Merge pull request #4 from aiogram/hide-token-from-access-logs

Hide token from nginx access logs
This commit is contained in:
Alex Root Junior 2022-04-05 02:36:46 +03:00 committed by GitHub
commit 211a01c800
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,3 +1,8 @@
# use $sanitized_request instead of $request to hide Telegram token
log_format token_filter '$remote_addr - $remote_user [$time_local] '
'"$sanitized_request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
upstream telegram-bot-api { upstream telegram-bot-api {
server api:8081; server api:8081;
} }
@ -15,6 +20,12 @@ server {
client_body_buffer_size 30M; client_body_buffer_size 30M;
keepalive_timeout 0; keepalive_timeout 0;
set $sanitized_request $request;
if ( $sanitized_request ~ (\w+)\s(\/bot\d+):[-\w]+\/(\S+)\s(.*) ) {
set $sanitized_request "$1 $2:<hidden-token>/$3 $4";
}
access_log /var/log/nginx/access.log token_filter;
location ~* \/file\/bot\d+:(.*) { location ~* \/file\/bot\d+:(.*) {
rewrite ^/file\/bot(.*) /$1 break; rewrite ^/file\/bot(.*) /$1 break;
try_files $uri @files; try_files $uri @files;