From 412793901a5a40692a70926dbdf79265628e29c9 Mon Sep 17 00:00:00 2001 From: happybell80 Date: Wed, 22 Oct 2025 22:23:59 +0900 Subject: [PATCH] nginx: enable real_ip from trusted ranges; add JSON access log format and write to /var/log/nginx/access.json --- nginx.conf | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index c5761de..9e5aede 100644 --- a/nginx.conf +++ b/nginx.conf @@ -37,6 +37,16 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; + ## + # Real IP from reverse proxies + ## + set_real_ip_from 127.0.0.1; + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + real_ip_header X-Forwarded-For; + real_ip_recursive on; + ## # SSL Settings ## @@ -52,7 +62,21 @@ http { # Logging Settings ## - access_log /var/log/nginx/access.log; + # JSON access log format for analytics and traceability + log_format robeing_json escape=json '{"time":"$time_iso8601"' + ',"remote_addr":"$remote_addr"' + ',"method":"$request_method"' + ',"uri":"$request_uri"' + ',"status":$status' + ',"request_time":$request_time' + ',"upstream_status":"$upstream_status"' + ',"upstream_response_time":"$upstream_response_time"' + ',"request_id":"$request_id"' + ',"x_request_id":"$http_x_request_id"' + ',"user_uuid":"$http_x_user_uuid"}'; + + # Write JSON access logs to a dedicated file + access_log /var/log/nginx/access.json robeing_json; error_log /var/log/nginx/error.log; ##