m

volumes/conf.d/registry.zinomedia.de.conf

@@ -7,13 +7,44 @@ map $upstream_http_docker_distribution_api_version $docker_distribution_api_vers
     '' 'registry/2.0';
 }
 
+# Mtail friendly json access-log format to record registry traffic.
+log_format registry_json escape=json
+'{'
+'"timestamp":"$time_iso8601",'
+'"remote_address":"$remote_addr",'
+'"remote_user":"$remote_user",'
+'"request_id":"$effective_request_id",'
+'"method":"$request_method",'
+'"path":"$uri",'
+'"query_string":"$args",'
+'"http_version":"$server_protocol",'
+'"status":$status,'
+'"bytes_sent":$bytes_sent,'
+'"body_bytes_sent":$body_bytes_sent,'
+'"request_length":$request_length,'
+'"request_time":$request_time,'
+'"upstream_status":"$upstream_status",'
+'"upstream_time":"$upstream_response_time",'
+'"referer":"$http_referer",'
+'"user_agent":"$http_user_agent",'
+'"x_forwarded_for":"$http_x_forwarded_for",'
+'"range":"$http_range",'
+'"docker_content_digest":"$sent_http_docker_content_digest"'
+'}';
+
+# If $request_id is unavailable/empty use client + time.
+map $request_id $effective_request_id {
+    default $request_id;
+    "" "$remote_addr-$msec-$request_length";
+}
+
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
     server_name registry.zinomedia.de;
 
     access_log /var/log/nginx/registry.zinomedia.de.access.log;
-    error_log /var/log/nginx/error.log error;
+    error_log /var/log/nginx/error.log;
 
     ssl_certificate /etc/letsencrypt/live/registry.zinomedia.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/registry.zinomedia.de/privkey.pem;
@@ -78,6 +109,11 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 900;
+
+        # Registry traffic
+        add_header X-Request-ID $effective_request_id always;
+        proxy_set_header X-Request-ID $effective_request_id;
+        access_log /var/log/nginx/registry.zinomedia.de.access.json.log registry_json;
     }
 }