novicelab.io/nginx
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change access log format to VCOMBINED and error log format to debug

Browse Source
This commit is contained in:
kbrianngeno
2026-03-17 08:48:06 +00:00
parent 382a3dd438
commit dc320d83d4
17 changed files with 28 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
data/conf.d/adminer.conf
View File

@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/adminer.novicelab.io_access.log;
error_log /var/log/nginx/adminer.novicelab.io_error.log;
access_log /var/log/nginx/adminer.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/adminer.novicelab.io_error.log debug;
# Root and index
# root /var/www/html;

4
data/conf.d/auth.conf
View File

@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/auth.novicelab.io_access.log;
error_log /var/log/nginx/auth.novicelab.io_error.log;
access_log /var/log/nginx/auth.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/auth.novicelab.io_error.log debug;
# Root and index
# root /var/www/html;

4
data/conf.d/book.conf
View File

@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/book.novicelab.io_access.log;
error_log /var/log/nginx/book.novicelab.io_error.log;
access_log /var/log/nginx/book.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/book.novicelab.io_error.log debug;
# Root and index
# root /var/www/html;

4
data/conf.d/cluster.conf
View File

@@ -38,8 +38,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/*.novicelab.io_access.log;
error_log /var/log/nginx/*.novicelab.io_error.log;
access_log /var/log/nginx/*.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/*.novicelab.io_error.log debug;
location / {
proxy_pass http://10.0.0.20:80; # Assuming HAProxy is on port 8080

44
data/conf.d/collabora.conf
View File

@@ -1,44 +0,0 @@
server {
listen 80;
server_name collabora.novicelab.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl; # http2;
server_name collabora.novicelab.io;
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# set $opencloud_backend 10.0.0.251:9980;
location / {
proxy_pass http://10.0.0.251:9980;
#proxy_pass http://$opencloud_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://10.0.0.251:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}

92
data/conf.d/couch.conf
View File

@@ -1,92 +0,0 @@
server {
listen 80;
server_name couch.novicelab.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl; # http2;
server_name couch.novicelab.io;
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
set $couch_backend 10.0.0.251:5984;
# # Block access to _utils (Fauxton) in production
# location /_utils {
# deny all;
# return 403;
# }
# # Block _config endpoint externally
# location /_config {
# deny all;
# return 403;
# }
# # Block _node endpoint externally
# location /_node {
# # deny all;
# # return 403;
# proxy_pass http://$couch_backend/_node;
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Timeouts
# proxy_connect_timeout 10s;
# proxy_read_timeout 60s;
# }
location / {
# Handle CORS preflight without hitting CouchDB auth
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "GET, PUT, POST, HEAD, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "accept, authorization, content-type, origin, referer, x-csrf-token" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Max-Age 3600;
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
# Pass all other requests to CouchDB
# proxy_pass http://127.0.0.1:5984;
proxy_pass http://$couch_backend/;
proxy_redirect off;
proxy_buffering off;
proxy_method $request_method;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Forward CORS headers from CouchDB responses too
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Credentials "true" always;
proxy_connect_timeout 10s;
proxy_read_timeout 60s;
# Headers for WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

4
data/conf.d/gitea.conf
View File

@@ -31,8 +31,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/gitea.novicelab.io_access.log;
error_log /var/log/nginx/gitea.novicelab.io_error.log;
access_log /var/log/nginx/gitea.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/gitea.novicelab.io_error.log debug;
set $gitea_backend gitea:3000;

4
data/conf.d/harbor.conf
View File

@@ -31,8 +31,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/harbor.novicelab.io_access.log;
error_log /var/log/nginx/harbor.novicelab.io_error.log;
access_log /var/log/nginx/harbor.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/harbor.novicelab.io_error.log debug;
# set $harbor_backend 10.0.0.251:9090;
set $harbor_backend nginx-harbor:80;

