From 8db668c0377a1f70468819fb021252b8498089d6 Mon Sep 17 00:00:00 2001 From: holger krekel Date: Sun, 10 May 2026 19:55:36 +0200 Subject: [PATCH] fix(logging): log all http requests to syslog --- cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 | 6 +++--- cmdeploy/src/cmdeploy/tests/online/test_1_basic.py | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 index fc5435d2..ac92662e 100644 --- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 +++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 @@ -42,6 +42,9 @@ stream { } http { + # access_log setting is inherited by all server sections + access_log syslog:server=unix:/dev/log,facility=local7; + {% if config.tls_cert_mode == "self" %} limit_req_zone $binary_remote_addr zone=newaccount:10m rate=2r/s; {% endif %} @@ -71,8 +74,6 @@ http { server_name {{ config.mail_domain }} mta-sts.{{ config.mail_domain }}; - access_log syslog:server=unix:/dev/log,facility=local7; - location /mxdeliv { proxy_pass http://127.0.0.1:{{ config.filtermail_http_port_incoming }}; } @@ -143,7 +144,6 @@ http { listen 127.0.0.1:8443 ssl; server_name www.{{ config.mail_domain }}; return 301 $scheme://{{ config.mail_domain }}$request_uri; - access_log syslog:server=unix:/dev/log,facility=local7; } server { diff --git a/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py b/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py index 5f9623df..52bbe02f 100644 --- a/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py +++ b/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py @@ -281,3 +281,13 @@ def test_deployed_state(remote): # assert len(git_status) == len(remote_version) # for some reason, we only get 11 lines from remote.iter_output() for i in range(len(remote_version)): assert git_status[i] == remote_version[i], "You have undeployed changes." + + +def test_nginx_access_log_only_defined_once(sshdomain): + sshexec = get_sshexec(sshdomain) + conf = sshexec( + call=remote.rshell.shell, + kwargs=dict(command="nginx -T 2>/dev/null"), + ) + access_logs = [l for l in conf.splitlines() if l.strip().startswith("access_log")] + assert len(access_logs) == 1, f"expected 1 access_log, found {len(access_logs)}: {access_logs}"