diff --git a/Dockerfile b/Dockerfile index 86545a6..c4f7f03 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ COPY scripts/ /opt/scripts COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs -RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils && \ +RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog && \ chmod +x /opt/entrypoint.sh /opt/scripts/* && \ mkdir /opt/entrypoint.d && \ adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx diff --git a/Dockerfile-amd64 b/Dockerfile-amd64 index e85512d..37401a0 100644 --- a/Dockerfile-amd64 +++ b/Dockerfile-amd64 @@ -11,7 +11,7 @@ COPY scripts/ /opt/scripts COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs -RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils && \ +RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog && \ chmod +x /opt/entrypoint.sh /opt/scripts/* && \ mkdir /opt/entrypoint.d && \ adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx diff --git a/Dockerfile-arm32v7 b/Dockerfile-arm32v7 index 682087f..270abb3 100644 --- a/Dockerfile-arm32v7 +++ b/Dockerfile-arm32v7 @@ -18,7 +18,7 @@ COPY scripts/ /opt/scripts COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs -RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils && \ +RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog && \ chmod +x /opt/entrypoint.sh /opt/scripts/* && \ mkdir /opt/entrypoint.d && \ adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx diff --git a/Dockerfile-i386 b/Dockerfile-i386 index a7208eb..9bb0352 100644 --- a/Dockerfile-i386 +++ b/Dockerfile-i386 @@ -11,7 +11,7 @@ COPY scripts/ /opt/scripts COPY fail2ban/ /opt/fail2ban COPY logs/ /opt/logs -RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils && \ +RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog && \ chmod +x /opt/entrypoint.sh /opt/scripts/* && \ mkdir /opt/entrypoint.d && \ adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx diff --git a/confs/nginx.conf b/confs/nginx.conf index a3c528f..7c539fa 100644 --- a/confs/nginx.conf +++ b/confs/nginx.conf @@ -12,9 +12,6 @@ worker_processes auto; # faster regexp pcre_jit on; -# display warnings and errors on stderr -error_log stderr warn; - # config files for dynamic modules include /etc/nginx/modules/*.conf; @@ -64,9 +61,9 @@ http { # get real IP address if behind a reverse proxy %PROXY_REAL_IP% - # write logs to local syslogd - access_log syslog:server=unix:/dev/log,nohostname,facility=local0 combined; - error_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=warn; + # write logs to local syslog + access_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=notice combined; + error_log syslog:server=unix:/dev/log,nohostname,facility=local0 warn; # lua path lua_package_path "/usr/local/lib/lua/?.lua;;"; diff --git a/entrypoint.sh b/entrypoint.sh index a8dc889..b2ec2e7 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -50,7 +50,7 @@ function spaces_to_lua() { cp /opt/confs/*.conf /etc/nginx cp -r /opt/confs/owasp-crs /etc/nginx cp /opt/confs/php.ini /etc/php7/php.ini -cp /opt/logs/syslog.conf /etc/syslog.conf +cp /opt/logs/rsyslog.conf /etc/rsyslog.conf cp /opt/logs/logrotate.conf /etc/logrotate.conf # remove cron jobs @@ -484,8 +484,8 @@ if [ "$WRITE_ACCESS" = "yes" ] ; then chmod g+w -R /www fi -# start syslogd -syslogd -S +# start rsyslogd +rsyslogd # start PHP if [ "$USE_PHP" = "yes" ] ; then @@ -500,8 +500,11 @@ crond # start nginx echo "[*] Running nginx ..." /usr/sbin/nginx -if [ ! -f "/var/log/nginx.log" ] ; then - touch /var/log/nginx.log +if [ ! -f "/var/log/access.log" ] ; then + touch /var/log/access.log +fi +if [ ! -f "/var/log/error.log" ] ; then + touch /var/log/error.log fi if [ ! -f "/var/log/php.log" ] && [ "$USE_PHP" = "yes" ] ; then touch /var/log/php.log @@ -519,9 +522,9 @@ echo "0 0 * * * logrotate -f /etc/logrotate.conf > /dev/null 2>&1" >> /etc/cront # display logs if [ "$USE_PHP" = "yes" ] ; then - tail -f /var/log/nginx.log /var/log/php.log & + tail -f /var/log/access.log /var/log/error.log /var/log/php.log & else - tail -f /var/log/nginx.log & + tail -f /var/log/access.log /var/log/error.log & fi wait $! diff --git a/fail2ban/nginx-filter.local b/fail2ban/nginx-filter.local index eb04a86..b617713 100644 --- a/fail2ban/nginx-filter.local +++ b/fail2ban/nginx-filter.local @@ -2,6 +2,6 @@ before = common.conf [Definition] -failregex = .* nginx: - .* \[.*\] ".*" (%FAIL2BAN_STATUS_CODES%) .* ".*" ".*" +failregex = - .* \[.*\] ".*" (%FAIL2BAN_STATUS_CODES%) .* ".*" ".*" ignoreregex = datepattern = %%d/%%b/%%Y:%%H:%%M:%%S diff --git a/fail2ban/nginx-jail.local b/fail2ban/nginx-jail.local index 95b6453..7af722b 100644 --- a/fail2ban/nginx-jail.local +++ b/fail2ban/nginx-jail.local @@ -4,4 +4,4 @@ findtime = %FAIL2BAN_FINDTIME% maxretry = %FAIL2BAN_MAXRETRY% enabled = true action = nginx-action -logpath = /var/log/nginx.log +logpath = /var/log/access.log diff --git a/logs/rsyslog.conf b/logs/rsyslog.conf new file mode 100644 index 0000000..dd92353 --- /dev/null +++ b/logs/rsyslog.conf @@ -0,0 +1,30 @@ +#### Global directives #### + +# Sets the directory that rsyslog uses for work files. +$WorkDirectory /var/lib/rsyslog + +# Sets default permissions for all log files. +$FileOwner root +$FileGroup root +$FileCreateMode 0600 +$DirCreateMode 0700 +$Umask 0077 + +# Include all config files in /etc/rsyslog.d/. +include(file="/etc/rsyslog.d/*.conf" mode="optional") + +#### Modules #### + +# Provides --MARK-- message capability. +module(load="immark") + +# Provides support for local system logging (e.g. via logger command). +module(load="imuxsock") + +# Nginx +$template rawFormat,"%msg:2:2048%\n" +local0.=notice /var/log/access.log;rawFormat +local0.*;local0.!=notice /var/log/error.log;rawFormat + +# PHP +local1.* /var/log/php.log diff --git a/logs/syslog.conf b/logs/syslog.conf deleted file mode 100644 index ce951eb..0000000 --- a/logs/syslog.conf +++ /dev/null @@ -1,2 +0,0 @@ -local0.* /var/log/nginx.log -local1.* /var/log/php.log