configure json logging for nginx in k8s cluster
This commit is contained in:
dandds
parent
47ce80b4db
commit
cb91003675
@ -8,6 +8,7 @@ data:
|
|||||||
nginx-config: |-
|
nginx-config: |-
|
||||||
server {
|
server {
|
||||||
server_name www.atat.code.mil atat.code.mil;
|
server_name www.atat.code.mil atat.code.mil;
|
||||||
|
access_log /var/log/nginx/access.log json;
|
||||||
listen 8442;
|
listen 8442;
|
||||||
listen [::]:8442 ipv6only=on;
|
listen [::]:8442 ipv6only=on;
|
||||||
if ($http_x_forwarded_proto != 'https') {
|
if ($http_x_forwarded_proto != 'https') {
|
||||||
@ -25,15 +26,18 @@ data:
|
|||||||
location @app {
|
location @app {
|
||||||
include uwsgi_params;
|
include uwsgi_params;
|
||||||
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
location @appbasicauth {
|
location @appbasicauth {
|
||||||
include uwsgi_params;
|
include uwsgi_params;
|
||||||
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
||||||
auth_basic "Developer Access";
|
auth_basic "Developer Access";
|
||||||
auth_basic_user_file /etc/nginx/.htpasswd;
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
|
access_log /var/log/nginx/access.log json;
|
||||||
server_name auth.atat.code.mil;
|
server_name auth.atat.code.mil;
|
||||||
listen 8443 ssl;
|
listen 8443 ssl;
|
||||||
listen [::]:8443 ssl ipv6only=on;
|
listen [::]:8443 ssl ipv6only=on;
|
||||||
@ -75,5 +79,21 @@ data:
|
|||||||
uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy;
|
uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy;
|
||||||
uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn;
|
uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn;
|
||||||
uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy;
|
uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
nginx-json-log-config: |-
|
||||||
|
log_format json escape=json
|
||||||
|
'{'
|
||||||
|
'"timestamp":"$time_iso8601",'
|
||||||
|
'"msec":"$msec",'
|
||||||
|
'"request_id":"$request_id",'
|
||||||
|
'"remote_addr":"$remote_addr",'
|
||||||
|
'"remote_user":"$remote_user",'
|
||||||
|
'"request":"$request",'
|
||||||
|
'"status":$status,'
|
||||||
|
'"body_bytes_sent":$body_bytes_sent,'
|
||||||
|
'"referer":"$http_referer",'
|
||||||
|
'"user_agent":"$http_user_agent",'
|
||||||
|
'"http_x_forwarded_for":"$http_x_forwarded_for"'
|
||||||
|
'}';
|
||||||
|
|||||||
@ -28,7 +28,7 @@ spec:
|
|||||||
fsGroup: 101
|
fsGroup: 101
|
||||||
containers:
|
containers:
|
||||||
- name: atst
|
- name: atst
|
||||||
image: registry.atat.codes:443/atst-prod:50f0843c
|
image: registry.atat.codes:443/atst-prod:4d50a80e
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: "2500Mi"
|
memory: "2500Mi"
|
||||||
@ -63,6 +63,9 @@ spec:
|
|||||||
- name: nginx-config
|
- name: nginx-config
|
||||||
mountPath: "/etc/nginx/conf.d/atst.conf"
|
mountPath: "/etc/nginx/conf.d/atst.conf"
|
||||||
subPath: atst.conf
|
subPath: atst.conf
|
||||||
|
- name: nginx-config
|
||||||
|
mountPath: "/etc/nginx/conf.d/00json_log.conf"
|
||||||
|
subPath: 00json_log.conf
|
||||||
- name: nginx-dhparam
|
- name: nginx-dhparam
|
||||||
mountPath: "/etc/ssl/dhparam.pem"
|
mountPath: "/etc/ssl/dhparam.pem"
|
||||||
subPath: dhparam.pem
|
subPath: dhparam.pem
|
||||||
@ -104,6 +107,8 @@ spec:
|
|||||||
items:
|
items:
|
||||||
- key: nginx-config
|
- key: nginx-config
|
||||||
path: atst.conf
|
path: atst.conf
|
||||||
|
- key: nginx-json-log-config
|
||||||
|
path: 00json_log.conf
|
||||||
- name: nginx-dhparam
|
- name: nginx-dhparam
|
||||||
secret:
|
secret:
|
||||||
secretName: dhparam-4096
|
secretName: dhparam-4096
|
||||||
@ -153,7 +158,7 @@ spec:
|
|||||||
fsGroup: 101
|
fsGroup: 101
|
||||||
containers:
|
containers:
|
||||||
- name: atst-worker
|
- name: atst-worker
|
||||||
image: registry.atat.codes:443/atst-prod:50f0843c
|
image: registry.atat.codes:443/atst-prod:4d50a80e
|
||||||
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
