replace access log ip anonymization with vars to control access logs

hace 7 meses · cbbf20004c
--- a/roles/custom/matrix-client-cinny/defaults/main.yml
+++ b/roles/custom/matrix-client-cinny/defaults/main.yml
@@ -159,6 +159,9 @@ matrix_client_cinny_self_check_validate_certificates: true
 # See `matrix_client_cinny_config_homeserverList`.
 matrix_client_cinny_default_hs_url: ""

 # Controls whether the Cinny access log is enabled
 matrix_client_cinny_access_log_enabled: true

 # Controls the `defaultHomeserver` value in the `config.json` file.
 matrix_client_cinny_config_defaultHomeserver: 0  # noqa var-naming

--- a/roles/custom/matrix-client-cinny/templates/nginx.conf.j2
+++ b/roles/custom/matrix-client-cinny/templates/nginx.conf.j2
@@ -31,17 +31,15 @@ http {
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;

 	map $remote_addr $remote_addr_anon {
 		~(?P<ip>\d+\.\d+\.\d+)\.    $ip.0;
 		~(?P<ip>[^:]+:[^:]+):       $ip::;
 		default                     0.0.0.0;
 	}

 	log_format main '$remote_addr_anon - $remote_user [$time_local] "$request" '
 	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 		'$status $body_bytes_sent "$http_referer" '
 		'"$http_user_agent" "$http_x_forwarded_for"';

 	{% if matrix_client_cinny_access_log_enabled %}
 	access_log /var/log/nginx/access.log main;
 	{% else %}
 	access_log off;
 	{% endif %}

 	sendfile on;
 	#tcp_nopush on;
--- a/roles/custom/matrix-client-hydrogen/defaults/main.yml
+++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml
@@ -154,6 +154,9 @@ matrix_client_hydrogen_path_prefix: /
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_client_hydrogen_self_check_validate_certificates: true

 # Controls whether the access log is enabled.
 matrix_client_hydrogen_access_log_enabled: true

 # config.json
 matrix_client_hydrogen_push:
  appId: io.element.hydrogen.web
--- a/roles/custom/matrix-client-hydrogen/templates/nginx.conf.j2
+++ b/roles/custom/matrix-client-hydrogen/templates/nginx.conf.j2
@@ -31,17 +31,15 @@ http {
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;

 	map $remote_addr $remote_addr_anon {
 		~(?P<ip>\d+\.\d+\.\d+)\.    $ip.0;
 		~(?P<ip>[^:]+:[^:]+):       $ip::;
 		default                     0.0.0.0;
 	}

 	log_format main '$remote_addr_anon - $remote_user [$time_local] "$request" '
 	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 		'$status $body_bytes_sent "$http_referer" '
 		'"$http_user_agent" "$http_x_forwarded_for"';

 	{% if matrix_client_hydrogen_access_log_enabled %}
 	access_log /var/log/nginx/access.log main;
 	{% else %}
 	access_log off;
 	{% endif %}

 	sendfile on;
 	#tcp_nopush on;
--- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
+++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/nginx.conf.j2
@@ -33,18 +33,14 @@ http {
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;

 	map $remote_addr $remote_addr_anon {
 		~(?P<ip>\d+\.\d+\.\d+)\.    $ip.0;
 		~(?P<ip>[^:]+:[^:]+):       $ip::;
 		default                     0.0.0.0;
 	}

 	log_format main '$remote_addr_anon - $remote_user [$time_local] "$request" '
 	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 		'$status $body_bytes_sent "$http_referer" '
 		'"$http_user_agent" "$http_x_forwarded_for"';

 	{% if matrix_synapse_reverse_proxy_companion_access_log_enabled %}
 	access_log /var/log/nginx/access.log main;
 	{% else %}
 	access_log off;
 	{% endif %}

 	{% if matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled %}