From 845911dcbd176b8f8767718b7a12bdf3927c1065 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 14 Oct 2024 11:38:05 -0500
Subject: [PATCH] r/nginx: Make logging to files optional

If _nginx_ is configured to send error/access log messages to syslog, it
may not make sense to _also_ send messages to log files as well.  The
`nginx_error_log_file` and `nginx_access_log_file` variables are now
available to control whether/where to send log messages.  Setting either
of these to a falsy value will disable logging to a file.  A non-empty
string value is interpreted as the path to a log file.  By default, the
existing behavior of logging to `/var/log/nginx/error.log` and
`/var/log/nginx/access.log` is preserved.
---
 roles/nginx/defaults/main.yml       | 2 ++
 roles/nginx/templates/nginx.conf.j2 | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index 681375f..db015f7 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -4,5 +4,7 @@ nginx_ssl_session_cache: shared:SSL:1m
 nginx_ssl_session_timeout: 10m
 nginx_ssl_ciphers: '{{ nginx_default_ssl_ciphers }}'
 nginx_log_syslog: true
+nginx_error_log_file: /var/log/nginx/error.log
+nginx_access_log_file: /var/log/nginx/access.log
 nginx_redirect_http_https: false
 nginx_keep_num_logs: 10
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
index 5b3f8b7..ba327ed 100644
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -4,7 +4,9 @@
 
 user {{ nginx_user }};
 worker_processes auto;
-error_log /var/log/nginx/error.log;
+{% if nginx_error_log_file %}
+error_log {{ nginx_error_log_file }};
+{% endif %}
 {% if nginx_log_syslog|bool %}
 error_log syslog:server=unix:/dev/log,facility=daemon,nohostname;
 {% endif %}
@@ -22,7 +24,9 @@ http {
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
-    access_log  /var/log/nginx/access.log  main;
+{% if nginx_access_log_file %}
+    access_log  {{ nginx_access_log_file }}  main;
+{% endif %}
 {% if nginx_log_syslog|bool %}
     access_log  syslog:server=unix:/dev/log,facility=daemon,nohostname main;
 {% endif %}