Instruction about build docker nginx with many modules and enable headers logging
Dockerfile
FROM alpine:3.9.4
LABEL maintainer "a.v.galushko86@gmail.com"
ENV COMPILE_DIR /build
ENV LIBRESSL_DIR /libressl
ENV NB_PROC 4
ARG NGINX_VERSION
ENV VERSION_PCRE pcre-8.42
ENV VERSION_LIBRESSL libressl-2.8.2
ENV VERSION_NGINX nginx-$NGINX_VERSION
ENV SOURCE_LIBRESSL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
ENV SOURCE_PCRE https://ftp.pcre.org/pub/pcre/
ENV SOURCE_NGINX http://nginx.org/download/
ENV STATICLIBSSL $LIBRESSL_DIR/$VERSION_LIBRESSL
ENV VERSION_NGINX_DEVEL_KIT 0.3.1
ENV VERSION_LUA_NGINX_MODULE 0.10.15
ENV VERSION_LUA_JIT 2.0.5
RUN deluser xfs \
&& addgroup -g 33 -S www-data \
&& adduser -u 33 -D -S -G www-data www-data \
&& apk add --no-cache \
ca-certificates \
openldap-dev \
pcre \
zlib \
libgcc \
bash \
curl \
libressl \
tzdata \
libpq \
postgresql-dev \
&& apk add --no-cache --virtual .build-deps \
build-base \
autoconf \
automake \
bind-tools \
binutils \
build-base \
ca-certificates \
cmake \
curl \
file \
gcc \
gd-dev \
geoip-dev \
git \
gnupg \
libc-dev \
libstdc++ \
readline \
libtool \
libxslt-dev \
linux-headers \
make \
patch \
pcre \
pcre-dev \
perl-dev \
su-exec \
tar \
zlib \
zlib-dev \
&& mkdir -p ${COMPILE_DIR} && mkdir -p ${LIBRESSL_DIR} \
&& wget -P $COMPILE_DIR https://ftp.pcre.org/pub/pcre/${VERSION_PCRE}.tar.gz \
&& wget -P $COMPILE_DIR http://nginx.org/download/${VERSION_NGINX}.tar.gz \
&& wget -P $COMPILE_DIR https://github.com/simplresty/ngx_devel_kit/archive/v${VERSION_NGINX_DEVEL_KIT}.tar.gz \
&& wget -P $COMPILE_DIR https://github.com/openresty/lua-nginx-module/archive/v${VERSION_LUA_NGINX_MODULE}.tar.gz \
#&& wget -P $COMPILE_DIR https://github.com/3078825/nginx-image/archive/master.zip \
&& wget -P $COMPILE_DIR http://luajit.org/download/LuaJIT-${VERSION_LUA_JIT}.tar.gz \
&& wget -P $COMPILE_DIR https://people.freebsd.org/~osa/ngx_http_redis-0.3.9.tar.gz \
&& git clone git://github.com/vozlt/nginx-module-vts.git $COMPILE_DIR/nginx-module-vts \
&& git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git $COMPILE_DIR/ngx_http_substitutions_filter_module \
&& git clone https://github.com/kvspb/nginx-auth-ldap.git $COMPILE_DIR/nginx-auth-ldap \
&& git clone https://github.com/openresty/ngx_postgres $COMPILE_DIR/ngx_postgres \
&& git clone https://github.com/openresty/srcache-nginx-module.git $COMPILE_DIR/srcache-nginx-module \
&& git clone https://github.com/openresty/echo-nginx-module.git $COMPILE_DIR/echo-nginx-module \
&& git clone https://github.com/openresty/redis2-nginx-module.git $COMPILE_DIR/redis2-nginx-module \
&& git clone https://github.com/openresty/rds-json-nginx-module.git $COMPILE_DIR/rds-json-nginx-module \
&& git clone https://github.com/calio/form-input-nginx-module $COMPILE_DIR/form-input-nginx-module \
&& cd $COMPILE_DIR && tar xzf $VERSION_NGINX.tar.gz \
&& cd $COMPILE_DIR && tar xzf ngx_http_redis-0.3.9.tar.gz \
&& cd $COMPILE_DIR && tar xzf $VERSION_PCRE.tar.gz \
&& cd $COMPILE_DIR && tar xzf v${VERSION_NGINX_DEVEL_KIT}.tar.gz \
&& cd $COMPILE_DIR && tar xzf v${VERSION_LUA_NGINX_MODULE}.tar.gz \
&& cd $COMPILE_DIR && tar xzf LuaJIT-${VERSION_LUA_JIT}.tar.gz \
&& cd $COMPILE_DIR/LuaJIT-${VERSION_LUA_JIT} && make && make install \
&& cd $COMPILE_DIR/$VERSION_NGINX && ./configure \
--with-ld-opt="-lrt" \
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--with-pcre=$COMPILE_DIR/$VERSION_PCRE \
--with-http_ssl_module \
--with-http_v2_module \
--with-file-aio \
--with-http_sub_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_image_filter_module \
--with-threads \
--with-mail \
--with-http_dav_module \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-debug \
