Change Details

We've currently 19 670 214 lines of log in web-001, since February 2025 rm -rf when disk was full with MediaWiki debug information (see D3709 to stabilize this configuration). Organize a rotation of the log with newsyslog could be useful here: ```name=/etc/newsyslog.conf.d/nginx.conf /var/log/www/*/*.log root:web 640 90 * @T00 JC /var/run/nginx.pid ``` ___ **nginx needs to be notified** nginx doesn't use new files after rotation without a reload, syslog can handle that by sending SIGHUP to the pid in the specified pid file. See https://serverfault.com/questions/1031715/nginx-service-rotate-doesnt-use-new-log-files for example. According https://nginx.org/en/docs/control.html, SIGHUP is fine and SIGUSR1 would be ideal, in that case write "SIGUSR1" or "30" as parameter (people sometimes wonder why we still use pid file, that's an example of how it's used across the system) ___ **GDPR documentation** Tagging also #privacy as we can document in our GDPR practices we don't keep server logs more than the retention time. Perhaps add an entry to https://agora.nasqueron.org/Privacy/Records_of_processing_activities#P-002._Web_applications for the server logs? There is no policy change.

We've currently 19 670 214 lines of log in web-001, since February 2025 rm -rf when disk was full with MediaWiki debug information (see D3709 to stabilize this configuration). Organize a rotation of the log with newsyslog could be useful here: ```name=/etc/newsyslog.conf.d/nginx.conf /var/log/www/*/*.log root:web 640 90 * @T00 JC /var/run/nginx.pid 30 ``` Configuration can be put here: `roles/webserver-alkane/nginx/config.sls` ___ **nginx needs to be notified** nginx doesn't use new files after rotation without a reload, syslog can handle that by sending SIGHUP to the pid in the specified pid file. See https://serverfault.com/questions/1031715/nginx-service-rotate-doesnt-use-new-log-files for example. According https://nginx.org/en/docs/control.html, SIGHUP is fine and SIGUSR1 would be ideal, in that case write "SIGUSR1" or "30" as parameter (people sometimes wonder why we still use pid file, that's an example of how it's used across the system) ___ **GDPR documentation** Tagging also #privacy as we can document in our GDPR practices we don't keep server logs more than the retention time. Perhaps add an entry to https://agora.nasqueron.org/Privacy/Records_of_processing_activities#P-002._Web_applications for the server logs? There is no policy change.

We've currently 19 670 214 lines of log in web-001, since February 2025 rm -rf when disk was full with MediaWiki debug information (see D3709 to stabilize this configuration). Organize a rotation of the log with newsyslog could be useful here: ```name=/etc/newsyslog.conf.d/nginx.conf /var/log/www/*/*.log root:web 640 90 * @T00 JC /var/run/nginx.pid 30 ``` Configuration can be put here: `roles/webserver-alkane/nginx/config.sls` ___ **nginx needs to be notified** nginx doesn't use new files after rotation without a reload, syslog can handle that by sending SIGHUP to the pid in the specified pid file. See https://serverfault.com/questions/1031715/nginx-service-rotate-doesnt-use-new-log-files for example. According https://nginx.org/en/docs/control.html, SIGHUP is fine and SIGUSR1 would be ideal, in that case write "SIGUSR1" or "30" as parameter (people sometimes wonder why we still use pid file, that's an example of how it's used across the system) ___ **GDPR documentation** Tagging also #privacy as we can document in our GDPR practices we don't keep server logs more than the retention time. Perhaps add an entry to https://agora.nasqueron.org/Privacy/Records_of_processing_activities#P-002._Web_applications for the server logs? There is no policy change.