nik/nginx-conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added rule to exclude local access from log

Browse Source
This commit is contained in:
Nik Afiq 2025-11-06 11:37:11 +09:00
parent 52b09b886c
commit be99a1cd23
3 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
jellyfin.conf
View File

@ -1,4 +1,4 @@
# /etc/nginx/sites-available/jellyfin # /etc/nginx/sites-available/nik4nao.home.arpa
# WebSocket upgrade helper (for Jellyfin) # WebSocket upgrade helper (for Jellyfin)
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
@ -10,6 +10,9 @@ server {
listen 80; listen 80;
server_name nik4nao.home.arpa; server_name nik4nao.home.arpa;
access_log off;
error_log /var/log/nginx/jellyfin_error.log warn;
# ---- Convenience redirects ---- # ---- Convenience redirects ----
location = / { return 302 /admin/; } # land on Pi-hole admin by default location = / { return 302 /admin/; } # land on Pi-hole admin by default
location = /pihole { return 302 /admin/; } # /pihole -> /admin/ location = /pihole { return 302 /admin/; } # /pihole -> /admin/

16
nginx.conf
View File

@ -28,6 +28,20 @@ http {
ssl_protocols TLSv1.2 TLSv1.3; # drop TLSv1.0/1.1 ssl_protocols TLSv1.2 TLSv1.3; # drop TLSv1.0/1.1
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
##
# External vs internal detector
##
geo $is_external {
default 1; # assume external unless matched below
10.0.0.0/8 0;
172.16.0.0/12 0;
192.168.0.0/16 0;
127.0.0.0/8 0;
::1/128 0;
fc00::/7 0; # Unique local (ULA)
fe80::/10 0; # Link-local
}
## ##
# Logging (JSON) # Logging (JSON)
## ##
@ -38,7 +52,7 @@ http {
'"request_time":$request_time, "upstream_time":"$upstream_response_time", ' '"request_time":$request_time, "upstream_time":"$upstream_response_time", '
'"host":"$host", "uri":"$uri" }'; '"host":"$host", "uri":"$uri" }';
access_log /var/log/nginx/access.json json; access_log /var/log/nginx/access.json json if=$is_external;
## ##
# Gzip (safe defaults) # Gzip (safe defaults)

6
watch-party.conf
View File

@ -1,4 +1,4 @@
# /etc/nginx/sites-available/watch-party # /etc/nginx/sites-available/nik4nao.xyz
# WebSocket upgrade helper # WebSocket upgrade helper
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
@ -18,6 +18,7 @@ server {
root /var/www/html; root /var/www/html;
default_type "text/plain"; default_type "text/plain";
allow all; allow all;
access_log off;
} }
# Serve /robots.txt from disk on HTTP # Serve /robots.txt from disk on HTTP
@ -39,6 +40,9 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
server_name nik4nao.xyz; server_name nik4nao.xyz;
access_log /var/log/nginx/nik4naoxyz_access.json json if=$is_external;
error_log /var/log/nginx/nik4naoxyz_error.log warn;
# --- Certbot-managed TLS files --- # --- Certbot-managed TLS files ---
ssl_certificate /etc/letsencrypt/live/nik4nao.xyz/fullchain.pem; ssl_certificate /etc/letsencrypt/live/nik4nao.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nik4nao.xyz/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/nik4nao.xyz/privkey.pem;