diff --git a/changelog.d/20231107_183551_roman_traefik_logs.md b/changelog.d/20231107_183551_roman_traefik_logs.md new file mode 100644 index 000000000000..e55889d1011a --- /dev/null +++ b/changelog.d/20231107_183551_roman_traefik_logs.md @@ -0,0 +1,5 @@ +### Changed + +- The Docker Compose file and Helm chart now enable Traefik access logs by + default, and change the log format to JSON + () diff --git a/docker-compose.https.yml b/docker-compose.https.yml index 2c8ebc22bfad..78bfb79bee22 100644 --- a/docker-compose.https.yml +++ b/docker-compose.https.yml @@ -16,20 +16,14 @@ services: traefik: image: traefik:v2.9 container_name: traefik - command: - - "--providers.docker.exposedByDefault=false" - - "--providers.docker.network=cvat" - - '--providers.file.directory=/etc/traefik/rules' - - "--entryPoints.web.address=:80" - - "--entryPoints.web.http.redirections.entryPoint.to=websecure" - - "--entryPoints.web.http.redirections.entryPoint.scheme=https" - - "--entryPoints.websecure.address=:443" - - "--certificatesResolvers.lets-encrypt.acme.email=${ACME_EMAIL:?Please set the ACME_EMAIL env variable}" - - "--certificatesResolvers.lets-encrypt.acme.tlsChallenge=true" - - "--certificatesResolvers.lets-encrypt.acme.storage=/letsencrypt/acme.json" - # Uncomment to get Traefik dashboard - # - "--entryPoints.dashboard.address=:8090" - # - "--api.dashboard=true" + environment: + TRAEFIK_ENTRYPOINTS_web_ADDRESS: :80 + TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure + TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https + TRAEFIK_ENTRYPOINTS_websecure_ADDRESS: :443 + TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL: "${ACME_EMAIL:?Please set the ACME_EMAIL env variable}" + TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE: "true" + TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE: /letsencrypt/acme.json ports: - 80:80 - 443:443 diff --git a/docker-compose.yml b/docker-compose.yml index 85422f5926e6..d185a3e7a51f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -224,13 +224,6 @@ services: container_name: traefik restart: always command: - - '--providers.docker.exposedByDefault=false' - - '--providers.docker.network=cvat' - - '--entryPoints.web.address=:8080' - - '--providers.file.directory=/etc/traefik/rules' - # Uncomment to get Traefik dashboard - # - "--entryPoints.dashboard.address=:8090" - # - "--api.dashboard=true" # labels: # - traefik.enable=true # - traefik.http.routers.dashboard.entrypoints=dashboard @@ -243,11 +236,32 @@ services: CVAT_HOST: ${CVAT_HOST:-localhost} DJANGO_LOG_VIEWER_HOST: grafana DJANGO_LOG_VIEWER_PORT: 3000 + + TRAEFIK_ACCESSLOG_FORMAT: json + # We ought to restrict which fields get logged, so as to avoid redundant information, + # but it doesn't work when configuring with environment variables: + # . + # And we want to use environment variables to allow individual settings to be + # overridden by other Compose files. + TRAEFIK_LOG_FORMAT: json + TRAEFIK_ENTRYPOINTS_web_ADDRESS: :8080 + TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false" + TRAEFIK_PROVIDERS_DOCKER_NETWORK: cvat + TRAEFIK_PROVIDERS_FILE_DIRECTORY: /etc/traefik/rules + + # Uncomment to get Traefik dashboard + # TRAEFIK_API_DASHBOARD: "true" + # TRAEFIK_ENTRYPOINTS_dashboard_ADDRESS: :8090 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./components/analytics/grafana_conf.yml:/etc/traefik/rules/grafana_conf.yml:ro networks: - cvat + logging: + driver: "json-file" + options: + max-size: 100m + max-file: "10" cvat_opa: container_name: cvat_opa diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 66d72ef8884e..de4804349851 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -392,6 +392,27 @@ ingress: traefik: enabled: false + logs: + general: + format: json + access: + enabled: true + format: json + fields: + general: + defaultmode: drop + names: + ClientHost: keep + DownstreamContentSize: keep + DownstreamStatus: keep + Duration: keep + RequestHost: keep + RequestMethod: keep + RequestPath: keep + RequestPort: keep + RequestProtocol: keep + RouterName: keep + StartUTC: keep smokescreen: opts: ''