--with-pcre-jit \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_gunzip_module \
--with-http_auth_request_module \
--with-http_addition_module \
--with-http_gzip_static_module \
--add-module=$COMPILE_DIR/ngx_devel_kit-${VERSION_NGINX_DEVEL_KIT} \
--add-module=$COMPILE_DIR/lua-nginx-module-${VERSION_LUA_NGINX_MODULE} \
--add-module=$COMPILE_DIR/ngx_http_substitutions_filter_module \
--add-module=$COMPILE_DIR/nginx-auth-ldap \
--add-module=$COMPILE_DIR/nginx-module-vts \
--add-module=$COMPILE_DIR/srcache-nginx-module \
--add-module=$COMPILE_DIR/echo-nginx-module \
--add-module=$COMPILE_DIR/redis2-nginx-module \
--add-module=$COMPILE_DIR/ngx_http_redis-0.3.9 \
--add-module=$COMPILE_DIR/ngx_postgres \
--add-module=$COMPILE_DIR/rds-json-nginx-module \
--add-module=$COMPILE_DIR/form-input-nginx-module \
&& cd $COMPILE_DIR/$VERSION_NGINX \
&& make -j 4 \
&& make install && rm -rf $COMPILE_DIR/* \
&& apk add --no-cache --virtual .gettext gettext \
&& mv /usr/bin/envsubst /tmp/ \
&& runDeps="$( \
scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
| sort -u \
| xargs -r apk info --installed \
| sort -u \
) sed tzdata ca-certificates tini shadow" \
&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
&& apk del .build-deps \
&& apk del .gettext \
&& mv /tmp/envsubst /usr/local/bin/ \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& mkdir -p /var/www \
&& rm -rf /tmp/* /usr/src/* /var/cache/apk/* /root/.gnupg /libressl* /nginx* || true
RUN mkdir -p /var/lib/nginx/body \
&& mkdir -p /caches/nginx/proxy \
&& mkdir -p /fpm-sockets \
&& chmod 777 -R /caches/nginx /fpm-sockets \
&& chmod +x /docker-entrypoint.sh
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
STOPSIGNAL SIGTERM
Nginx config – nginx.conf
user www-data;
worker_processes 1;
timer_resolution 100ms;
worker_rlimit_nofile 65536;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
use epoll;
multi_accept on;
}
http {
aio threads;
include mime.types;
default_type application/octet-stream;
client_header_buffer_size 128k;
large_client_header_buffers 100 256k;
gzip on;
gzip_comp_level 2;
gzip_vary on;
gzip_min_length 1;
gzip_proxied any;
gzip_types text/plain
text/css
application/x-javascript
text/xml
application/xml
application/xml+rss
text/javascript
application/javascript
application/json;
gzip_buffers 32 1024k;
server_names_hash_max_size 2048;
server_names_hash_bucket_size 512;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 300M;
keepalive_timeout 75 20;
charset utf-8;
client_header_timeout 10;
client_body_timeout 10;
output_buffers 8 512k;
lingering_time 30;
lingering_timeout 6;
send_timeout 7;
reset_timedout_connection on;
server_tokens off;
include /etc/nginx/nginx-logs.conf;
#include blocked-ip.conf;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/proxy.d/*.conf;
}
Configfile nginx-logs.conf
map $status $loggable {
~^[23] 0;
default 1;
}
log_format ltsv
'\tnginx.time:$time_local'
'\tnginx.host:$host'
'\tnginx.http_host:$http_host'
'\tnginx.remote_addr:$remote_addr'
'\tnginx.http_x_forwarded_for:$http_x_forwarded_for'
'\tnginx.request_method:$request_method'
'\tnginx.request:$request'
'\tnginx.status:$status'
'\tnginx.upstream_status:$upstream_status'
'\tnginx.body_bytes_sent:$body_bytes_sent'
'\tnginx.http_referer:$http_referer'
'\tnginx.request_time:$request_time'
'\tnginx.upstream_response_time:$upstream_response_time'
'\tnginx.upstream_http_x_cache:$upstream_http_x_cache'
'\tnginx.uri:$uri'
'\tnginx.upstream_addr:$upstream_addr'
'\tnginx.upstream_response_length:$upstream_response_length'
'\tnginx.server_name:$server_name'
'\tnginx.upstream_cache_status:$upstream_cache_status'
'\tnginx.user_agent:$http_user_agent'
