[guardian-dev] Privacy preserving anonymized nginx log config
tim at timschwartz.org
Tue Jan 30 12:22:13 EST 2018
This is super helpful btw. Thanks.
What do people generally use as a rule of thumb on timing for log rotations on web servers that are privacy focused?
> On Jan 30, 2018, at 9:11 AM, micah <micah at riseup.net> wrote:
> Abel Luck <abel at guardianproject.info> writes:
>> Does anyone know of a configuration solution for nginx to meet any or
>> all of these bullet points?
>> * log only the date, not the time or time zone
>> * referer, ip, user-agent are never logged
>> * country is logged by looking up the ip in a geoip database
>> Ideally this would apply to both the standard access log and error log.
> Drop the following in conf.d/noip:
> log_format noip '0.0.0.0 - $remote_user [$time_local] '
> '"$request" $status $body_bytes_sent '
> '"$http_referer" "$http_user_agent"';
> and then reference it in your log lines, like this:
> access_log /var/log/nginx/gitlab_access.log noip;
> ... it doesn't satisfy your third point, but I don't really feel like
> geoip lookup of IP fits the 'privacy preserving' frame.
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
More information about the guardian-dev