diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-11-24 22:27:52 -0500 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-11-24 22:27:52 -0500 |
| commit | f2735a201192f01a461f4c3e75d9636dc54e2ec2 (patch) | |
| tree | cec1095068e9e8bbbe9b61455bac974212bb9f22 | |
| parent | 340f777a8db62139e252ce96ef44bc57bcf03300 (diff) | |
| download | infrastructure-f2735a201192f01a461f4c3e75d9636dc54e2ec2.tar.gz | |
rotate nginx logs
| -rw-r--r-- | files/etc/newsyslog.conf.d/nginx.conf.common | 2 | ||||
| -rw-r--r-- | scripts/hostclass/bitwarden_server | 1 | ||||
| -rw-r--r-- | scripts/hostclass/dav_server | 1 | ||||
| -rw-r--r-- | scripts/hostclass/git_server | 1 | ||||
| -rw-r--r-- | scripts/hostclass/icinga_server/30-icingaweb2 | 1 | ||||
| -rw-r--r-- | scripts/hostclass/invidious_server | 1 | ||||
| -rw-r--r-- | scripts/hostclass/nfs_server/20-syncthing | 1 | ||||
| -rw-r--r-- | scripts/hostclass/pkg_repository | 1 | ||||
| -rw-r--r-- | scripts/hostclass/public_webserver | 1 | ||||
| -rw-r--r-- | scripts/hostclass/smtp_server/10-rspamd | 1 | ||||
| -rw-r--r-- | scripts/hostclass/ttrss_server | 1 | ||||
| -rw-r--r-- | scripts/hostclass/xmpp_server | 3 | ||||
| -rw-r--r-- | scripts/hostclass/znc_server | 1 |
13 files changed, 15 insertions, 1 deletions
diff --git a/files/etc/newsyslog.conf.d/nginx.conf.common b/files/etc/newsyslog.conf.d/nginx.conf.common new file mode 100644 index 0000000..b30e567 --- /dev/null +++ b/files/etc/newsyslog.conf.d/nginx.conf.common @@ -0,0 +1,2 @@ +/var/log/nginx/access.log 644 7 1024 * JC /var/run/nginx.pid SIGUSR1 +/var/log/nginx/error.log 644 7 1024 * JC /var/run/nginx.pid SIGUSR1 diff --git a/scripts/hostclass/bitwarden_server b/scripts/hostclass/bitwarden_server index f300b0d..7812e88 100644 --- a/scripts/hostclass/bitwarden_server +++ b/scripts/hostclass/bitwarden_server @@ -48,6 +48,7 @@ install_certificate_key nginx "$vaultwarden_https_key" install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ /usr/local/etc/nginx/vhosts.conf +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Enable and start daemons. sysrc -v \ diff --git a/scripts/hostclass/dav_server b/scripts/hostclass/dav_server index e39b08c..fd3bdd4 100644 --- a/scripts/hostclass/dav_server +++ b/scripts/hostclass/dav_server @@ -126,6 +126,7 @@ install_file -m 0644 "${nginx_conf_dir}/fastcgi_params" install_template -m 0644 \ "${nginx_conf_dir}/nginx.conf" \ "${nginx_conf_dir}/vhosts.conf" +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Generate php-fpm configuration. install_file -m 0644 \ diff --git a/scripts/hostclass/git_server b/scripts/hostclass/git_server index b0280bd..ee576e5 100644 --- a/scripts/hostclass/git_server +++ b/scripts/hostclass/git_server @@ -104,6 +104,7 @@ install_template -m 0644 /usr/local/etc/nginx/nginx.conf [ -f "${nginx_conf_dir}/vhosts.conf" ] || install -Cv -m 0644 /dev/null "${nginx_conf_dir}/vhosts.conf" sysrc -v nginx_enable=YES service nginx restart +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf if [ "$git_public_fqdn" != "$fqdn" ]; then # Acquire public TLS certificate. diff --git a/scripts/hostclass/icinga_server/30-icingaweb2 b/scripts/hostclass/icinga_server/30-icingaweb2 index 6700d3e..8414429 100644 --- a/scripts/hostclass/icinga_server/30-icingaweb2 +++ b/scripts/hostclass/icinga_server/30-icingaweb2 @@ -63,6 +63,7 @@ install_file -m 0644 /usr/local/etc/nginx/fastcgi_params install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ /usr/local/etc/nginx/vhosts.conf +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Create HTTP service principal and keytab. add_principal -nokey -x "containerdn=${services_basedn}" "HTTP/${fqdn}" diff --git a/scripts/hostclass/invidious_server b/scripts/hostclass/invidious_server index 95333a5..c93aa17 100644 --- a/scripts/hostclass/invidious_server +++ b/scripts/hostclass/invidious_server @@ -78,6 +78,7 @@ install_certificate_key invidious "$invidious_https_key" install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ /usr/local/etc/nginx/vhosts.conf +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Start daemons. sysrc -v \ diff --git a/scripts/hostclass/nfs_server/20-syncthing b/scripts/hostclass/nfs_server/20-syncthing index 095b55c..8ee2a13 100644 --- a/scripts/hostclass/nfs_server/20-syncthing +++ b/scripts/hostclass/nfs_server/20-syncthing @@ -33,6 +33,7 @@ install_file -m 0555 /usr/local/etc/rc.d/syncthing_user install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ /usr/local/etc/nginx/vhosts.conf +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Create HTTP service principal and keytab. add_principal -nokey -x "containerdn=${services_basedn}" "HTTP/${fqdn}" diff --git a/scripts/hostclass/pkg_repository b/scripts/hostclass/pkg_repository index 9a3d448..b6dff4a 100644 --- a/scripts/hostclass/pkg_repository +++ b/scripts/hostclass/pkg_repository @@ -55,6 +55,7 @@ install_certificate_key nginx "$poudriere_https_key" install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ /usr/local/etc/nginx/vhosts.conf +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf sysrc -v nginx_enable=YES service nginx restart diff --git a/scripts/hostclass/public_webserver b/scripts/hostclass/public_webserver index e92149f..54c0545 100644 --- a/scripts/hostclass/public_webserver +++ b/scripts/hostclass/public_webserver @@ -24,6 +24,7 @@ install_template -m 0644 "${nginx_conf_dir}/nginx.conf" [ -f "${nginx_conf_dir}/vhosts.conf" ] || install -Cv -m 0644 /dev/null "${nginx_conf_dir}/vhosts.conf" sysrc -v nginx_enable=YES service nginx restart +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Acquire public TLS certificates. install_template -m 0600 /usr/local/etc/sudoers.d/acme diff --git a/scripts/hostclass/smtp_server/10-rspamd b/scripts/hostclass/smtp_server/10-rspamd index 4cc66c6..ce7ec5e 100644 --- a/scripts/hostclass/smtp_server/10-rspamd +++ b/scripts/hostclass/smtp_server/10-rspamd @@ -93,6 +93,7 @@ pw groupmod "$redis_user" -m "$rspamd_user" install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ /usr/local/etc/nginx/vhosts.conf +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Create HTTP service principal and keytab. add_principal -nokey -x "containerdn=${services_basedn}" "HTTP/${fqdn}" diff --git a/scripts/hostclass/ttrss_server b/scripts/hostclass/ttrss_server index fc6fffd..5ff4cac 100644 --- a/scripts/hostclass/ttrss_server +++ b/scripts/hostclass/ttrss_server @@ -115,6 +115,7 @@ install_file -m 0644 /usr/local/etc/nginx/fastcgi_params install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ /usr/local/etc/nginx/vhosts.conf +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Generate php-fpm configuration. install_file -m 0644 \ diff --git a/scripts/hostclass/xmpp_server b/scripts/hostclass/xmpp_server index 667014f..5f2dc1d 100644 --- a/scripts/hostclass/xmpp_server +++ b/scripts/hostclass/xmpp_server @@ -107,6 +107,7 @@ install_template -m 0644 "${nginx_conf_dir}/nginx.conf" [ -f "${nginx_conf_dir}/vhosts.conf" ] || install -Cv -m 0644 /dev/null "${nginx_conf_dir}/vhosts.conf" sysrc -v nginx_enable=YES service nginx restart +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Retrieve webserver certificate via ACME. install_template -m 0600 /usr/local/etc/sudoers.d/acme @@ -122,7 +123,7 @@ service nginx restart # Enable and start daemons. sysrc -v prosody_enable=YES -service prosody restart +[ "${prosody_restart:-}" = false ] || service prosody restart service nginx restart # Create access role. diff --git a/scripts/hostclass/znc_server b/scripts/hostclass/znc_server index e2c2fa6..5dbc887 100644 --- a/scripts/hostclass/znc_server +++ b/scripts/hostclass/znc_server @@ -53,6 +53,7 @@ install_directory -m 0750 -o "$saslauthd_user" -g "$znc_user" "$saslauthd_runtim install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ /usr/local/etc/nginx/vhosts.conf +install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf sysrc -v \ saslauthd_enable=YES \ |