From e241b0c939f0ad3b449a14965251f6616a3302f6 Mon Sep 17 00:00:00 2001
From: bunkerity <contact@bunkerity.com>
Date: Wed, 7 Jul 2021 14:36:00 +0200
Subject: [PATCH] logs - move everything from /var/log to /var/log/nginx

---
 autoconf/prepare.sh     |  5 ++++-
 confs/global/nginx.conf |  4 ++--
 entrypoint/utils.sh     |  2 +-
 helpers/install.sh      | 24 +++++++++++++++---------
 prepare.sh              | 11 ++---------
 5 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/autoconf/prepare.sh b/autoconf/prepare.sh
index ccdf9f4..3a6cdf9 100644
--- a/autoconf/prepare.sh
+++ b/autoconf/prepare.sh
@@ -18,7 +18,10 @@ chmod 770 /opt/bunkerized-nginx
 chmod 440 /opt/bunkerized-nginx/settings.json
 
 # prepare /var/log
-ln -s /proc/1/fd/1 /var/log/jobs.log
+mkdir /var/log/nginx
+chown root:nginx /var/log/nginx
+chmod 770 /var/log/nginx
+ln -s /proc/1/fd/1 /var/log/nginx/jobs.log
 mkdir /var/log/letsencrypt
 chown nginx:nginx /var/log/letsencrypt
 chmod 770 /var/log/letsencrypt
diff --git a/confs/global/nginx.conf b/confs/global/nginx.conf
index 02b2684..c1a34d7 100644
--- a/confs/global/nginx.conf
+++ b/confs/global/nginx.conf
@@ -52,8 +52,8 @@ http {
 
 	# write logs to local syslog
 	log_format logf '{{ LOG_FORMAT }}';
-	access_log /var/log/access.log logf;
-	error_log /var/log/error.log {{ LOG_LEVEL }};
+	access_log /var/log/nginx/access.log logf;
+	error_log /var/log/nginx/error.log {{ LOG_LEVEL }};
 
 	# temp paths
 	proxy_temp_path /tmp/proxy_temp;
diff --git a/entrypoint/utils.sh b/entrypoint/utils.sh
index c31f2f4..f3c640b 100644
--- a/entrypoint/utils.sh
+++ b/entrypoint/utils.sh
@@ -36,5 +36,5 @@ function has_value() {
 function job_log() {
 	when="$(date '+[%Y-%m-%d %H:%M:%S]')"
 	what="$1"
-	echo "$when $what" >> /var/log/jobs.log
+	echo "$when $what" >> /var/log/nginx/jobs.log
 }
diff --git a/helpers/install.sh b/helpers/install.sh
index 7be93d5..3168720 100644
--- a/helpers/install.sh
+++ b/helpers/install.sh
@@ -219,21 +219,27 @@ do_and_check_cmd find /etc/nginx -type d -exec chmod 0775 {} \;
 
 # Prepare log files and folders
 echo "[*] Prepare log files and folders"
-do_and_check_cmd touch /var/log/access.log
-do_and_check_cmd touch /var/log/error.log
-do_and_check_cmd touch /var/log/jobs.log
 if [ ! -e "/var/log/nginx" ] ; then
 	do_and_check_cmd mkdir /var/log/nginx
 fi
+if [ ! -e /var/log/nginx/access.log ] ; then
+	do_and_check_cmd touch /var/log/nginx/access.log
+fi
+if [ ! -e /var/log/nginx/error.log ] ; then
+	do_and_check_cmd touch /var/log/nginx/error.log
+fi
+if [ ! -e /var/log/nginx/jobs.log ] ; then
+	do_and_check_cmd touch /var/log/nginx/jobs.log
+fi
 do_and_check_cmd touch /var/log/nginx/modsec_audit.log
 do_and_check_cmd touch /var/log/nginx/error.log
 do_and_check_cmd chown -R root:nginx /var/log/nginx
-do_and_check_cmd chown root:nginx /var/log/access.log
-do_and_check_cmd chown root:nginx /var/log/error.log
-do_and_check_cmd chown root:nginx /var/log/jobs.log
-do_and_check_cmd chmod 770 /var/log/access.log
-do_and_check_cmd chmod 770 /var/log/error.log
-do_and_check_cmd chmod 770 /var/log/jobs.log
+do_and_check_cmd chown root:nginx /var/log/nginx/access.log
+do_and_check_cmd chown root:nginx /var/log/nginx/error.log
+do_and_check_cmd chown root:nginx /var/log/nginx/jobs.log
+do_and_check_cmd chmod 770 /var/log/nginx/access.log
+do_and_check_cmd chmod 770 /var/log/nginx/error.log
+do_and_check_cmd chmod 770 /var/log/nginx/jobs.log
 do_and_check_cmd chmod -R 770 /var/log/nginx
 
 # Prepare Let's Encrypt files and folders
diff --git a/prepare.sh b/prepare.sh
index 7d1fca1..f2dac38 100644
--- a/prepare.sh
+++ b/prepare.sh
@@ -15,12 +15,6 @@ chmod 770 /opt/bunkerized-nginx
 chmod 440 /opt/bunkerized-nginx/settings.json
 
 # prepare /etc/nginx
-# TODO : remove commented code if not needed
-#for file in $(ls /etc/nginx) ; do
-#	if [ -f /etc/nginx/$file ] && [ ! -f /opt/bunkerized-nginx/confs/global/$file ] ; then
-#		cp /etc/nginx/$file /opt/bunkerized-nginx/confs/global
-#	fi
-#done
 chown -R root:nginx /etc/nginx
 chmod -R 770 /etc/nginx
 
@@ -30,9 +24,8 @@ chown root:nginx /var/log/nginx
 chmod -R 770 /var/log/nginx
 ln -s /proc/1/fd/2 /var/log/nginx/error.log
 ln -s /proc/1/fd/2 /var/log/nginx/modsec_audit.log
-ln -s /proc/1/fd/1 /var/log/access.log
-ln -s /proc/1/fd/2 /var/log/error.log
-ln -s /proc/1/fd/1 /var/log/jobs.log
+ln -s /proc/1/fd/1 /var/log/nginx/access.log
+ln -s /proc/1/fd/1 /var/log/nginx/jobs.log
 mkdir /var/log/letsencrypt
 chown nginx:nginx /var/log/letsencrypt
 chmod 770 /var/log/letsencrypt