From f3bfe603b364db8eac3d891af47af126439c5998 Mon Sep 17 00:00:00 2001
From: Elmar Kresse <elmar.kresse@stud.htwk-leipzig.de>
Date: Sun, 29 Sep 2024 23:33:45 +0200
Subject: [PATCH] fix:#52 added log rotation and anonymized

---
 docker-compose.yml       |  4 ++--
 frontend/Dockerfile      |  5 +++++
 frontend/nginx-logrotate | 14 ++++++++++++++
 frontend/nginx.conf      |  5 ++++-
 reverseproxy.conf        |  5 ++++-
 5 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100644 frontend/nginx-logrotate

diff --git a/docker-compose.yml b/docker-compose.yml
index 7ec3d59..ddb62a0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -40,8 +40,8 @@ services:
     build:
       dockerfile: Dockerfile
       context: ./frontend
-      target: dev
-    command: "npm run dev"
+      target: prod
+    #command: "npm run dev"
     # open port 8000
     ports:
       - "8000:8000"
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index 5b3a522..2b90c79 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -35,8 +35,13 @@ COPY . ./
 # https://hub.docker.com/r/bitnami/nginx -> always run as non-root user
 FROM bitnami/nginx:1.25 AS prod
 
+USER root
+RUN install_packages logrotate
+USER 1001
+
 # copy build files from build container
 COPY --from=build /app/dist /app
 COPY ./nginx.conf /opt/bitnami/nginx/conf/nginx.conf
+COPY nginx-logrotate /etc/logrotate.d/nginx
 
 EXPOSE 8000
diff --git a/frontend/nginx-logrotate b/frontend/nginx-logrotate
new file mode 100644
index 0000000..e81fc0f
--- /dev/null
+++ b/frontend/nginx-logrotate
@@ -0,0 +1,14 @@
+/opt/bitnami/nginx/logs/proxy_*.log {
+        rotate 5
+        daily
+        notifempty
+        compress
+        delaycompress
+        create 0640 root root
+        sharedscripts
+
+        postrotate
+                # Reload NGINX to reopen the log files after rotation
+            [ -f /opt/bitnami/nginx/tmp/nginx.pid ] && kill -USR1 `cat /opt/bitnami/nginx/tmp/nginx.pid`
+        endscript
+}
\ No newline at end of file
diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index 8e67212..334df1a 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -27,7 +27,10 @@ http {
     include       mime.types;
     default_type  application/octet-stream;
 
-    access_log  /opt/bitnami/nginx/logs/proxy_access.log;
+    # Define a custom log format for anonymizing logs
+    log_format anonymized '[$time_local] "$request" $status $body_bytes_sent "$http_referer"';
+
+    access_log  /opt/bitnami/nginx/logs/proxy_access.log anonymized;
     error_log   /opt/bitnami/nginx/logs/proxy_error.log;
 
     sendfile        on;
diff --git a/reverseproxy.conf b/reverseproxy.conf
index 55220e6..386ab70 100644
--- a/reverseproxy.conf
+++ b/reverseproxy.conf
@@ -59,7 +59,10 @@ http {
 
     real_ip_header CF-Connecting-IP;
 
-    access_log  /opt/bitnami/nginx/logs/proxy_access.log;
+    # Define a custom log format for anonymizing logs
+    log_format anonymized '[$time_local] "$request" $status $body_bytes_sent "$http_referer"';
+
+    access_log  /opt/bitnami/nginx/logs/proxy_access.log anonymized;
     error_log   /opt/bitnami/nginx/logs/proxy_error.log;
 
     sendfile        on;