Join Log in
Score:0
mattpr avatar Server

Re-enable nginx access_log after it has been previously set to off at same block

jp flag
mattpr

In order to avoid mangling nginx.conf with automated deployments, we rely on overrides in /etc/nginx/conf.d. As of nginx 1.3.10, the files in conf.d are included in alphabetical order...which is useful for overriding things as later configs (alphabetically) should override earlier ones.

We have a default conf, say conf.d/00-overrides.conf which has default overrides overriding things set in /etc/nginx/nginx.conf. One of those overrides is:

access_log off;

...because nginx defaults (at least on Ubuntu 20) to having access_log enabled.

On some servers, we re-enable the access_log with a special format in order to generate metrics for prometheus (via mtail). However, even though the access_log directive to enable comes later (after the "off"), it still does not work.

According to the docs:

The special value off cancels all access_log directives on the current level.

So apparently once you turn access_log off, it is completely cancelled at the current level even if later config declarations would appear to turn it back on.

nginx -T confirms the order of the config statements...

First comes the default (access log on) from /etc/nginx/nginx.conf: access_log /var/log/nginx/access.log;

Then comes our default override from /etc/conf.d/00-overrides.conf to turn access log off: access_log off;

Then comes our metrics config turning a special access log back on: access_log /var/log/nginx/access-mtail.log prometheus_log buffer=1k;

However the third doesn't seem to override the second which is unfortunate because it means we can't easily turn off access_log as default and then selectively turn it back on.

I also tried using access_log /dev/null; in the overrides but it doesn't make a difference because it doesn't actually appear to override the previous access_log default from /etc/nginx/nginx.conf. Only the "special" off value seems to affect the previous access_log config...however it also affects future ones at the same level.

As I understand it, overrides at a lower level (e.g. server block below http block) will work, but it looks like overrides in same block (later config declarations overriding earlier ones) does not.

Seems the only solution here is to automated direct editing of the nginx.conf file to remove the default access_log config...but we prefer to use conf.d overrides rather than risking automated file edits which can mess with upgrades and other things.

Any other options I'm missing?

17
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.