diff --git a/deploy/kubernetes/atst-nginx-configmap.yml b/deploy/kubernetes/atst-nginx-configmap.yml index 64ba347b..9cae0f2a 100644 --- a/deploy/kubernetes/atst-nginx-configmap.yml +++ b/deploy/kubernetes/atst-nginx-configmap.yml @@ -8,6 +8,7 @@ data: nginx-config: |- server { server_name www.atat.code.mil atat.code.mil; + access_log /var/log/nginx/access.log json; listen 8442; listen [::]:8442 ipv6only=on; if ($http_x_forwarded_proto != 'https') { @@ -25,15 +26,18 @@ data: location @app { include uwsgi_params; uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } location @appbasicauth { include uwsgi_params; uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket; auth_basic "Developer Access"; auth_basic_user_file /etc/nginx/.htpasswd; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } } server { + access_log /var/log/nginx/access.log json; server_name auth.atat.code.mil; listen 8443 ssl; listen [::]:8443 ssl ipv6only=on; @@ -75,5 +79,21 @@ data: uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy; uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn; uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } } + nginx-json-log-config: |- + log_format json escape=json + '{' + '"timestamp":"$time_iso8601",' + '"msec":"$msec",' + '"request_id":"$request_id",' + '"remote_addr":"$remote_addr",' + '"remote_user":"$remote_user",' + '"request":"$request",' + '"status":$status,' + '"body_bytes_sent":$body_bytes_sent,' + '"referer":"$http_referer",' + '"user_agent":"$http_user_agent",' + '"http_x_forwarded_for":"$http_x_forwarded_for"' + '}'; diff --git a/deploy/kubernetes/atst.yml b/deploy/kubernetes/atst.yml index 3c4f477a..5dce591d 100644 --- a/deploy/kubernetes/atst.yml +++ b/deploy/kubernetes/atst.yml @@ -28,7 +28,7 @@ spec: fsGroup: 101 containers: - name: atst - image: registry.atat.codes:443/atst-prod:50f0843c + image: registry.atat.codes:443/atst-prod:4d50a80e resources: requests: memory: "2500Mi" @@ -63,6 +63,9 @@ spec: - name: nginx-config mountPath: "/etc/nginx/conf.d/atst.conf" subPath: atst.conf + - name: nginx-config + mountPath: "/etc/nginx/conf.d/00json_log.conf" + subPath: 00json_log.conf - name: nginx-dhparam mountPath: "/etc/ssl/dhparam.pem" subPath: dhparam.pem @@ -104,6 +107,8 @@ spec: items: - key: nginx-config path: atst.conf + - key: nginx-json-log-config + path: 00json_log.conf - name: nginx-dhparam secret: secretName: dhparam-4096 @@ -153,7 +158,7 @@ spec: fsGroup: 101 containers: - name: atst-worker - image: registry.atat.codes:443/atst-prod:50f0843c + image: registry.atat.codes:443/atst-prod:4d50a80e args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] resources: requests: diff --git a/deploy/kubernetes/test/atst-nginx-configmap.yml b/deploy/kubernetes/test/atst-nginx-configmap.yml index a425c818..f0605c5b 100644 --- a/deploy/kubernetes/test/atst-nginx-configmap.yml +++ b/deploy/kubernetes/test/atst-nginx-configmap.yml @@ -7,6 +7,7 @@ metadata: data: nginx-config: |- server { + access_log /var/log/nginx/access.log json; server_name test.atat.code.mil; listen 8442; listen [::]:8442 ipv6only=on; @@ -25,15 +26,18 @@ data: location @app { include uwsgi_params; uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } location @appbasicauth { include uwsgi_params; uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket; auth_basic "Developer Access"; auth_basic_user_file /etc/nginx/.htpasswd; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } } server { + access_log /var/log/nginx/access.log json; server_name auth-test.atat.code.mil; listen 8443 ssl; listen [::]:8443 ssl ipv6only=on; @@ -75,5 +79,21 @@ data: uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy; uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn; uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } } + nginx-json-log-config: |- + log_format json escape=json + '{' + '"timestamp":"$time_iso8601",' + '"msec":"$msec",' + '"request_id":"$request_id",' + '"remote_addr":"$remote_addr",' + '"remote_user":"$remote_user",' + '"request":"$request",' + '"status":$status,' + '"body_bytes_sent":$body_bytes_sent,' + '"referer":"$http_referer",' + '"user_agent":"$http_user_agent",' + '"http_x_forwarded_for":"$http_x_forwarded_for"' + '}'; diff --git a/deploy/kubernetes/test/test.yml b/deploy/kubernetes/test/test.yml index 711decf1..3c1c3bc0 100644 --- a/deploy/kubernetes/test/test.yml +++ b/deploy/kubernetes/test/test.yml @@ -28,7 +28,7 @@ spec: fsGroup: 101 containers: - name: atst - image: registry.atat.codes:443/atst-prod:50f0843c + image: registry.atat.codes:443/atst-prod:47ce80b4 resources: requests: memory: "2500Mi" @@ -60,6 +60,9 @@ spec: - name: nginx-config mountPath: "/etc/nginx/conf.d/atst.conf" subPath: atst.conf + - name: nginx-config + mountPath: "/etc/nginx/conf.d/00json_log.conf" + subPath: 00json_log.conf - name: nginx-dhparam mountPath: "/etc/ssl/dhparam.pem" subPath: dhparam.pem @@ -101,6 +104,8 @@ spec: items: - key: nginx-config path: atst.conf + - key: nginx-json-log-config + path: 00json_log.conf - name: nginx-dhparam secret: secretName: dhparam-4096 @@ -150,7 +155,7 @@ spec: fsGroup: 101 containers: - name: atst-worker - image: registry.atat.codes:443/atst-prod:50f0843c + image: registry.atat.codes:443/atst-prod:47ce80b4 args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] resources: requests: diff --git a/deploy/kubernetes/uat/atst-nginx-configmap.yml b/deploy/kubernetes/uat/atst-nginx-configmap.yml index aa1d07bb..e8e932b1 100644 --- a/deploy/kubernetes/uat/atst-nginx-configmap.yml +++ b/deploy/kubernetes/uat/atst-nginx-configmap.yml @@ -7,6 +7,7 @@ metadata: data: nginx-config: |- server { + access_log /var/log/nginx/access.log json; server_name uat.atat.code.mil; listen 8442; listen [::]:8442 ipv6only=on; @@ -25,15 +26,18 @@ data: location @app { include uwsgi_params; uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } location @appbasicauth { include uwsgi_params; uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket; auth_basic "Developer Access"; auth_basic_user_file /etc/nginx/.htpasswd; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } } server { + access_log /var/log/nginx/access.log json; server_name auth-uat.atat.code.mil; listen 8443 ssl; listen [::]:8443 ssl ipv6only=on; @@ -75,5 +79,21 @@ data: uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy; uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn; uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy; + uwsgi_param HTTP_X_REQUEST_ID $request_id; } } + nginx-json-log-config: |- + log_format json escape=json + '{' + '"timestamp":"$time_iso8601",' + '"msec":"$msec",' + '"request_id":"$request_id",' + '"remote_addr":"$remote_addr",' + '"remote_user":"$remote_user",' + '"request":"$request",' + '"status":$status,' + '"body_bytes_sent":$body_bytes_sent,' + '"referer":"$http_referer",' + '"user_agent":"$http_user_agent",' + '"http_x_forwarded_for":"$http_x_forwarded_for"' + '}'; diff --git a/deploy/kubernetes/uat/uat.yml b/deploy/kubernetes/uat/uat.yml index affadac5..cb7a0a49 100644 --- a/deploy/kubernetes/uat/uat.yml +++ b/deploy/kubernetes/uat/uat.yml @@ -28,7 +28,7 @@ spec: fsGroup: 101 containers: - name: atst - image: registry.atat.codes:443/atst-prod:50f0843c + image: registry.atat.codes:443/atst-prod:03ee3438 resources: requests: memory: "2500Mi" @@ -63,6 +63,9 @@ spec: - name: nginx-config mountPath: "/etc/nginx/conf.d/atst.conf" subPath: atst.conf + - name: nginx-config + mountPath: "/etc/nginx/conf.d/00json_log.conf" + subPath: 00json_log.conf - name: nginx-dhparam mountPath: "/etc/ssl/dhparam.pem" subPath: dhparam.pem @@ -104,6 +107,8 @@ spec: items: - key: nginx-config path: atst.conf + - key: nginx-json-log-config + path: 00json_log.conf - name: nginx-dhparam secret: secretName: dhparam-4096 @@ -153,7 +158,7 @@ spec: fsGroup: 101 containers: - name: atst-worker - image: registry.atat.codes:443/atst-prod:50f0843c + image: registry.atat.codes:443/atst-prod:03ee3438 args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] resources: requests: