.log warn;
{{ advanced_config }} {{ advanced_config }}

5
docker/Dockerfile
View File

@ -20,7 +20,7 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \ && apt-get update \
&& apt-get install -y --no-install-recommends jq \ && apt-get install -y --no-install-recommends jq logrotate \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
@ -43,6 +43,9 @@ COPY docker/rootfs /
# Remove frontend service not required for prod, dev nginx config as well # Remove frontend service not required for prod, dev nginx config as well
RUN rm -rf /etc/services.d/frontend /etc/nginx/conf.d/dev.conf RUN rm -rf /etc/services.d/frontend /etc/nginx/conf.d/dev.conf
# Change permission of logrotate config file
RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager
VOLUME [ "/data", "/etc/letsencrypt" ] VOLUME [ "/data", "/etc/letsencrypt" ]
ENTRYPOINT [ "/init" ] ENTRYPOINT [ "/init" ]
HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health

3
docker/dev/Dockerfile
View File

@ -7,7 +7,7 @@ ENV S6_LOGGING=0 \
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \ && apt-get update \
&& apt-get install -y certbot jq python3-pip \ && apt-get install -y certbot jq python3-pip logrotate \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
@ -18,6 +18,7 @@ RUN cd /usr \
COPY rootfs / COPY rootfs /
RUN rm -f /etc/nginx/conf.d/production.conf RUN rm -f /etc/nginx/conf.d/production.conf
RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager
# s6 overlay # s6 overlay
RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \ RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \

14
docker/docker-compose.dev.yml
View File

@ -1,9 +1,9 @@
# WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production. # WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production.
version: "3" version: "3.5"
services: services:
npm: npm:
image: nginxproxymanager:dev image: nginxproxymanager:dev
container_name: npm_core
build: build:
context: ./ context: ./
dockerfile: ./dev/Dockerfile dockerfile: ./dev/Dockerfile
@ -36,6 +36,7 @@ services:
db: db:
image: jc21/mariadb-aria image: jc21/mariadb-aria
container_name: npm_db
networks: networks:
- nginx_proxy_manager - nginx_proxy_manager
environment: environment:
@ -47,21 +48,26 @@ services:
- db_data:/var/lib/mysql - db_data:/var/lib/mysql
swagger: swagger:
image: 'swaggerapi/swagger-ui:latest' image: "swaggerapi/swagger-ui:latest"
container_name: npm_swagger
ports: ports:
- 3001:80 - 3001:80
networks: networks:
- nginx_proxy_manager - nginx_proxy_manager
environment: environment:
URL: "http://127.0.0.1:3081/api/schema" URL: "http://127.0.0.1:3081/api/schema"
PORT: '80' PORT: "80"
depends_on: depends_on:
- npm - npm
volumes: volumes:
npm_data: npm_data:
name: npm_core_data
le_data: le_data:
name: npm_le_data
db_data: db_data:
name: npm_db_data
networks: networks:
nginx_proxy_manager: nginx_proxy_manager:
name: npm_network

25
docker/rootfs/etc/logrotate.d/nginx-proxy-manager Normal file
View File

@ -0,0 +1,25 @@
/data/logs/*_access.log /data/logs/*/access.log {
create 0644 root root
weekly
rotate 4
missingok
notifempty
compress
sharedscripts
postrotate
/bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
endscript
}
/data/logs/*_error.log /data/logs/*/error.log {
create 0644 root root
weekly
rotate 10
missingok
notifempty
compress
sharedscripts
postrotate
/bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
endscript
}

4
docker/rootfs/etc/nginx/conf.d/default.conf
View File

@ -8,7 +8,7 @@ server {
set $port "80"; set $port "80";
server_name localhost-nginx-proxy-manager; server_name localhost-nginx-proxy-manager;
access_log /data/logs/default.log standard; access_log /data/logs/fallback_access.log standard;
error_log /dev/null crit; error_log /dev/null crit;
include conf.d/include/assets.conf; include conf.d/include/assets.conf;
include conf.d/include/block-exploits.conf; include conf.d/include/block-exploits.conf;
@ -29,7 +29,7 @@ server {
set $port "443"; set $port "443";
server_name localhost; server_name localhost;
access_log /data/logs/default.log standard; access_log /data/logs/fallback-access.log standard;
error_log /dev/null crit; error_log /dev/null crit;
ssl_certificate /data/nginx/dummycert.pem; ssl_certificate /data/nginx/dummycert.pem;
ssl_certificate_key /data/nginx/dummykey.pem; ssl_certificate_key /data/nginx/dummykey.pem;

5
docker/rootfs/etc/nginx/nginx.conf
View File

@ -9,7 +9,7 @@ worker_processes auto;
# Enables the use of JIT for regular expressions to speed-up their processing. # Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on; pcre_jit on;
error_log /data/logs/error.log warn; error_log /data/logs/fallback_error.log warn;
# Includes files with directives to load dynamic modules. # Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf; include /etc/nginx/modules/*.conf;
@ -46,8 +46,7 @@ http {
log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"'; log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"'; log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';
access_log /data/logs/fallback_access.log proxy;
access_log /data/logs/default.log proxy;
# Dynamically generated resolvers file # Dynamically generated resolvers file
include /etc/nginx/conf.d/include/resolvers.conf; include /etc/nginx/conf.d/include/resolvers.conf;