8
data/conf.d/hugo.conf
View File

@@ -2,7 +2,7 @@
server {
listen 80;
listen [::]:80;
server_name novicelab.io www.novicelab.io;
server_name novicelab.io www.novicelab.io x.y.novicelab.io;
# ACME challenge for Let's Encrypt certificate renewal
location /.well-known/acme-challenge/ {
@@ -17,7 +17,7 @@ server {
server {
listen 443 ssl; #http2;
listen [::]:443 ssl; # http2;
server_name novicelab.io www.novicelab.io;
server_name novicelab.io www.novicelab.io x.y.novicelab.io;
# SSL Certificate paths
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/novicelab.io_access.log;
error_log /var/log/nginx/novicelab.io_error.log;
access_log /var/log/nginx/novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/novicelab.io_error.log debug;
# Root and index
# root /var/www/html;

0
data/conf.d/kenvip.conf
View File

8
data/conf.d/minio.conf
View File

@@ -41,8 +41,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/minio.novicelab.io_access.log;
error_log /var/log/nginx/minio.novicelab.io_error.log;
access_log /var/log/nginx/minio.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/minio.novicelab.io_error.log debug;
# resolver 127.0.0.11 valid=30s;
set $minio_backend minio:9001;
@@ -107,8 +107,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/s3.novicelab.io_access.log;
error_log /var/log/nginx/s3.novicelab.io_error.log;
access_log /var/log/nginx/s3.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/s3.novicelab.io_error.log debug;
# resolver 127.0.0.11 valid=30s;
set $s3_backend minio:9000;

4
data/conf.d/opencloud.conf
View File

@@ -15,8 +15,8 @@ server {
ssl_session_cache shared:SSL:10m;
# Logging
access_log /var/log/nginx/opencloud.novicelab.io_access.log;
error_log /var/log/nginx/opencloud.novicelab.io_error.log;
access_log /var/log/nginx/opencloud.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/opencloud.novicelab.io_error.log debug;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

4
data/conf.d/plane.conf
View File

@@ -40,8 +40,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/plane.novicelab.io_access.log;
error_log /var/log/nginx/plane.novicelab.io_error.log;
access_log /var/log/nginx/plane.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/plane.novicelab.io_error.log debug;
# resolver 127.0.0.11 valid=30s;
# set $plane_backend 10.0.0.251:9020;

0
data/conf.d/s3.conf
View File

58
data/conf.d/tre.conf
View File

@@ -1,58 +0,0 @@
server {
# listen 80;
# server_name *.novicelab.io;
# resolver 127.0.0.11 valid=30s;
# set $haproxy_backend haproxy:80;
listen 443 ssl; #http2;
listen [::]:443 ssl; # http2;
server_name tre.novicelab.io;
# SSL Certificate paths
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
# SSL Protocol - TLS 1.2 and 1.3 only
ssl_protocols TLSv1.2 TLSv1.3;
# Cipher suites (prioritize TLS 1.3, secure TLS 1.2 fallback)
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
# SSL session configuration
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Security Headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/tre.novicelab.io_access.log;
error_log /var/log/nginx/tre.novicelab.io_error.log;
location /data-catalog {
proxy_pass https://10.0.0.251:8888; # Assuming HAProxy is on port 8080
# proxy_pass http://haproxy_backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Performance optimizations
proxy_buffering off;
proxy_request_buffering off;
proxy_connect_timeout 5s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
}
}

4
data/conf.d/umami.conf
View File

@@ -62,8 +62,8 @@ server {
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Logging
access_log /var/log/nginx/umami.novicelab.io_access.log;
error_log /var/log/nginx/umami.novicelab.io_error.log;
access_log /var/log/nginx/umami.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/umami.novicelab.io_error.log debug;
# Root and index
# root /var/www/html;

4
data/conf.d/vault.conf
View File

@@ -31,8 +31,8 @@ server {
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/vault.novicelab.io_access.log;
error_log /var/log/nginx/vault.novicelab.io_error.log;
access_log /var/log/nginx/vault.novicelab.io_access.log VCOMBINED;
error_log /var/log/nginx/vault.novicelab.io_error.log debug;
set $vault_backend vaultwarden:443;
location / {