'\tnginx.request_uri:$scheme://$host$request_uri'
'\tnginx.request_body:$request_body';
log_format json_combined escape=json
'{'
'"nginx.time":"$time_local",'
'"nginx.host":"$host",'
'"nginx.http_host":"$http_host",'
'"nginx.remote_addr":"$remote_addr",'
'"nginx.http_x_forwarded_for":"$http_x_forwarded_for",'
'"nginx.request_method":"$request_method",'
'"nginx.request":"$request",'
'"nginx.status":"$status",'
'"nginx.upstream_status":"$upstream_status",'
'"nginx.body_bytes_sent":"$body_bytes_sent",'
'"nginx.http_referer":"$http_referer",'
'"nginx.request_time":"$request_time",'
'"nginx.upstream_response_time":"$upstream_response_time",'
'"nginx.upstream_http_x_cache":"$upstream_http_x_cache",'
'"nginx.uri":"$uri",'
'"nginx.upstream_addr":"$upstream_addr",'
'"nginx.upstream_response_length":"$upstream_response_length",'
'"nginx.server_name":"$server_name",'
'"nginx.upstream_cache_status":"$upstream_cache_status",'
'"nginx.user_agent":"$http_user_agent",'
'"nginx.request_uri":"$scheme://$host$request_uri",'
'"nginx.request_body":"$request_body",'
'"nginx.request_headers":"$req_headers",'
'"nginx.resp_body":"$resp_body"'
'}';
###remote_sending
#access_log syslog:server=rsyslog-forwarder:30010,facility=local7,tag=nginxaccess,severity=info json_combined;
#error_log syslog:server=rsyslog-forwarder:30010,facility=local7,tag=nginxerror,severity=error warn;
#access_log /dev/stdout compression;
error_log /dev/stdout;
access_log /dev/stdout json_combined;
Enable headers loging.
Create file nginx-logs-headers.conf
underscores_in_headers on;
lua_need_request_body on;
set $resp_body "";
set $req_body "";
set $req_headers "";
rewrite_by_lua_block {
local req_headers = "Headers: ";
ngx.var.req_body = ngx.req.get_body_data();
local h, err = ngx.req.get_headers()
for k, v in pairs(h) do
req_headers = req_headers .. k .. ": " .. v .. "\n";
end
ngx.var.req_headers = req_headers;
}
body_filter_by_lua '
local resp_body = string.sub(ngx.arg[1], 1, 1000)
ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
if ngx.arg[2] then
ngx.var.resp_body = ngx.ctx.buffered
end
';
You need add this config in conf file with domain, after serve_name block
include nginx-logs-headers.conf;
Docker stdout logs example after this steps(from kibana)
{
"_index": "nginxaccess-2019.08.13",
"_type": "_doc",
"_id": "VMVeiWwBN-fu67bxSKcs",
"_version": 1,
"_score": null,
"_ignored": [
"nginx.http_x_forwarded_for"
],
"_source": {
"nginx.time": "13/Aug/2019:10:04:41 +0500",
"nginx.host": "itc-life.ru",
"nginx.http_host": "itc-life.ru",
"nginx.remote_addr": "10.8.0.12",
"nginx.http_x_forwarded_for": "",
"nginx.request_method": "GET",
"nginx.request": "GET /wp-includes/js/wp-embed.min.js?ver=5.2.2 HTTP/2.0",
"nginx.status": "200",
"nginx.upstream_status": "",
"nginx.body_bytes_sent": "765",
"nginx.http_referer": "https://itc-life.ru/",
"nginx.request_time": "0.000",
"nginx.upstream_response_time": "",
"nginx.upstream_http_x_cache": "",
"nginx.uri": "/wp-includes/js/wp-embed.min.js",
"nginx.upstream_addr": "",
"nginx.upstream_response_length": "",
"nginx.server_name": "itc-life.ru",
"nginx.upstream_cache_status": "HIT",
"nginx.user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0",
"nginx.request_uri": "https://itc-life.ru/wp-includes/js/wp-embed.min.js?ver=5.2.2",
"nginx.request_body": "",
"nginx.request_headers": "host: itc-life.ru;accept-language: en-US,en;q=0.5;accept: */*;referer: https://itc-life.ru/;accept-encoding: gzip, deflate, br;user-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0;",
"HOST_FROM": "elasticsearch.master",
"@timestamp": "2019-08-13T10:05:44.893175369+05:00",
"@log_name": "nginxaccess.docker"
},
"fields": {
"@timestamp": [
"2019-08-13T05:05:44.893Z"
]
},