diff --git a/example/nginx/default.conf b/example/nginx/default.conf index 5194d5f..0ebe396 100644 --- a/example/nginx/default.conf +++ b/example/nginx/default.conf @@ -1,3 +1,8 @@ +# use $sanitized_request instead of $request to hide Telegram token +log_format token_filter '$remote_addr - $remote_user [$time_local] ' + '"$sanitized_request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + upstream telegram-bot-api { server api:8081; } @@ -14,6 +19,12 @@ server { client_max_body_size 2G; client_body_buffer_size 30M; keepalive_timeout 0; + + set $sanitized_request $request; + if ( $sanitized_request ~ (\w+)\s(\/bot\d+):[-\w]+\/(\S+)\s(.*) ) { + set $sanitized_request "$1 $2:/$3 $4"; + } + access_log /var/log/nginx/access.log token_filter; location ~* \/file\/bot\d+:(.*) { rewrite ^/file\/bot(.*) /$1 break; @@ -43,4 +54,4 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } -} \ No newline at end of file +}