Skip to content

Commit

Permalink
Improve Nginx logging, by introducing a separate inbox log (#1217)
Browse files Browse the repository at this point in the history
  • Loading branch information
melroy89 authored Nov 15, 2024
1 parent 86b89da commit 704be26
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 22 deletions.
2 changes: 2 additions & 0 deletions docs/02-admin/01-installation/bare_metal.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=compose

If you have a firewall installed (or you're behind a NAT), be sure to open port `443` for the web server. Mbin should run behind a reverse proxy like Nginx.

For Nginx see: [Nginx configuration](../02-configuration/nginx.md).

## Install NodeJS (frontend tools)

1. Prepare & download keyring:
Expand Down
20 changes: 18 additions & 2 deletions docs/02-admin/01-installation/docker.md
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,20 @@ files.
NGINX reverse proxy example for the Mbin Docker instance:

```nginx
# Map between POST requests on inbox vs the rest
map $request $inboxRequest {
~^POST\ \/f\/inbox 1;
~^POST\ \/i\/inbox 1;
~^POST\ \/m\/.+\/inbox 1;
~^POST\ \/u\/.+\/inbox 1;
default 0;
}
map $inboxRequest $regularRequest {
1 0;
default 1;
}
# Redirect HTTP to HTTPS
server {
server_name domain.tld;
Expand All @@ -200,7 +214,8 @@ server {
}
server {
listen 443 ssl http2;
listen 443 ssl;
http2 on;
server_name domain.tld;
charset utf-8;
Expand All @@ -225,7 +240,8 @@ server {
# Logs
error_log /var/log/nginx/mbin_error.log;
access_log /var/log/nginx/mbin_access.log;
access_log /var/log/nginx/mbin_access.log if=$regularRequest;
access_log /var/log/nginx/mbin_inbox.log if=$inboxRequest buffer=32k flush=5m;
location / {
proxy_set_header HOST $host;
Expand Down
42 changes: 25 additions & 17 deletions docs/02-admin/02-configuration/nginx.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,20 @@ sudo nano /etc/nginx/sites-available/mbin.conf
With the content:

```nginx
# Map between POST requests on inbox vs the rest
map $request $inboxRequest {
~^POST\ \/f\/inbox 1;
~^POST\ \/i\/inbox 1;
~^POST\ \/m\/.+\/inbox 1;
~^POST\ \/u\/.+\/inbox 1;
default 0;
}
map $inboxRequest $regularRequest {
1 0;
default 1;
}
# Redirect HTTP to HTTPS
server {
server_name domain.tld;
Expand Down Expand Up @@ -123,15 +137,16 @@ server {
# Logs
error_log /var/log/nginx/mbin_error.log;
access_log /var/log/nginx/mbin_access.log;
access_log /var/log/nginx/mbin_access.log if=$regularRequest;
access_log /var/log/nginx/mbin_inbox.log if=$inboxRequest buffer=32k flush=5m;
location / {
# try to serve file directly, fallback to app.php
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location = /robots.txt { allow all; access_log off; log_not_found off; }
location /.well-known/mercure {
proxy_pass http://127.0.0.1:3000$request_uri;
Expand Down Expand Up @@ -167,31 +182,24 @@ server {
try_files $uri $uri/ /index.php?$query_string;
}
# assets, documents, archives, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|tgz|gz|rar|bz2|doc|pdf|ptt|tar|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 30d;
add_header Access-Control-Allow-Origin "*";
add_header Cache-Control "public, no-transform";
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
# Static assets
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|tgz|gz|rar|bz2|doc|pdf|ptt|tar|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|svgz?|ttf|ttc|otf|eot|woff2?)$ {
expires 30d;
add_header Access-Control-Allow-Origin "*";
add_header Cache-Control "public, no-transform";
access_log off;
}
location ~ /\.(?!well-known).* {
deny all;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
# Deny dot folders and files, except for the .well-known folder
location ~ /\.(?!well-known).* {
deny all;
}
}
```

Expand Down
6 changes: 3 additions & 3 deletions docs/02-admin/05-troubleshooting/bare_metal.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,12 @@ Or:

Web-server (Nginx):

- `sudo tail -f /var/log/nginx/mbin_access.log`
- `sudo tail -f /var/log/nginx/mbin_error.log`
- Normal access log: `sudo tail -f /var/log/nginx/mbin_access.log`
- Inbox access log: `sudo tail -f /var/log/nginx/mbin_inbox.log`
- Error log: `sudo tail -f /var/log/nginx/mbin_error.log`

## Debugging

**Please, check the logs above first.** If you are really stuck, visit to our [Matrix space](https://matrix.to/#/%23mbin:melroy.org), there is a 'General' room and dedicated room for 'Issues/Support'.

Test PostgreSQL connections if using a remote server, same with Redis (or KeyDB is you are using that instead). Ensure no firewall rules blocking are any incoming or out-coming traffic (eg. port on 80 and 443).

0 comments on commit 704be26

Please sign in to comment.