Skip to content
Permalink
Browse files
Merge pull request #1140 from jc21/adds-logrotation
Adds logrotation
  • Loading branch information
jc21 committed Jul 11, 2021
2 parents 8a37ec7 + 673f40b commit e91019feb91ca29187dbc106b96d5becda5679b1
@@ -201,9 +201,29 @@ const setupCertbotPlugins = () => {
});
};


/**
* Starts a timer to call run the logrotation binary every two days
* @returns {Promise}
*/
const setupLogrotation = () => {
const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days

const runLogrotate = async () => {
await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager');
logger.info('Logrotate completed.');
};

logger.info('Logrotate Timer initialized');
setInterval(runLogrotate, intervalTimeout);
// And do this now as well
return runLogrotate();
};

module.exports = function () {
return setupJwt()
.then(setupDefaultUser)
.then(setupDefaultSettings)
.then(setupCertbotPlugins);
.then(setupCertbotPlugins)
.then(setupLogrotation);
};
@@ -7,7 +7,8 @@ server {
{% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %}

access_log /data/logs/dead_host-{{ id }}.log standard;
access_log /data/logs/dead-host-{{ id }}_access.log standard;
error_log /data/logs/dead-host-{{ id }}_error.log warn;

{{ advanced_config }}

@@ -12,7 +12,8 @@ server {
#listen [::]:80;
{% endif %}
server_name default-host.localhost;
access_log /data/logs/default_host.log combined;
access_log /data/logs/default-host_access.log combined;
error_log /data/logs/default-host_error.log warn;
{% include "_exploits.conf" %}

{%- if value == "404" %}
@@ -8,7 +8,8 @@ server {

server_name {{ domain_names | join: " " }};

access_log /data/logs/letsencrypt-requests.log standard;
access_log /data/logs/letsencrypt-requests_access.log standard;
error_log /data/logs/letsencrypt-requests_error.log warn;

include conf.d/include/letsencrypt-acme-challenge.conf;

@@ -19,8 +19,8 @@ proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
{% endif %}


access_log /data/logs/proxy_host-{{ id }}.log proxy;
access_log /data/logs/proxy-host-{{ id }}_access.log proxy;
error_log /data/logs/proxy-host-{{ id }}_error.log warn;

{{ advanced_config }}

@@ -9,7 +9,8 @@ server {
{% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %}

access_log /data/logs/redirection_host-{{ id }}.log standard;
access_log /data/logs/redirection-host-{{ id }}_access.log standard;
error_log /data/logs/redirection-host-{{ id }}_error.log warn;

{{ advanced_config }}

@@ -20,7 +20,7 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \

RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \
&& apt-get install -y --no-install-recommends jq \
&& apt-get install -y --no-install-recommends jq logrotate \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

@@ -43,6 +43,9 @@ COPY docker/rootfs /
# Remove frontend service not required for prod, dev nginx config as well
RUN rm -rf /etc/services.d/frontend /etc/nginx/conf.d/dev.conf

# Change permission of logrotate config file
RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager

VOLUME [ "/data", "/etc/letsencrypt" ]
ENTRYPOINT [ "/init" ]
HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health
@@ -7,7 +7,7 @@ ENV S6_LOGGING=0 \

RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \
&& apt-get install -y certbot jq python3-pip \
&& apt-get install -y certbot jq python3-pip logrotate \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

@@ -18,6 +18,7 @@ RUN cd /usr \

COPY rootfs /
RUN rm -f /etc/nginx/conf.d/production.conf
RUN chmod 644 /etc/logrotate.d/nginx-proxy-manager

# s6 overlay
RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
@@ -1,9 +1,9 @@
# WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production.
version: "3"
version: "3.5"
services:

npm:
image: nginxproxymanager:dev
container_name: npm_core
build:
context: ./
dockerfile: ./dev/Dockerfile
@@ -36,6 +36,7 @@ services:

db:
image: jc21/mariadb-aria
container_name: npm_db
networks:
- nginx_proxy_manager
environment:
@@ -47,21 +48,26 @@ services:
- db_data:/var/lib/mysql

swagger:
image: 'swaggerapi/swagger-ui:latest'
image: "swaggerapi/swagger-ui:latest"
container_name: npm_swagger
ports:
- 3001:80
networks:
- nginx_proxy_manager
environment:
URL: "http://127.0.0.1:3081/api/schema"
PORT: '80'
PORT: "80"
depends_on:
- npm

volumes:
npm_data:
name: npm_core_data
le_data:
name: npm_le_data
db_data:
name: npm_db_data

networks:
nginx_proxy_manager:
name: npm_network
@@ -0,0 +1,25 @@
/data/logs/*_access.log /data/logs/*/access.log {
create 0644 root root
weekly
rotate 4
missingok
notifempty
compress
sharedscripts
postrotate
/bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
endscript
}

/data/logs/*_error.log /data/logs/*/error.log {
create 0644 root root
weekly
rotate 10
missingok
notifempty
compress
sharedscripts
postrotate
/bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
endscript
}
@@ -8,7 +8,7 @@ server {
set $port "80";

server_name localhost-nginx-proxy-manager;
access_log /data/logs/default.log standard;
access_log /data/logs/fallback_access.log standard;
error_log /dev/null crit;
include conf.d/include/assets.conf;
include conf.d/include/block-exploits.conf;
@@ -29,7 +29,7 @@ server {
set $port "443";

server_name localhost;
access_log /data/logs/default.log standard;
access_log /data/logs/fallback-access.log standard;
error_log /dev/null crit;
ssl_certificate /data/nginx/dummycert.pem;
ssl_certificate_key /data/nginx/dummykey.pem;
@@ -9,7 +9,7 @@ worker_processes auto;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;

error_log /data/logs/error.log warn;
error_log /data/logs/fallback_error.log warn;

# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;
@@ -46,8 +46,7 @@ http {
log_format proxy '[$time_local] $upstream_cache_status $upstream_status $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] [Sent-to $server] "$http_user_agent" "$http_referer"';
log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';


access_log /data/logs/default.log proxy;
access_log /data/logs/fallback_access.log proxy;

# Dynamically generated resolvers file
include /etc/nginx/conf.d/include/resolvers.conf;

0 comments on commit e91019f

Please sign in to comment.