aboutsummaryrefslogtreecommitdiff
path: root/modules/server/nginx/default.nix
/* NGINX ROOT CONFIGURATION
 *
 * Mostly sets up IP anonymisation in logs
 */

{ config, ... }:

{
  services.nginx = {
    enable = true;
    appendHttpConfig = ''
      map $remote_addr $remote_addr_anon {
        ~(?P<ip>\d+\.\d+\.\d+)\.    $ip.X;
        ~(?P<ip>[^:]+:[^:]+):       $ip::X;
        default                     0.0.0.0;
      }
    
      log_format anonymous '$remote_addr_anon - $remote_user [$time_local] '
                             '"$request" $status $body_bytes_sent '
                             '"$http_referer" "$http_user_agent"';
      access_log /var/spool/nginx/logs/access.log anonymous;
      charset UTF-8;
    '';
  };
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 06:40:41 +0000