2027: Make logs more quiet r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

It silences various useless log messages in front, specifically:
```
Oct 30 03:11:04 instance-20210109-1612 docker-front[1963]: 127.0.0.1 - - [30/Oct/2021:03:11:04 +0000] "GET /health HTTP/1.1" 301 162 "-" "curl/7.78.0"
Oct 30 03:11:04 instance-20210109-1612 docker-front[1963]: 127.0.0.1 - - [30/Oct/2021:03:11:04 +0000] "GET /health HTTP/2.0" 204 0 "-" "curl/7.78.0"
Oct 30 03:11:04 instance-20210109-1612 docker-front[1963]: 2021/10/30 03:11:04 [info] 476302#476302: *2622679 client 127.0.0.1 closed keepalive connection
Oct 30 03:13:02 instance-20210109-1612 docker-front[1963]: 127.0.0.1 - - [30/Oct/2021:03:13:02 +0000] "GET /auth/email HTTP/1.0" 200 0 "-" "-"
```

`@micw` has requested it for k8s

2030: Fix RELAYNETS r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

RELAYNETS should be comma separated like everything else; rspamd should also be aware of what is considered "trusted".

I am not sure whether ```local_networks``` is the right configuration option for it though

- close #360

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
master
bors[bot] 3 years ago committed by GitHub
commit e52a3de1b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,7 +1,7 @@
# Basic configuration # Basic configuration
user nginx; user nginx;
worker_processes auto; worker_processes auto;
error_log /dev/stderr info; error_log /dev/stderr notice;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
load_module "modules/ngx_mail_module.so"; load_module "modules/ngx_mail_module.so";
@ -13,7 +13,6 @@ http {
# Standard HTTP configuration with slight hardening # Standard HTTP configuration with slight hardening
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
access_log /dev/stdout;
sendfile on; sendfile on;
keepalive_timeout 65; keepalive_timeout 65;
server_tokens off; server_tokens off;
@ -38,6 +37,13 @@ http {
~*\.(ico|css|js|gif|jpeg|jpg|png|woff2?|ttf|otf|svg|tiff|eot|webp)$ 97d; ~*\.(ico|css|js|gif|jpeg|jpg|png|woff2?|ttf|otf|svg|tiff|eot|webp)$ 97d;
} }
map $request_uri $loggable {
/health 0;
/auth/email 0;
default 1;
}
access_log /dev/stdout combined if=$loggable;
# compression # compression
gzip on; gzip on;
gzip_static on; gzip_static on;
@ -246,6 +252,7 @@ mail {
auth_http http://127.0.0.1:8000/auth/email; auth_http http://127.0.0.1:8000/auth/email;
proxy_pass_error_message on; proxy_pass_error_message on;
resolver {{ RESOLVER }} ipv6=off valid=30s; resolver {{ RESOLVER }} ipv6=off valid=30s;
error_log /dev/stderr info;
{% if TLS and not TLS_ERROR %} {% if TLS and not TLS_ERROR %}
include /etc/nginx/tls.conf; include /etc/nginx/tls.conf;

@ -17,7 +17,7 @@ queue_directory = /queue
message_size_limit = {{ MESSAGE_SIZE_LIMIT }} message_size_limit = {{ MESSAGE_SIZE_LIMIT }}
# Relayed networks # Relayed networks
mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {{ RELAYNETS }} mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {{ RELAYNETS.split(",") }}
# Empty alias list to override the configuration variable and disable NIS # Empty alias list to override the configuration variable and disable NIS
alias_maps = alias_maps =

@ -0,0 +1,3 @@
{% if RELAYNETS %}
local_networks = [{{ RELAYNETS }}];
{% endif %}

@ -73,14 +73,14 @@ The ``MESSAGE_RATELIMIT`` is the limit of messages a single user can send. This
meant to fight outbound spam in case of compromised or malicious account on the meant to fight outbound spam in case of compromised or malicious account on the
server. server.
The ``RELAYNETS`` are network addresses for which mail is relayed for free with The ``RELAYNETS`` (default: unset) is a comma delimited list of network addresses
no authentication required. This should be used with great care. If you want other for which mail is relayed for with no authentication required. This should be
Docker services' outbound mail to be relayed, you can set this to ``172.16.0.0/12`` used with great care as misconfigurations may turn your Mailu instance into an
to include **all** Docker networks. The default is to leave this empty. open-relay!
The ``RELAYHOST`` is an optional address of a mail server relaying all outgoing The ``RELAYHOST`` is an optional address to use as a smarthost for all outgoing
mail in following format: ``[HOST]:PORT``. mail in following format: ``[HOST]:PORT``. ``RELAYUSER`` and ``RELAYPASSWORD``
``RELAYUSER`` and ``RELAYPASSWORD`` can be used when authentication is needed. can be used when authentication is required.
By default postfix uses "opportunistic TLS" for outbound mail. This can be changed By default postfix uses "opportunistic TLS" for outbound mail. This can be changed
by setting ``OUTBOUND_TLS_LEVEL`` to ``encrypt`` or ``secure``. This setting is by setting ``OUTBOUND_TLS_LEVEL`` to ``encrypt`` or ``secure``. This setting is

@ -0,0 +1 @@
RELAYNETS should be a comma separated list of networks
Loading…
Cancel
Save