Commit 257adf84 authored by Michael Pöhn's avatar Michael Pöhn

enable privacy friendly access logging

parent 362b077f
......@@ -13,7 +13,11 @@
tasks:
- name: "apt: enable unattended upgrades"
apt: name=unattended-upgrades install_recommends=no state=latest
apt: "name={{item}} install_recommends=no state=latest"
with_items:
- unattended-upgrades
- libnginx-mod-http-geoip
- geoip-database
#######################################################
# webserver setup for search.f-droid.org
......@@ -45,15 +49,21 @@
# root /nonexistent;
}
- name: "replace: turn nginx access logging off"
- name: "blockinfile: nginx.conf customization"
blockinfile:
path: "/etc/nginx/nginx.conf"
insertafter: 'http {'
marker: "## {mark} ANSIBLE MANAGED BLOCK"
content: |
geoip_country /usr/share/GeoIP/GeoIPv6.dat;
log_format privacy '0.0.0.0 - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "-" $geoip_country_code';
- name: "replace: configure privacy freindly nginx access logging"
replace:
path: "/etc/nginx/nginx.conf"
regexp: "access_log /var/log/nginx/access.log;"
replace: "access_log off;"
regexp: "access_log .*;"
replace: "access_log /var/log/nginx/access.log privacy;"
- name: "replace: turn nginx error logging off"
replace:
path: "/etc/nginx/nginx.conf"
regexp: "error_log /var/log/nginx/error.log;"
regexp: "error_log .*;"
replace: "error_log off;"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment