ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-07 09:53:38 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add CrowdSec OpenResty bouncer config - ENV: CROWDSEC_BOUNCER = 1 to enable. /data/crowdsec/crowdsec-openresty-bouncer.conf is the configuration file for it.

Browse Source 
Add Admin dashboard logging to the /data/logs/admin-panel_[access/error].log  folder - ENV: ADMIN_PANEL_LOG = 1 to enable.

Add OpenResty error log (fallback_error.log) debug level - ENV: OPENRESTY_DEBUG = 1 to enable.
This commit is contained in:
baudneo
2022-02-18 14:42:11 -07:00
parent a233bc0045
commit 76588a8e2f
6 changed files with 180 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker/Dockerfile
View File

@@ -16,7 +16,8 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
NODE_ENV=production \ NODE_ENV=production \
NPM_BUILD_VERSION="${BUILD_VERSION}" \ NPM_BUILD_VERSION="${BUILD_VERSION}" \
NPM_BUILD_COMMIT="${BUILD_COMMIT}" \ NPM_BUILD_COMMIT="${BUILD_COMMIT}" \
NPM_BUILD_DATE="${BUILD_DATE}" NPM_BUILD_DATE="${BUILD_DATE}" \
OPENRESTY_DEBUG="0"
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \ && apt-get update \

2
docker/rootfs/etc/cont-init.d/01_perms.sh
View File

@@ -1,7 +1,7 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
set -e set -e
mkdir -p /data/logs mkdir -p /data/logs
echo "Changing ownership of /data/logs to $(id -u):$(id -g)" echo "Changing ownership of /data/logs to $(id -u):$(id -g)"
chown -R "$(id -u):$(id -g)" /data/logs chown -R "$(id -u):$(id -g)" /data/logs

29
docker/rootfs/etc/cont-init.d/98_logging-options.sh Executable file
View File

@@ -0,0 +1,29 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
set -e # Exit immediately if a command exits with a non-zero status.
set -u # Treat unset variables as an error.
# Redirect admin panel logs from /dev/null to log files if enabled
if [[ ${ADMIN_PANEL_LOG} == "1" ]] || [[ ${ADMIN_PANEL_LOG} -eq 1 ]]; then
echo "Enabling admin dashboard logging"
echo "ADMIN_PANEL_LOG = $ADMIN_PANEL_LOG"
sed-patch 's|<ADMIN_ACCESS_LOG>|/data/logs/admin-panel_access.log standard|' /etc/nginx/conf.d/production.conf
sed-patch 's|<ADMIN_ERROR_LOG>|/data/logs/admin-panel_error.log warn|' /etc/nginx/conf.d/production.conf
else
echo "Leaving admin dashboard logging off (default behavior)"
echo "ADMIN_PANEL_LOG = $ADMIN_PANEL_LOG"
sed-patch 's|<ADMIN_ACCESS_LOG>|/dev/null|' /etc/nginx/conf.d/production.conf
sed-patch 's|<ADMIN_ERROR_LOG>|/dev/null|' /etc/nginx/conf.d/production.conf
fi
if [[ ${OPENRESTY_DEBUG} == "1" ]] || [[ ${OPENRESTY_DEBUG} -eq 1 ]]; then
echo "Changing OpenResty ERROR (fallback_error.log) logging to level: DEBUG"
echo "OPENRESTY_DEBUG = $OPENRESTY_DEBUG"
sed-patch 's|<ERROR_LOG_LEVEL>|debug|' /etc/nginx/nginx.conf
else
echo "Leaving OpenResty ERROR (fallback_error.log) logging at level: WARN (default behavior)"
echo "OPENRESTY_DEBUG = $OPENRESTY_DEBUG"
sed-patch 's|<ERROR_LOG_LEVEL>|warn|' /etc/nginx/nginx.conf
fi

50
docker/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh Executable file
View File

@@ -0,0 +1,50 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
set -e # Exit immediately if a command exits with a non-zero status.
set -u # Treat unset variables as an error.
# Redirect admin panel logs from /dev/null to log files if enabled
if [[ ${ADMIN_PANEL_LOG} == "1" ]] || [[ ${ADMIN_PANEL_LOG} -eq 1 ]]; then
echo "Enabling admin dashboard logging"
echo "ADMIN_PANEL_LOG = $ADMIN_PANEL_LOG"
sed-patch 's|<ADMIN_ACCESS_LOG>|/data/logs/admin-panel_access.log standard|' /etc/nginx/conf.d/production.conf
sed-patch 's|<ADMIN_ERROR_LOG>|/data/logs/admin-panel_error.log warn|' /etc/nginx/conf.d/production.conf
else
echo "Leaving admin dashboard logging off (default behavior)"
echo "ADMIN_PANEL_LOG = $ADMIN_PANEL_LOG"
sed-patch 's|<ADMIN_ACCESS_LOG>|/dev/null|' /etc/nginx/conf.d/production.conf
sed-patch 's|<ADMIN_ERROR_LOG>|/dev/null|' /etc/nginx/conf.d/production.conf
fi
if [[ ${OPENRESTY_DEBUG} == "1" ]] || [[ ${OPENRESTY_DEBUG} -eq 1 ]]; then
echo "Changing OpenResty ERROR (fallback_error.log) logging to level: DEBUG"
echo "OPENRESTY_DEBUG = $OPENRESTY_DEBUG"
sed-patch 's|<ERROR_LOG_LEVEL>|debug|' /etc/nginx/nginx.conf
else
echo "Leaving OpenResty ERROR (fallback_error.log) logging at level: WARN (default behavior)"
echo "OPENRESTY_DEBUG = $OPENRESTY_DEBUG"
sed-patch 's|<ERROR_LOG_LEVEL>|warn|' /etc/nginx/nginx.conf
fi
cat docker/rootfs/etc/cont-init.d/99_crowdsec-openresty-bouncer.sh
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
set -e # Exit immediately if a command exits with a non-zero status.
set -u # Treat unset variables as an error.
log() {
echo "[cont-init.d] $(basename "$0"): $*"
}
if [ "${CROWDSEC_BOUNCER}" == "1" ] || [ "${CROWDSEC_BOUNCER}" -eq 1 ]; then
mkdir -p /data/crowdsec
#Install Crowdsec Bouncer Config.
[ -f /data/crowdsec/crowdsec-openresty-bouncer.conf ] || cp /crowdsec/crowdsec-openresty-bouncer.conf /data/crowdsec/crowdsec-openresty-bouncer.conf
mkdir -p /etc/nginx/lualib/plugins/crowdsec/
cp /crowdsec/lua/* /etc/nginx/lualib/plugins/crowdsec/
cp /crowdsec/crowdsec_openresty.conf /etc/nginx/conf.d/
sed-patch 's|ok, err = require "crowdsec".allowIp(ngx.var.remote_addr)|local ok, err = require "crowdsec".allowIp(ngx.var.remote_addr)|' /etc/nginx/lualib/plugins/crowdsec/access.lua
fi

4
docker/rootfs/etc/nginx/conf.d/production.conf
View File

@@ -5,7 +5,9 @@ server {
server_name nginxproxymanager; server_name nginxproxymanager;
root /app/frontend; root /app/frontend;
access_log /dev/null; # Replaced with /dev/null by default unless ADMIN_PANEL_LOG is set to '1'
access_log <ADMIN_ACCESS_LOG>;
error_log <ADMIN_ERROR_LOG>;
location /api { location /api {
return 302 /api/; return 302 /api/;

2
docker/rootfs/etc/nginx/nginx.conf
View File

@@ -9,7 +9,7 @@ worker_processes auto;
# Enables the use of JIT for regular expressions to speed-up their processing. # Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on; pcre_jit on;
error_log /data/logs/fallback_error.log warn; error_log /data/logs/fallback_error.log <ERROR_LOG_LEVEL>;
# Includes files with directives to load dynamic modules. # Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf; include /etc/nginx/modules/*.conf;