From 6220885e7d4297b0b44af423c11e5b66809d5f8c Mon Sep 17 00:00:00 2001
From: Thomas Kuehne <thomas@linklayer.de>
Date: Sat, 29 Jun 2019 18:26:12 +0200
Subject: [PATCH] add option to log nginx access to file

- the nginx access log wil be written to /matrix/nginx-proxy/access.log
- the log will not be forwarded to the systemd journal anymore
---
 roles/matrix-nginx-proxy/defaults/main.yml         |  3 +++
 .../matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 14 ++++++++++++++
 .../templates/nginx/nginx.conf.j2                  |  4 ++++
 .../systemd/matrix-nginx-proxy.service.j2          |  3 +++
 4 files changed, 24 insertions(+)

diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index b4b181ff9..1d09130c4 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -25,6 +25,9 @@ matrix_nginx_proxy_container_additional_volumes: []
 # A list of extra arguments to pass to the container
 matrix_nginx_proxy_container_extra_arguments: []
 
+# Controls whether nginx logs access to stdout of the container (and so to journald) or to the file /matrix/nginx-proxy/access.log
+matrix_nginx_access_log_to_file: false
+
 # Controls whether matrix-nginx-proxy should serve the base domain.
 #
 # This is useful for when you only have your Matrix server, but you need to serve
diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
index 693c1bd00..ccc71bb11 100644
--- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
+++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
@@ -115,6 +115,14 @@
     daemon_reload: yes
   when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed"
 
+- name: Ensure Matrix nginx-proxy access.log file exist
+  file:
+    path: "{{ matrix_nginx_proxy_base_path }}/access.log"
+    state: touch
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_username }}"
+  when: matrix_nginx_access_log_to_file|bool
 
 #
 # Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
@@ -186,3 +194,9 @@
     path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
     state: absent
   when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool"
+
+- name: Ensure Matrix nginx-proxy configuration for base domain deleted
+  file:
+    path: "{{ matrix_nginx_proxy_base_path }}/access.log"
+    state: absent
+  when: "not matrix_nginx_proxy_enabled|bool"
diff --git a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
index 51aa8a006..2dbb5e97c 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2
@@ -33,7 +33,11 @@ http {
 					'$status $body_bytes_sent "$http_referer" '
 					'"$http_user_agent" "$http_x_forwarded_for"';
 
+	{% if matrix_nginx_access_log_to_file %}
+	access_log /var/log/nginx/access_file.log main;
+	{% else %}
 	access_log /var/log/nginx/access.log main;
+	{% endif %}
 
 	sendfile on;
 	#tcp_nopush on;
diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
index 6d30322a5..e7eebf72b 100644
--- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
+++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
@@ -31,6 +31,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
 			-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
 			-v {{ matrix_ssl_config_dir_path }}:{{ matrix_ssl_config_dir_path }}:ro \
 			-v {{ matrix_static_files_base_path }}:{{ matrix_static_files_base_path }}:ro \
+			{% if matrix_nginx_access_log_to_file %}
+			-v {{ matrix_nginx_proxy_base_path }}/access.log:/var/log/nginx/access_file.log:rw \
+			{% endif %}
 			{% for volume in matrix_nginx_proxy_container_additional_volumes %}
 			-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
 			{% endfor %}