diff options
author | Katharina Fey <kookie@spacekookie.de> | 2019-11-28 13:51:37 +0100 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2019-11-28 13:51:37 +0100 |
commit | 5ada3eb928256f7b032b39bb34107e6f26ab0041 (patch) | |
tree | 4ac14615ee84d56fcbc1398cc5a459016abdfdd5 /modules | |
parent | 3a8f3350b7dd99de2f86a1a96a877b71f67757a0 (diff) |
server/nginx: anonymising client IPs (is this GDPR compliant?)
Diffstat (limited to '')
-rw-r--r-- | modules/server/nginx/default.nix | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/modules/server/nginx/default.nix b/modules/server/nginx/default.nix new file mode 100644 index 00000000000..c81fee44294 --- /dev/null +++ b/modules/server/nginx/default.nix @@ -0,0 +1,25 @@ +/* NGINX ROOT CONFIGURATION + * + * Mostly sets up IP anonymisation in logs + */ + +{ config, ... }: + +{ + services.nginx = { + enable = true; + appendHttpConfig = '' + map $remote_addr $remote_addr_anon { + ~(?P<ip>\d+\.\d+\.\d+)\. $ip.X; + ~(?P<ip>[^:]+:[^:]+): $ip::X; + default 0.0.0.0; + } + + log_format anonymous '$remote_addr_anon - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + access_log /var/spool/nginx/logs/access.log anonymous; + charset UTF-8; + ''; + }; +} |