[guardian-dev] Privacy preserving anonymized nginx log config

Tim Schwartz tim at timschwartz.org
Tue Jan 30 12:22:13 EST 2018

This is super helpful btw. Thanks. 

What do people generally use as a rule of thumb on timing for log rotations on web servers that are privacy focused?


> On Jan 30, 2018, at 9:11 AM, micah <micah at riseup.net> wrote:
> Abel Luck <abel at guardianproject.info> writes:
>> Does anyone know of a configuration solution for nginx to meet any or
>> all of these bullet points?
>> * log only the date, not the time or time zone
>> * referer, ip, user-agent are never logged
>> * country is logged by looking up the ip in a geoip database
>> Ideally this would apply to both the standard access log and error log.
> Drop the following in conf.d/noip:
>        log_format  noip  ' - $remote_user [$time_local] '
>                      '"$request" $status $body_bytes_sent '
>                      '"$http_referer" "$http_user_agent"';
> and then reference it in your log lines, like this:
> access_log  /var/log/nginx/gitlab_access.log noip;
> ... it doesn't satisfy your third point, but I don't really feel like
> geoip lookup of IP fits the 'privacy preserving' frame.
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org

More information about the guardian-dev mailing list