feat: add log files

rubiin · Aug 6, 2023 · 7fae51b · 7fae51b
1 parent 4ce5050
commit 7fae51b
Show file tree

Hide file tree

Showing 4 changed files with 175 additions and 162 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,5 +1,8 @@
 version: 3.9
 services:
+
+# Nestify service
+# This service runs the Nestify application
     nestify:
         container_name: nestify
         env_file: env/.env.${ENV}
@@ -22,7 +25,7 @@ services:
             - traefik.http.routers.nestify.entrypoints=websecure
             - traefik.http.routers.nestify.tls=true
             - traefik.http.routers.nestify.tls.certresolver=certresolver
-            - traefik.http.routes.nestify.middlewares=traefik-headers,traefik-compress,traefik-ratelimit
+            - traefik.http.routes.nestify.middlewares=traefik-headers,traefik-compress,traefik-ratelimit,traefik-retry
 
 
         stdin_open: true
@@ -33,6 +36,9 @@ services:
             - .:/usr/src/app
             - /usr/src/app/node_modules
 
+
+# Traefik service
+# This service runs the Traefik reverse proxy which is used to expose the other services
     traefik:
         image: traefik:v2.10.4
         container_name: traefik
@@ -48,8 +54,12 @@ services:
             - --accesslog
             # Enable the Traefik log, for configurations and errors
             - --log
-            - --log.level=info
+            - --log.level=DEBUG
             - --log.format=json
+            - --log.filePath=/logs/traefik.log
+            - --accesslog=true
+            - --accesslog.filePath=/logs/access.log
+            - --accesslog.bufferingsize=50
             # Enable the Dashboard and API
             - --api
             # Enable the Dashboard and API in insecure mode for local development
@@ -71,14 +81,28 @@ services:
 
         labels:
             - traefik.enable=true
-            - traefik.http.middlewares.traefik-headers.headers.framedeny=true
-            - traefik.http.middlewares.traefik-headers.headers.browserxssfilter=true
-            - traefik.http.middlewares.traefik-headers.headers.contentTypeNosniff=true
-            - traefik.http.middlewares.traefik-headers.headers.permissionsPolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';
-            - traefik.http.middlewares.traefik-compress.compress=true
-            - traefik.http.middlewares.traefik-ratelimit.ratelimit.average=100
-            - traefik.http.middlewares.traefik-ratelimit.ratelimit.burst=50
-            - traefik.http.middlewares.traefik-ratelimit.ratelimit.period=1m
+            - traefik.http.middlewares.traefik-compress.compress=true # Enable compression middleware
+            - traefik.http.middlewares.traefik-ratelimit.ratelimit.average=100 # Set average rate limit to 100 requests per minute
+            - traefik.http.middlewares.traefik-ratelimit.ratelimit.burst=50 # Set burst rate limit to 50 requests
+            - traefik.http.middlewares.traefik-ratelimit.ratelimit.period=1m # Set rate limit evaluation period to 1 minute
+            - traefik.http.middlewares.traefik-retry.retry.attempts=4 # Allow up to 4 retry attempts
+            - traefik.http.middlewares.traefik-retry.retry.initialinterval=100ms # Set initial retry interval to 100 milliseconds
+            - traefik.http.middlewares.security-headers.headers.accesscontrolallowmethods=GET, OPTIONS, PUT, POST, DELETE # Allow specified HTTP methods
+            - traefik.http.middlewares.security-headers.headers.accesscontrolmaxage=100 # Set value for Access-Control-Max-Age header
+            - traefik.http.middlewares.security-headers.headers.addvaryheader=true # Add Vary header to responses
+            - traefik.http.middlewares.security-headers.headers.hostsproxyheaders=X-Forwarded-Host # Configure proxy headers for X-Forwarded-Host
+            - traefik.http.middlewares.security-headers.headers.sslredirect=true # Enable HTTPS redirection
+            - traefik.http.middlewares.security-headers.headers.sslproxyheaders.X-Forwarded-Proto=https # Configure proxy headers for X-Forwarded-Proto
+            - traefik.http.middlewares.security-headers.headers.stsseconds=63072000 # Set Strict-Transport-Security max-age value
+            - traefik.http.middlewares.security-headers.headers.stsincludesubdomains=true # Include subdomains in Strict-Transport-Security header
+            - traefik.http.middlewares.security-headers.headers.stspreload=true # Enable HTTP Strict Transport Security preload list
+            - traefik.http.middlewares.security-headers.headers.forcestsheader=true # Force Strict-Transport-Security header on all responses
+            - traefik.http.middlewares.security-headers.headers.framedeny=true # Enable frame denial for clickjacking protection
+            - traefik.http.middlewares.security-headers.headers.contenttypenosniff=true # Enable Content-Type nosniff
+            - traefik.http.middlewares.security-headers.headers.browserxssfilter=true # Enable browser XSS filter
+            - traefik.http.middlewares.security-headers.headers.referrerpolicy=same-origin # Set Referrer-Policy header
+            - traefik.http.middlewares.security-headers.headers.featurepolicy=camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none'; # Set Feature-Policy header values
+            - traefik.http.middlewares.security-headers.headers.customresponseheaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex # Set custom response headers
 
