Page MenuHomeDevCentral
Create Task
Maniphest T2129

Rotate nginx logs on FreeBSD servers
Open, HighPublic
Actions

Description

We've currently 19 670 214 lines of log in web-001, since February 2025 rm -rf when disk was full with MediaWiki debug information (see D3709 to stabilize this configuration).

Organize a rotation of the log with newsyslog could be useful here:

/etc/newsyslog.conf.d/nginx.conf
/var/log/www/*/*.log   root:web   640   90     *     @T00   JC  /var/run/nginx.pid 30

Configuration can be put here: roles/webserver-alkane/nginx/config.sls
Content path: roles/webserver-alkane/nginx/files/newsyslog/nginx.conf

nginx needs to be notified

nginx doesn't use new files after rotation without a reload, syslog can handle that by sending SIGHUP to the pid in the specified pid file.

See https://serverfault.com/questions/1031715/nginx-service-rotate-doesnt-use-new-log-files for example.

According https://nginx.org/en/docs/control.html, SIGHUP is fine and SIGUSR1 would be ideal, in that case write "SIGUSR1" or "30" as parameter

(people sometimes wonder why we still use pid file, that's an example of how it's used across the system)

GDPR documentation

Tagging also privacy as we can document in our GDPR practices we don't keep server logs more than the retention time.

Perhaps add an entry to https://agora.nasqueron.org/Privacy/Records_of_processing_activities#P-002._Web_applications for the server logs?

There is no policy change.

Revisions and Commits

rOPS Nasqueron Operations
D3889rOPSb36ff89c782b Rotate nginx logs on PaaS Alkane

Related Objects

Event Timeline

dereckson triaged this task as High priority.Sep 21 2025, 15:02
dereckson created this task.
dereckson mentioned this in T2130: Rotate nginx logs on PaaS Docker.Sep 21 2025, 15:09
dereckson moved this task from Backlog to Next on the Servers board.Oct 10 2025, 23:27
sandrined added a project: Operations sprints (Echoes in the Void).Sat, Nov 15, 11:01
dereckson updated the task description. (Show Details)Sat, Nov 15, 11:37
dereckson updated the task description. (Show Details)
dereckson assigned this task to sandrined.Wed, Nov 19, 23:15
dereckson moved this task from Backlog to Working on on the Operations sprints (Echoes in the Void) board.
dereckson added a subscriber: sandrined.

@sandrined Could you publish the commit for this change for review?

sandrined added a revision: D3889: Rotate nginx logs on PaaS Alkane.Fri, Nov 21, 09:28
sandrined added a commit: rOPSb36ff89c782b: Rotate nginx logs on PaaS Alkane.Fri, Nov 21, 23:52
dereckson moved this task from Working on to To review/deploy on the Operations sprints (Echoes in the Void) board.Fri, Nov 21, 23:52
dereckson added a subscriber: DorianWinty.Fri, Nov 21, 23:56

Configuration is ready.

Next steps:

  • Deploy to WindRiver
  • Validate after one day rotation works on WindRiver
  • Deploy to web-001 (@sandrined + @dereckson)
  • Deploy to hervil (perhaps with @DorianWinty)
  • Records of Processing for web logs (@dereckson)
  • Operations grimoire documentation about logs (@sandrined)
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator