Full NGINX Plus Logs in Sumo Logic

You enabled the additional logging per the NGINX documentation for Amplify and now you want to have all the metrics show up in Sumo Logic; right?

Here’s what you came for:

_sourceCategory="NGINX Plus"
| parse regex "^(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
| parse regex "(?[A-Z]+)\s(?\S+)\sHTTP/[\d\.]+\"\s(?\d+)\s(?[\d-]+)\s\"(?.*?)\"\s\"(?.+?)\"\s\"(?\S+)\"\s\"(?\S+)\"\ssn=\"(?\S+)\"\srt=(?\S+)\sua=\"(?\S+)\"\sus=\"(?\S+)\"\sut=\"(?\S+)\"\sul=\"(?\S+)\"\scs=(?\S+).*"

Want to play around and learn more about RegEx? I recommend you use this site: http://regexr.com/

References:
NGINX Log File Configuration : https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#additional-nginx-metrics

Reject Requests without a Host Name Header on NGINX

The Objective: Reject all requests that reach the NGINX server with our a host name in its header

Why it matters: When a request is made to via IP address (http://your.add.rress.here), it will return what is determined to be the “default server” for that IP address. This is often not the desired result. The result we are going for here is to close the connect with the requesting client.

The solution: 

  1. generate a bogus cert and store it in your /etc/nginx/certs/bogus/ (or  whichever folder you use for your certificates)
  2. create a “default.conf” configuration file in your /etc/nginx/conf.d/ (or whichever folder you include in your config)
  3. add the configuration to the “default.conf” file (update it if your folders are different for certs)
  4. test your configuration (/usr/sbin/nginx -t -c /etc/nginx/nginx.conf)
  5. if all is well, restart your service (sudo service nginx restart)
  6. validate it’s working as intended

Code Sample:
server {
listen 80 default_server;
server_name "";
return 444;
}
server {
listen 443 default_server ssl;
server_name "";
return 444;
ssl on;
ssl_certificate /etc/nginx/certs/bogus/cert.pem;
ssl_certificate_key /etc/nginx/certs/bogus/privkey.pem;
}

 

References:

  • http://nginx.org/en/docs/http/request_processing.html#how_to_prevent_undefined_server_names

Run nginx in a Docker container on a Synology

In this walk through we will perform the following:

Note: The actual nginx configuration will not be covered here.

  1. Deploy the nginx Docker container (vr-ngx-01)
  2. Mount the following folders and file:
    1. /etc/nginx/conf.d/
      1. it’s assumed your sites .conf file is in this director
    2. /etc/nginx/certs/
      1. it’s assumed your SSL certs live here and are properly referenced in your /etc/nginx/conf.d/your.site.conf
    3. /etc/nginx/nginx.conf
      1. it’s assumed SSL is configured and includes conf.d/*.conf
  3. Link vr-ngx-01 to the Home-Assistant container (vr-hass-01)
  4. Fire up the container and verify connectivity over a secured connection
  5. Remove local port mapping for vr-hass-01

1. Deploy the container

2. Mount the local folders & file

3. Link vr-ngx-01 to vr-hass-01

4. Verify site loads

Browse to https://YOUR-SYNOLOGY-NAME:4443

Note: to make this appear at https://www.virtualrick.com you can configure your router/firewall for port forwarding. Example: external TCP 443 forwards to internal TCP 4443.

5. Remove local port mapping for vr-hass-01

Now that the nginx container is linked to the home-assistant container, there is no need for the home-assistant service port (8123) to be available directly.

Make sure the home-assistant container is turned off, then edit the container and remove the local port configuration.