Set access log format and Upstream

Set access log format to json_combined Switch from $backend_variable to upstream (Except for harbor, plane-minio, goaccess, opencloud)
2026-03-17 18:06:10 +00:00
parent 50b13c34ef
commit 547701c7da
13 changed files with 284 additions and 52 deletions
--- a/data/conf.d/vault.conf
+++ b/data/conf.d/vault.conf
@@ -1,3 +1,32 @@
+upstream vault_backend {
+    server 10.0.0.250:8090;
+
+    # Keep up to 32 idle connections per worker
+    keepalive 16;
+
+    # Maximum time a connection can be idle
+    keepalive_timeout 60s;
+
+    # Maximum requests per keepalive connection
+    keepalive_requests 100;
+}
+
+# # Redirect HTTP to HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name vault.novicelab.io;
+    
+    # ACME challenge for Let's Encrypt certificate renewal
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
 server {
    listen 443 ssl; #http2;
    listen [::]:443 ssl; # http2;
@@ -31,14 +60,14 @@ server {
    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;

    # Logging
-    access_log /var/log/nginx/vault.novicelab.io_access.log VCOMBINED;
+    access_log /var/log/nginx/vault.novicelab.io_access.log json_combined;
    error_log /var/log/nginx/vault.novicelab.io_error.log debug;
-    set $vault_backend vaultwarden:443;
+    # set $vault_backend vaultwarden:443;

    location / {
        # proxy_pass http://$vault_backend;
-        # proxy_pass https://10.0.0.251:8100;
-        proxy_pass http://10.0.0.250:8090;
+        # proxy_pass http://10.0.0.250:8090;
+        proxy_pass http://vault_backend;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;