|
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
|
|||||||
@ -7,6 +7,7 @@ metadata:
|
|||||||
data:
|
data:
|
||||||
nginx-config: |-
|
nginx-config: |-
|
||||||
server {
|
server {
|
||||||
|
access_log /var/log/nginx/access.log json;
|
||||||
server_name test.atat.code.mil;
|
server_name test.atat.code.mil;
|
||||||
listen 8442;
|
listen 8442;
|
||||||
listen [::]:8442 ipv6only=on;
|
listen [::]:8442 ipv6only=on;
|
||||||
@ -25,15 +26,18 @@ data:
|
|||||||
location @app {
|
location @app {
|
||||||
include uwsgi_params;
|
include uwsgi_params;
|
||||||
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
location @appbasicauth {
|
location @appbasicauth {
|
||||||
include uwsgi_params;
|
include uwsgi_params;
|
||||||
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
||||||
auth_basic "Developer Access";
|
auth_basic "Developer Access";
|
||||||
auth_basic_user_file /etc/nginx/.htpasswd;
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
|
access_log /var/log/nginx/access.log json;
|
||||||
server_name auth-test.atat.code.mil;
|
server_name auth-test.atat.code.mil;
|
||||||
listen 8443 ssl;
|
listen 8443 ssl;
|
||||||
listen [::]:8443 ssl ipv6only=on;
|
listen [::]:8443 ssl ipv6only=on;
|
||||||
@ -75,5 +79,21 @@ data:
|
|||||||
uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy;
|
uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy;
|
||||||
uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn;
|
uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn;
|
||||||
uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy;
|
uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
nginx-json-log-config: |-
|
||||||
|
log_format json escape=json
|
||||||
|
'{'
|
||||||
|
'"timestamp":"$time_iso8601",'
|
||||||
|
'"msec":"$msec",'
|
||||||
|
'"request_id":"$request_id",'
|
||||||
|
'"remote_addr":"$remote_addr",'
|
||||||
|
'"remote_user":"$remote_user",'
|
||||||
|
'"request":"$request",'
|
||||||
|
'"status":$status,'
|
||||||
|
'"body_bytes_sent":$body_bytes_sent,'
|
||||||
|
'"referer":"$http_referer",'
|
||||||
|
'"user_agent":"$http_user_agent",'
|
||||||
|
'"http_x_forwarded_for":"$http_x_forwarded_for"'
|
||||||
|
'}';
|
||||||
|
|||||||
@ -28,7 +28,7 @@ spec:
|
|||||||
fsGroup: 101
|
fsGroup: 101
|
||||||
containers:
|
containers:
|
||||||
- name: atst
|
- name: atst
|
||||||
image: registry.atat.codes:443/atst-prod:50f0843c
|
image: registry.atat.codes:443/atst-prod:47ce80b4
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: "2500Mi"
|
memory: "2500Mi"
|
||||||
@ -60,6 +60,9 @@ spec:
|
|||||||
- name: nginx-config
|
- name: nginx-config
|
||||||
mountPath: "/etc/nginx/conf.d/atst.conf"
|
mountPath: "/etc/nginx/conf.d/atst.conf"
|
||||||
subPath: atst.conf
|
subPath: atst.conf
|
||||||
|
- name: nginx-config
|
||||||
|
mountPath: "/etc/nginx/conf.d/00json_log.conf"
|
||||||
|
subPath: 00json_log.conf
|
||||||
- name: nginx-dhparam
|
- name: nginx-dhparam
|
||||||
mountPath: "/etc/ssl/dhparam.pem"
|
mountPath: "/etc/ssl/dhparam.pem"
|
||||||
subPath: dhparam.pem
|
subPath: dhparam.pem
|
||||||
@ -101,6 +104,8 @@ spec:
|
|||||||
items:
|
items:
|
||||||
- key: nginx-config
|
- key: nginx-config
|
||||||
path: atst.conf
|
path: atst.conf
|
||||||
|
- key: nginx-json-log-config
|
||||||
|
path: 00json_log.conf
|
||||||
- name: nginx-dhparam
|
- name: nginx-dhparam
|
||||||
secret:
|
secret:
|
||||||
secretName: dhparam-4096
|
secretName: dhparam-4096
|
||||||
@ -150,7 +155,7 @@ spec:
|
|||||||
fsGroup: 101
|
fsGroup: 101
|
||||||
containers:
|
containers:
|
||||||
- name: atst-worker
|
- name: atst-worker
|
||||||
image: registry.atat.codes:443/atst-prod:50f0843c
|
image: registry.atat.codes:443/atst-prod:47ce80b4
|
||||||
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
|
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
|
|||||||
@ -7,6 +7,7 @@ metadata:
|
|||||||
data:
|
data:
|
||||||
nginx-config: |-
|
nginx-config: |-
|
||||||
server {
|
server {
|
||||||
|
access_log /var/log/nginx/access.log json;
|
||||||
server_name uat.atat.code.mil;
|
server_name uat.atat.code.mil;
|
||||||
listen 8442;
|
listen 8442;
|
||||||
listen [::]:8442 ipv6only=on;
|
listen [::]:8442 ipv6only=on;
|
||||||
@ -25,15 +26,18 @@ data:
|
|||||||
location @app {
|
location @app {
|
||||||
include uwsgi_params;
|
include uwsgi_params;
|
||||||
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
location @appbasicauth {
|
location @appbasicauth {
|
||||||
include uwsgi_params;
|
include uwsgi_params;
|
||||||
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
uwsgi_pass unix:///var/run/uwsgi/uwsgi.socket;
|
||||||
auth_basic "Developer Access";
|
auth_basic "Developer Access";
|
||||||
auth_basic_user_file /etc/nginx/.htpasswd;
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
|
access_log /var/log/nginx/access.log json;
|
||||||
server_name auth-uat.atat.code.mil;
|
server_name auth-uat.atat.code.mil;
|
||||||
listen 8443 ssl;
|
listen 8443 ssl;
|
||||||
listen [::]:8443 ssl ipv6only=on;
|
listen [::]:8443 ssl ipv6only=on;
|
||||||
@ -75,5 +79,21 @@ data:
|
|||||||
uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy;
|
uwsgi_param HTTP_X_SSL_CLIENT_S_DN_LEGACY $ssl_client_s_dn_legacy;
|
||||||
uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn;
|
uwsgi_param HTTP_X_SSL_CLIENT_I_DN $ssl_client_i_dn;
|
||||||
uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy;
|
uwsgi_param HTTP_X_SSL_CLIENT_I_DN_LEGACY $ssl_client_i_dn_legacy;
|
||||||
|
uwsgi_param HTTP_X_REQUEST_ID $request_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
nginx-json-log-config: |-
|
||||||
|
log_format json escape=json
|
||||||
|
'{'
|
||||||
|
'"timestamp":"$time_iso8601",'
|
||||||
|
'"msec":"$msec",'
|
||||||
|
'"request_id":"$request_id",'
|
||||||
|
'"remote_addr":"$remote_addr",'
|
||||||
|
'"remote_user":"$remote_user",'
|
||||||
|
'"request":"$request",'
|
||||||
|
'"status":$status,'
|
||||||
|
'"body_bytes_sent":$body_bytes_sent,'
|
||||||
|
'"referer":"$http_referer",'
|
||||||
|
'"user_agent":"$http_user_agent",'
|
||||||
|
'"http_x_forwarded_for":"$http_x_forwarded_for"'
|
||||||
|
'}';
|
||||||
|
|||||||
@ -28,7 +28,7 @@ spec:
|
|||||||
fsGroup: 101
|
fsGroup: 101
|
||||||
containers:
|
containers:
|
||||||
- name: atst
|
- name: atst
|
||||||
image: registry.atat.codes:443/atst-prod:50f0843c
|
image: registry.atat.codes:443/atst-prod:03ee3438
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: "2500Mi"
|
memory: "2500Mi"
|
||||||
@ -63,6 +63,9 @@ spec:
|
|||||||
- name: nginx-config
|
- name: nginx-config
|
||||||
mountPath: "/etc/nginx/conf.d/atst.conf"
|
mountPath: "/etc/nginx/conf.d/atst.conf"
|
||||||
subPath: atst.conf
|
subPath: atst.conf
|
||||||
|
- name: nginx-config
|
||||||
|
mountPath: "/etc/nginx/conf.d/00json_log.conf"
|
||||||
|
subPath: 00json_log.conf
|
||||||
- name: nginx-dhparam
|
- name: nginx-dhparam
|
||||||
mountPath: "/etc/ssl/dhparam.pem"
|
mountPath: "/etc/ssl/dhparam.pem"
|
||||||
subPath: dhparam.pem
|
subPath: dhparam.pem
|
||||||
@ -104,6 +107,8 @@ spec:
|
|||||||
items:
|
items:
|
||||||
- key: nginx-config
|
- key: nginx-config
|
||||||
path: atst.conf
|
path: atst.conf
|
||||||
|
- key: nginx-json-log-config
|
||||||
|
path: 00json_log.conf
|
||||||
- name: nginx-dhparam
|
- name: nginx-dhparam
|
||||||
secret:
|
secret:
|
||||||
secretName: dhparam-4096
|
secretName: dhparam-4096
|
||||||
@ -153,7 +158,7 @@ spec:
|
|||||||
fsGroup: 101
|
fsGroup: 101
|
||||||
containers:
|
containers:
|
||||||
- name: atst-worker
|
- name: atst-worker
|
||||||
image: registry.atat.codes:443/atst-prod:50f0843c
|
image: registry.atat.codes:443/atst-prod:03ee3438
|
||||||
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
|
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user