FS#72061 - [nginx][nginx-mainline] use syslog for error_log instead of logging to stderr

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Tuesday, 07 September 2021, 11:59 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:25 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Massimiliano Torromeo (mtorromeo)
Levente Polyak (anthraxx)
Giancarlo Razzolini (grazzolini)
T.J. Townsend (blakkheim)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Arch currently sets up using journald via stderr with the same log level for everything:

SyslogLevel=err

ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'

It would be nicer to use the syslog support to set the severity and time metadata in a structured way.

Can remove SyslogLevel=err and change it to the following:

ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log syslog:server=unix:/dev/log,nohostname;'

The nohostname parameter should be used for local logging since it already has the hostname and there isn't a separate remote one.

http://nginx.org/en/docs/syslog.html
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:25 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/nginx/issues/1
Comment by Daniel Micay (thestinger) - Friday, 17 February 2023, 21:36 GMT
Setting your own error_log at the top level in nginx.conf will NOT override the Arch Linux configuration in the systemd service unit. Instead, it will use both, resulting in duplicated logs. Setting error_log in http will override it for http but not core functionality. It works similar to add_header: adding more on the same level does both but setting it in a deeper level replaces rather than adding to it for that level.
Comment by Daniel Micay (thestinger) - Tuesday, 07 March 2023, 16:05 GMT
Due to https://trac.nginx.org/nginx/ticket/2464 (working as intended), I think the best configuration would be this:

error_log syslog:server=unix:/dev/log,nohostname; error_log stderr emerg;

This still leaves file logging enabled too in order to have library writes to stderr go to the journal. Ideally log level could be fully disabled, but emerg is close enough and there won't be duplicates logged in practice.
Comment by Daniel Micay (thestinger) - Tuesday, 07 March 2023, 16:07 GMT
Worth nothing that -g 'pid /run/nginx.pid; error_log stderr;' could simply be removed from the systemd unit and wouldn't change anything because the build configuration already sets them as the default:

% nginx -V
nginx version: nginx/1.22.1
built with OpenSSL 3.0.7 1 Nov 2022 (running with OpenSSL 3.0.8 7 Feb 2023)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-cc-opt='-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -flto=auto' --with-ld-opt='-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto' --with-compat --with-debug --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-pcre-jit --with-stream --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads

Relevant parts:

--pid-path=/run/nginx.pid
--error-log-path=stderr
Comment by Massimiliano Torromeo (mtorromeo) - Saturday, 16 September 2023, 09:29 GMT
For now, I only removed "-g 'pid /run/nginx.pid; error_log stderr;'" from ExecStart. I am not sure yet about the other changes.

Loading...