[guardian-dev] Privacy preserving anonymized nginx log config

Tim Schwartz tim at timschwartz.org
Tue Jan 30 12:22:13 EST 2018


This is super helpful btw. Thanks. 

What do people generally use as a rule of thumb on timing for log rotations on web servers that are privacy focused?

Thx,
Tim


> On Jan 30, 2018, at 9:11 AM, micah <micah at riseup.net> wrote:
> 
> Abel Luck <abel at guardianproject.info> writes:
> 
>> Does anyone know of a configuration solution for nginx to meet any or
>> all of these bullet points?
>> 
>> * log only the date, not the time or time zone
>> * referer, ip, user-agent are never logged
>> * country is logged by looking up the ip in a geoip database
>> 
>> Ideally this would apply to both the standard access log and error log.
> 
> Drop the following in conf.d/noip:
> 
>        log_format  noip  '0.0.0.0 - $remote_user [$time_local] '
>                      '"$request" $status $body_bytes_sent '
>                      '"$http_referer" "$http_user_agent"';
> 
> and then reference it in your log lines, like this:
> 
> access_log  /var/log/nginx/gitlab_access.log noip;
> 
> ... it doesn't satisfy your third point, but I don't really feel like
> geoip lookup of IP fits the 'privacy preserving' frame.
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org



More information about the guardian-dev mailing list