From 2d402273b67d72e3c1cc84ad952151568bb8ac3c Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Fri, 6 May 2022 10:01:53 +0200
Subject: Add logrotate configuration for nginx

---
 playbooks.d/webserver-nginx/etc/defaults                    |  1 +
 playbooks.d/webserver-nginx/playbook.bash                   | 12 +++++++++++-
 playbooks.d/webserver-nginx/share/logrotate.conf            | 11 +++++++++++
 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www |  2 ++
 4 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 playbooks.d/webserver-nginx/share/logrotate.conf

(limited to 'playbooks.d/webserver-nginx')

diff --git a/playbooks.d/webserver-nginx/etc/defaults b/playbooks.d/webserver-nginx/etc/defaults
index 26eaa60..f9ef6fc 100644
--- a/playbooks.d/webserver-nginx/etc/defaults
+++ b/playbooks.d/webserver-nginx/etc/defaults
@@ -1,4 +1,5 @@
 pkg.certbot=certbot
+pkg.logrotate=logrotate
 pkg.nginx=nginx
 
 svc.nginx=nginx
diff --git a/playbooks.d/webserver-nginx/playbook.bash b/playbooks.d/webserver-nginx/playbook.bash
index b436018..e750eb6 100644
--- a/playbooks.d/webserver-nginx/playbook.bash
+++ b/playbooks.d/webserver-nginx/playbook.bash
@@ -3,7 +3,10 @@
 playbook_add()
 {
 	info "webserver/add" "Installing packages"
-	pkg install certbot nginx
+	pkg install \
+		certbot \
+		logrotate \
+		nginx
 
 	info "webserver/add" "Create nginx user account"
 	groupadd "$(config "nginx.group")"
@@ -27,6 +30,7 @@ playbook_add()
 		"$(config "fs.etcdir")/nginx/sites-enabled.d/http" \
 		"$(config "fs.etcdir")/nginx/sites-enabled.d/https" \
 		"$(config "fs.etcdir")/nginx/snippets.d" \
+		"$(config "fs.logdir")/nginx/access-logs" \
 		/var/www
 
 	info "webserver/add" "Generating dhparam.pem"
@@ -44,6 +48,12 @@ playbook_sync()
 	local snippets
 	local sites
 
+	notice "$BASHTARD_PLAYBOOK" "Updating logrotate"
+	file_template "logrotate.conf" \
+		user="$(config "nginx.user")" \
+		group="$(config "nginx.group")" \
+		> "$(config "fs.etcdir")/logrotate.d/nginx"
+
 	notice "webserver/sync" "Updating nginx.conf"
 	file_template "nginx.conf" \
 		etc="$(config "fs.etcdir")" \
diff --git a/playbooks.d/webserver-nginx/share/logrotate.conf b/playbooks.d/webserver-nginx/share/logrotate.conf
new file mode 100644
index 0000000..faa9996
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/logrotate.conf
@@ -0,0 +1,11 @@
+/var/log/nginx/access-logs/*.log {
+	daily
+	missingok
+	rotate -1
+	notifempty
+	create 0640 ${user} ${group}
+	sharedscripts
+	postrotate
+		nginx -s reopen >> /var/log/logrotate.log 2>&1
+	endscript
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www
index 3304c8f..9430959 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www
@@ -7,6 +7,8 @@ server {
 	ssl_certificate /etc/letsencrypt/live/www.tyil.nl/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/www.tyil.nl/privkey.pem;
 
+	access_log /var/log/nginx/access-logs/nl.tyil.log;
+
 	include /etc/nginx/snippets.d/certbot.conf;
 	include /etc/nginx/snippets.d/headers.conf;
 	include /etc/nginx/snippets.d/ssl.conf;
-- 
cgit v1.1