Skip to content

Commit 0045f02

Browse files
authored
Merge pull request #10151 from internetarchive/fix-nginx-logs
Switch to using NJS for nginx IP anonymization
2 parents 9840d58 + 9387074 commit 0045f02

File tree

6 files changed

+33
-30
lines changed

6 files changed

+33
-30
lines changed

docker/Dockerfile.olbase

Lines changed: 3 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -38,22 +38,10 @@ RUN apt-get -qq update && apt-get install -y \
3838
COPY scripts/install_nodejs.sh ./
3939
RUN ./install_nodejs.sh && rm ./install_nodejs.sh
4040

41-
# Install Archive.org nginx w/ IP anonymization
41+
# Install nginx
4242
USER root
43-
RUN apt-get update && apt-get install -y --no-install-recommends nginx curl letsencrypt \
44-
# nginx-plus
45-
apt-transport-https lsb-release ca-certificates wget \
46-
# log rotation service for ol-nginx
47-
logrotate \
48-
# rsync service for pulling monthly sitemaps from ol-home0 to ol-www0
49-
rsync
50-
COPY scripts/install_openresty.sh ./
51-
RUN ./install_openresty.sh && rm ./install_openresty.sh
52-
RUN rm /usr/sbin/nginx
53-
RUN curl -L https://archive.org/download/nginx/nginx -o /usr/sbin/nginx
54-
RUN chmod +x /usr/sbin/nginx
55-
# Remove the stock nginx config file
56-
RUN rm /etc/nginx/sites-enabled/default
43+
COPY scripts/install_nginx.sh ./
44+
RUN ./install_nginx.sh && rm ./install_nginx.sh
5745

5846
RUN mkdir -p /var/log/openlibrary /var/lib/openlibrary && chown openlibrary:openlibrary /var/log/openlibrary /var/lib/openlibrary \
5947
&& mkdir /openlibrary && chown openlibrary:openlibrary /openlibrary \

docker/covers_nginx.conf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,9 @@ server {
1414
ssl_protocols TLSv1.2 TLSv1.3;
1515
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
1616
ssl_prefer_server_ciphers on;
17+
18+
# Needed for logging/IP anonymization
19+
include /olsystem/etc/nginx/logging_periodics.conf;
1720
}
1821

1922
# Docker's internal load balancing ends up with unbalanced connections eventually.

docker/nginx.conf

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
# Needed for IP anonymization
2+
load_module modules/ngx_http_js_module.so;
3+
14
user www-data;
25

36
# XXX-Anand: Oct 2013
@@ -25,7 +28,8 @@ http {
2528
server_names_hash_bucket_size 64;
2629
types_hash_bucket_size 64;
2730

28-
log_format iacombined '$remote_addr_ipscrub $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time';
31+
# Logging / IP Anonymization; also need logging_periodics.conf inside a server block
32+
include /olsystem/etc/nginx/logging.conf;
2933
access_log /var/log/nginx/access.log iacombined;
3034

3135
client_max_body_size 50m;

docker/web_nginx.conf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,9 @@ server {
3232
ssl_protocols TLSv1.2 TLSv1.3;
3333
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
3434
ssl_prefer_server_ciphers on;
35+
36+
# Needed for logging/IP anonymization
37+
include /olsystem/etc/nginx/logging_periodics.conf;
3538
}
3639

3740
server {

scripts/install_nginx.sh

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
#! /bin/bash
2+
3+
apt-get update
4+
5+
# log rotation service for ol-nginx
6+
# rsync service for pulling monthly sitemaps from ol-home0 to ol-www0
7+
apt-get install -y --no-install-recommends curl \
8+
logrotate \
9+
rsync \
10+
lsb-release
11+
12+
# Add the NGINX signing key + Repo
13+
curl -fsSL https://nginx.org/keys/nginx_signing.key | tee /usr/share/keyrings/nginx-keyring.asc
14+
echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.asc] http://nginx.org/packages/debian $(lsb_release -cs) nginx" \
15+
> /etc/apt/sources.list.d/nginx.list
16+
17+
# Install nginx and the NJS module
18+
apt-get update
19+
apt-get install -y --no-install-recommends nginx nginx-module-njs letsencrypt

scripts/install_openresty.sh

Lines changed: 0 additions & 14 deletions
This file was deleted.

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy