Solved Which is the way to go to adjust/shorten Cloudrons nginx log retention/rotation?
-
I've gotten a lot of requests lately from customers that are using random WordPress templates which are using Google Fonts, because they got mail from a lawyer about illegally using those without consent from the users (a GDPR thing). The claim may be bogus, but they also attached a data inquiry about what is saved for a specific IP address (which you usually have to comply if the request is legit). Which nginx config would I need to adjust to save only 7 instead of 30 (!) days of access/error logs (so I can just wipe them clean and give a negative response) and also retain the config after a Cloudron restart/update?
Best, M
-
So it turns out we are using the default configs shipped with Ubuntu for logrotation of nginx logs. The corresponding file to configure duration and behavior for nginx is
/etc/logrotate.d/nginx
. You can adjust this file to your requirements and it will persist as long as that server is used, it won't persist a full Cloudron restore on a new ubuntu server, since it is not part of the Cloudron backup. -
I think we just use the default for the main reverse proxy nginx, so we could adjust this for everyone if GDPR requires a limit to 7 days then. Do you have a link to that section of the requirement so we can also see if other things should be adjusted?
For other nginx instances, used within an app, I am guess we would have to limit all app logs to 7 days? Not sure what the exact requirements are though.
-
nebulon
-
@nebulon no no, the 7 days are no official requirement, that would be just for this instance to get rid of old logs and data. However, it would be cool if that could be adjusted globally.
-
@nebulon this guy suggests to remove the IP address altogether and/or 7 days: https://dr-dsgvo.de/webseiten-logfiles-welche-speicherdauer-ist-zulaessig-eine-datenschutzfrage/ (German)
-
So it turns out we are using the default configs shipped with Ubuntu for logrotation of nginx logs. The corresponding file to configure duration and behavior for nginx is
/etc/logrotate.d/nginx
. You can adjust this file to your requirements and it will persist as long as that server is used, it won't persist a full Cloudron restore on a new ubuntu server, since it is not part of the Cloudron backup. -
girish
-
@nebulon perfect, thanks for confirming!