Added rule to exclude local access from log

2025-11-06 11:37:11 +09:00 · 2025-11-06 11:37:11 +09:00 · be99a1cd23
commit be99a1cd23
parent 52b09b886c
3 changed files with 24 additions and 3 deletions
--- a/jellyfin.conf
+++ b/jellyfin.conf
@ -1,4 +1,4 @@
-# /etc/nginx/sites-available/jellyfin
+# /etc/nginx/sites-available/nik4nao.home.arpa

 # WebSocket upgrade helper (for Jellyfin)
 map $http_upgrade $connection_upgrade {
@ -10,6 +10,9 @@ server {
    listen 80;
    server_name nik4nao.home.arpa;

+    access_log off;
+    error_log  /var/log/nginx/jellyfin_error.log warn;
+
    # ---- Convenience redirects ----
    location = /         { return 302 /admin/; }   # land on Pi-hole admin by default
    location = /pihole   { return 302 /admin/; }   # /pihole -> /admin/
--- a/nginx.conf
+++ b/nginx.conf
@ -28,6 +28,20 @@ http {
    ssl_protocols TLSv1.2 TLSv1.3;          # drop TLSv1.0/1.1
    ssl_prefer_server_ciphers on;

+    ##
+    # External vs internal detector
+    ##
+    geo $is_external {
+    default 1;                    # assume external unless matched below
+    10.0.0.0/8       0;
+    172.16.0.0/12    0;
+    192.168.0.0/16   0;
+    127.0.0.0/8      0;
+    ::1/128          0;
+    fc00::/7         0;           # Unique local (ULA)
+    fe80::/10        0;           # Link-local
+    }
+
    ##
    # Logging (JSON)
    ##
@ -38,7 +52,7 @@ http {
      '"request_time":$request_time, "upstream_time":"$upstream_response_time", '
      '"host":"$host", "uri":"$uri" }';

-    access_log /var/log/nginx/access.json json;
+    access_log /var/log/nginx/access.json json if=$is_external;

    ##
    # Gzip (safe defaults)
--- a/watch-party.conf
+++ b/watch-party.conf
@ -1,4 +1,4 @@
-# /etc/nginx/sites-available/watch-party
+# /etc/nginx/sites-available/nik4nao.xyz

 # WebSocket upgrade helper
 map $http_upgrade $connection_upgrade {
@ -18,6 +18,7 @@ server {
        root /var/www/html;
        default_type "text/plain";
        allow all;
+        access_log off;
    }

    # Serve /robots.txt from disk on HTTP
@ -39,6 +40,9 @@ server {
    listen 443 ssl http2;
    server_name nik4nao.xyz;

+    access_log /var/log/nginx/nik4naoxyz_access.json json if=$is_external;
+    error_log  /var/log/nginx/nik4naoxyz_error.log warn;
+
    # --- Certbot-managed TLS files ---
    ssl_certificate     /etc/letsencrypt/live/nik4nao.xyz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/nik4nao.xyz/privkey.pem;