server/nginx: anonymising client IPs (is this GDPR compliant?)

author: Katharina Fey <kookie@spacekookie.de> 2019-11-28 13:51:37 +0100
committer: Katharina Fey <kookie@spacekookie.de> 2019-11-28 13:51:37 +0100
commit: 5ada3eb928256f7b032b39bb34107e6f26ab0041 (patch)
tree: 4ac14615ee84d56fcbc1398cc5a459016abdfdd5 /modules/server/nginx
parent: 3a8f3350b7dd99de2f86a1a96a877b71f67757a0 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/modules/server/nginx/default.nix b/modules/server/nginx/default.nix
new file mode 100644
index 00000000000..c81fee44294
--- /dev/null
+++ b/modules/server/nginx/default.nix
@@ -0,0 +1,25 @@
+/* NGINX ROOT CONFIGURATION
+ *
+ * Mostly sets up IP anonymisation in logs
+ */
+
+{ config, ... }:
+
+{
+  services.nginx = {
+    enable = true;
+    appendHttpConfig = ''
+      map $remote_addr $remote_addr_anon {
+        ~(?P<ip>\d+\.\d+\.\d+)\.    $ip.X;
+        ~(?P<ip>[^:]+:[^:]+):       $ip::X;
+        default                     0.0.0.0;
+      }
+    
+      log_format anonymous '$remote_addr_anon - $remote_user [$time_local] '
+                             '"$request" $status $body_bytes_sent '
+                             '"$http_referer" "$http_user_agent"';
+      access_log /var/spool/nginx/logs/access.log anonymous;
+      charset UTF-8;
+    '';
+  };
+}
author	Katharina Fey <kookie@spacekookie.de>	2019-11-28 13:51:37 +0100
committer	Katharina Fey <kookie@spacekookie.de>	2019-11-28 13:51:37 +0100
commit	5ada3eb928256f7b032b39bb34107e6f26ab0041 (patch)
tree	4ac14615ee84d56fcbc1398cc5a459016abdfdd5 /modules/server/nginx
parent	3a8f3350b7dd99de2f86a1a96a877b71f67757a0 (diff)