         networks:
             - nestify-network
@@ -88,6 +112,7 @@ services:
             - "8080:8080"
         volumes:
             - ./letsencrypt:/letsencrypt
+            - ./logs/:/logs/
             - /var/run/docker.sock:/var/run/docker.sock:ro
         healthcheck:
             # Run traefik healthcheck command
@@ -98,6 +123,8 @@ services:
             retries: 3
             start_period: 5s
 
+# Redis service
+# This service runs the Redis database
     redis:
         container_name: redis
         image: redis:7.0.12-alpine
@@ -118,6 +145,8 @@ services:
             timeout: 5s
             retries: 5
 
+# RabbitMQ service
+# This service runs the RabbitMQ message broker
     rabbitmq:
         container_name: rabbitmq
         image: rabbitmq:3.12.2-management-alpine
@@ -140,6 +169,8 @@ services:
           timeout: 30s
           retries: 10
 
+# Database service
+# This service runs the PostgreSQL database
     database:
         container_name: database
         image: postgres:15.3-alpine
@@ -159,6 +190,8 @@ services:
           timeout: 5s
           retries: 5
 
+# Pgweb service
+# This service runs the Pgweb administration tool for PostgreSQL
     pgweb:
         image: sosedoff/pgweb
         container_name: pgweb

diff --git a/package.json b/package.json
@@ -52,7 +52,7 @@
 		"orm": "npx mikro-orm"
 	},
 	"dependencies": {
-		"@aws-sdk/client-ses": "^3.382.0",
+		"@aws-sdk/client-ses": "^3.385.0",
 		"@casl/ability": "^6.5.0",
 		"@golevelup/nestjs-rabbitmq": "^4.0.0",
 		"@golevelup/nestjs-stripe": "^0.6.3",
@@ -154,7 +154,7 @@
 		"@types/cache-manager-redis-store": "^2.0.1",
 		"@types/jest": "^29.5.3",
 		"@types/multer": "^1.4.7",
-		"@types/node": "^20.4.7",
+		"@types/node": "^20.4.8",
 		"@types/nodemailer": "^6.4.9",
 		"@types/passport": "^1.0.12",
 		"@types/passport-facebook": "^3.0.0",
@@ -173,7 +173,7 @@
 		"cross-env": "^7.0.3",
 		"cz-conventional-changelog": "3.3.0",
 		"eslint": "^8.46.0",
-		"eslint-define-config": "^1.22.0",
+		"eslint-define-config": "^1.23.0",
 		"eslint-import-resolver-typescript": "^3.5.5",
 		"eslint-plugin-deprecation": "^1.5.0",
 		"eslint-plugin-import": "^2.28.0",