diff options
| author | Patrick Spek <p.spek@tyil.nl> | 2022-05-06 10:01:53 +0200 |
|---|---|---|
| committer | Patrick Spek <p.spek@tyil.nl> | 2022-05-06 10:01:53 +0200 |
| commit | 2d402273b67d72e3c1cc84ad952151568bb8ac3c (patch) | |
| tree | 0a38cab9e4df6b0cbf09c4bb922331e1fccc1b8e /playbooks.d/webserver-nginx | |
| parent | 44c43f638420189ff18f246fc3291df2cec81516 (diff) | |
Add logrotate configuration for nginx
Diffstat (limited to 'playbooks.d/webserver-nginx')
| -rw-r--r-- | playbooks.d/webserver-nginx/etc/defaults | 1 | ||||
| -rw-r--r-- | playbooks.d/webserver-nginx/playbook.bash | 12 | ||||
| -rw-r--r-- | playbooks.d/webserver-nginx/share/logrotate.conf | 11 | ||||
| -rw-r--r-- | playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www | 2 |
4 files changed, 25 insertions, 1 deletions
diff --git a/playbooks.d/webserver-nginx/etc/defaults b/playbooks.d/webserver-nginx/etc/defaults index 26eaa60..f9ef6fc 100644 --- a/playbooks.d/webserver-nginx/etc/defaults +++ b/playbooks.d/webserver-nginx/etc/defaults @@ -1,4 +1,5 @@ pkg.certbot=certbot +pkg.logrotate=logrotate pkg.nginx=nginx svc.nginx=nginx diff --git a/playbooks.d/webserver-nginx/playbook.bash b/playbooks.d/webserver-nginx/playbook.bash index b436018..e750eb6 100644 --- a/playbooks.d/webserver-nginx/playbook.bash +++ b/playbooks.d/webserver-nginx/playbook.bash @@ -3,7 +3,10 @@ playbook_add() { info "webserver/add" "Installing packages" - pkg install certbot nginx + pkg install \ + certbot \ + logrotate \ + nginx info "webserver/add" "Create nginx user account" groupadd "$(config "nginx.group")" @@ -27,6 +30,7 @@ playbook_add() "$(config "fs.etcdir")/nginx/sites-enabled.d/http" \ "$(config "fs.etcdir")/nginx/sites-enabled.d/https" \ "$(config "fs.etcdir")/nginx/snippets.d" \ + "$(config "fs.logdir")/nginx/access-logs" \ /var/www info "webserver/add" "Generating dhparam.pem" @@ -44,6 +48,12 @@ playbook_sync() local snippets local sites + notice "$BASHTARD_PLAYBOOK" "Updating logrotate" + file_template "logrotate.conf" \ + user="$(config "nginx.user")" \ + group="$(config "nginx.group")" \ + > "$(config "fs.etcdir")/logrotate.d/nginx" + notice "webserver/sync" "Updating nginx.conf" file_template "nginx.conf" \ etc="$(config "fs.etcdir")" \ diff --git a/playbooks.d/webserver-nginx/share/logrotate.conf b/playbooks.d/webserver-nginx/share/logrotate.conf new file mode 100644 index 0000000..faa9996 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/logrotate.conf @@ -0,0 +1,11 @@ +/var/log/nginx/access-logs/*.log { + daily + missingok + rotate -1 + notifempty + create 0640 ${user} ${group} + sharedscripts + postrotate + nginx -s reopen >> /var/log/logrotate.log 2>&1 + endscript +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www index 3304c8f..9430959 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www @@ -7,6 +7,8 @@ server { ssl_certificate /etc/letsencrypt/live/www.tyil.nl/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.tyil.nl/privkey.pem; + access_log /var/log/nginx/access-logs/nl.tyil.log; + include /etc/nginx/snippets.d/certbot.conf; include /etc/nginx/snippets.d/headers.conf; include /etc/nginx/snippets.d/ssl.conf; |