Feature Request for access_log stdout;

Hi.

how difficult is it to be able to add “access_log stdout;” to nginx,
similar like “error_log stderr;”?

I ask because in some PaaS environment is it difficult to setup a
dedicated user yust for nginx.

It fits also a little bit better to http://12factor.net/logs

BR Aleks

On Wednesday 17 February 2016 16:26:01 Aleksandar L. wrote:

Hi.

how difficult is it to be able to add “access_log stdout;” to nginx,
similar like “error_log stderr;”?

I ask because in some PaaS environment is it difficult to setup a
dedicated user yust for nginx.

It fits also a little bit better to http://12factor.net/logs

[…]

What’s the problem with “access_log /dev/stdout”?

Please note that writing logs to stdout can be a bottleneck, or cause
nginx
to stuck. The “error_log stderr;” exists mostly for development
purposes.

wbr, Valentin V. Bartenev

Hi Aleksandar,

On 17/02/16 19:04, Aleksandar L. wrote:

dedicated user yust for nginx.
nginx: [alert] could not open error log file: open()
I have no name!@nginx-test-8-emwut:/$ id
uid=1000550000 gid=0(root) groups=0(root)
#######

What version of Docker are you running? If it is prior to 1.9 you are
likely to hit his bug: https://github.com/docker/docker/issues/6880

Kind Regards

Andrew H. (LinuxJedi)
Technical Product Manager, NGINX Inc.

Hi.

Am 17-02-2016 16:47, schrieb Valentin V. Bartenev:

[…]

What’s the problem with “access_log /dev/stdout”?

Well I have the following problem on openshift v3.

#######
nginx: [alert] could not open error log file: open()
“/var/log/nginx/error.log” failed (13: Permission denied)
2016/02/17 18:34:32 [warn] 1#1: the “user” directive makes sense only if
the master process runs with super-user privileges, ignored in
/etc/nginx/nginx.conf:2
2016/02/17 18:34:32 [emerg] 1#1: open() “/dev/stdout” failed (13:
Permission denied)

I have no name!@nginx-test-8-emwut:/$
I have no name!@nginx-test-8-emwut:/$ ls -la /dev/stdout
lrwxrwxrwx. 1 root root 15 Feb 17 18:24 /dev/stdout → /proc/self/fd/1
I have no name!@nginx-test-8-emwut:/$ id
uid=1000550000 gid=0(root) groups=0(root)
#######

The config file is this

user nginx;
worker_processes 1;

error_log stderr warn;
pid /tmp/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

 log_format  main  '$remote_addr - $remote_user [$time_local]

“$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

 access_log /dev/stdout;

 sendfile        on;
 #tcp_nopush     on;

 keepalive_timeout  65;

 #gzip  on;

 include /etc/nginx/conf.d/*.conf;

}
##########

The difficulty is that the build and run setup differs in that case that
you are root at build time but any arbitrary user at runtime.

Here some more details.

https://docs.openshift.com/enterprise/3.1/creating_images/guidelines.html#use-uid

In case you have a openshift running you can use this repo for testing.

Please note that writing logs to stdout can be a bottleneck, or cause
nginx
to stuck. The “error_log stderr;” exists mostly for development
purposes.

Thanks for tip.
I remember that ‘daemon off’ have the same background

br Aleks

On 18/02/16 08:59, Andrew H. wrote:

similar like “error_log stderr;”?
Well I have the following problem on openshift v3.
I have no name!@nginx-test-8-emwut:/$
I have no name!@nginx-test-8-emwut:/$ ls -la /dev/stdout
lrwxrwxrwx. 1 root root 15 Feb 17 18:24 /dev/stdout → /proc/self/fd/1
I have no name!@nginx-test-8-emwut:/$ id
uid=1000550000 gid=0(root) groups=0(root)
#######

What version of Docker are you running? If it is prior to 1.9 you are
likely to hit his bug: https://github.com/docker/docker/issues/6880

Also, as Valentin mentioned. Performance of any application, not just
NGINX, that logs a lot of data is going to be terrible when you actually
manage to do this.

There are many flaws in the The Factor-Factor App document and whilst it
may work out for you backend services I wouldn’t recommend following it
too closely for any core infrastructure.

Kind Regards

Andrew H. (LinuxJedi)
Technical Product Manager, NGINX Inc.

Hi Andrew.

Am 18-02-2016 10:16, schrieb Andrew H.:

how difficult is it to be able to add “access_log stdout;” to
nginx,
similar like “error_log stderr;”?

I ask because in some PaaS environment is it difficult to setup a
dedicated user yust for nginx.

It fits also a little bit better to http://12factor.net/logs

[snipp]

What version of Docker are you running? If it is prior to 1.9 you are
likely to hit his bug: Permission denied on /dev/stderr · Issue #6880 · moby/moby · GitHub

docker version
Client:
Version: 1.8.2-el7
API version: 1.20
Package Version: docker-1.8.2-10.el7.x86_64
Go version: go1.4.2
Git commit: a01dc02/1.8.2
Built:
OS/Arch: linux/amd64

Server:
Version: 1.8.2-el7
API version: 1.20
Package Version:
Go version: go1.4.2
Git commit: a01dc02/1.8.2
Built:
OS/Arch: linux/amd64

Also, as Valentin mentioned. Performance of any application, not just
NGINX, that logs a lot of data is going to be terrible when you
actually manage to do this.

I have received some suggestions on haproxy list, which I will try.

There are many flaws in the The Factor-Factor App document and whilst
it may work out for you backend services I wouldn’t recommend
following it too closely for any core infrastructure.

Well I assume that this document is written for apps not core infra

BR Aleks

On 19/02/2016 02:56, Aleksandar L. wrote:

/tmp/nginx.conf:22
nginx: configuration file /tmp/nginx.conf test failed

Any plans to add this possibility or have I missed something?

Please check the following:

Docker, section “using environment variables in
nginx configuration”. You will need nginx:1.9.10 docker tag or later.

–
Konstantin P.

Hi.

Am 18-02-2016 15:02, schrieb Aleksandar L.:

Hi Andrew.

Am 18-02-2016 10:16, schrieb Andrew H.:

[snipp]

Git commit: a01dc02/1.8.2
OS/Arch: linux/amd64

Also, as Valentin mentioned. Performance of any application, not just
NGINX, that logs a lot of data is going to be terrible when you
actually manage to do this.

I have received some suggestions on haproxy list, which I will try.

I have try to setup the syslog entry with variables, but it looks to me
that this not implemented.

sed -e’s/access_log.*/access_log
syslog:server=${NGINX_TEST_PORT_8514_UDP_ADDR}:${NGINX_TEST_PORT_8514_UDP_PORT};/’
/etc/nginx/nginx.conf > /tmp/nginx.conf

cat /tmp/nginx.conf

user nginx;
worker_processes 1;

error_log stderr warn;
pid /tmp/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

 log_format  main  '$remote_addr - $remote_user [$time_local]

“$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘"$http_user_agent" “$http_x_forwarded_for”’;

 access_log

syslog:server=${NGINX_TEST_PORT_8514_UDP_ADDR}:${NGINX_TEST_PORT_8514_UDP_PORT};

 sendfile        on;
 #tcp_nopush     on;

 keepalive_timeout  65;

 #gzip  on;

 include /etc/nginx/conf.d/*.conf;

}

nginx -T -c /tmp/nginx.conf

nginx: [alert] could not open error log file: open()
“/var/log/nginx/error.log” failed (13: Permission denied)
2016/02/18 23:54:51 [warn] 12#12: the “user” directive makes sense only
if the master process runs with super-user privileges, ignored in
/tmp/nginx.conf:2
2016/02/18 23:54:51 [emerg] 12#12: invalid port in syslog server
“${NGINX_TEST_PORT_8514_UDP_ADDR}:${NGINX_TEST_PORT_8514_UDP_PORT}” in
/tmp/nginx.conf:22
nginx: configuration file /tmp/nginx.conf test failed

Any plans to add this possibility or have I missed something?

BR
Aleks

Hi.

Am 19-02-2016 09:42, schrieb Konstantin P.:

On 19/02/2016 02:56, Aleksandar L. wrote:

[snipp env errors]

Any plans to add this possibility or have I missed something?

Please check the following:

Docker, section “using environment variables
in
nginx configuration”. You will need nginx:1.9.10 docker tag or later.

Thanks for the input

Now I was able to create a more production ready setup for nginx and
Openshift.

BR Aleks