From 2fb310972c7b4e118efc9f98917f83a1c2cad8e6 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Fri, 30 Sep 2022 10:55:39 -0700 Subject: [PATCH] Update gitea logs for better request tracing In gitea 1.14.0 they dropped the macaron http router for go-chi. This seems to have changed how the request context's RemoteAddr is parsed in logging. Importantly instead of a valid source port we get :0 which makes it difficult to trace a connection from apache to gitea. The origin of this behavior seems to be handling of X-Forwarded-For headers that apache is setting. To address this we drop those headers in hopes that gitea will log raw details for the apacher -> gitea connection in that case. Due to not using x-forwarded-for anymore we need to log the source port that apache is using for the proxy pass connection which is done by modifying the apache log format. Change-Id: I1e69431bf703947dc5c223df2a9e1b55bd0d841c --- playbooks/roles/gitea/templates/gitea.vhost.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/gitea/templates/gitea.vhost.j2 b/playbooks/roles/gitea/templates/gitea.vhost.j2 index ca71238fb1..1af73797ae 100644 --- a/playbooks/roles/gitea/templates/gitea.vhost.j2 +++ b/playbooks/roles/gitea/templates/gitea.vhost.j2 @@ -17,7 +17,7 @@ Listen 3081 LogLevel warn - LogFormat "%h:%{remote}p %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combinedport + LogFormat "%h:%{remote}p %A:%{proxy-source-port}n %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combinedport CustomLog ${APACHE_LOG_DIR}/gitea-ssl-access.log combinedport SSLEngine on @@ -37,6 +37,9 @@ Listen 3081 Use UserAgentFilter + # Disable x-forwarded- headers because gitea logging can't + # parse them properly + ProxyAddHeaders Off ProxyPass /.well-known/ ! ProxyPass / https://{{ inventory_hostname }}:3000/ retry=0 ProxyPassReverse / https://{{ inventory_hostname }}:3000/