Merge 2e9747f2fe into d9d7a3354d

README.md

@@ -167,6 +167,13 @@ nginx-proxy will then redirect all requests to a container where `VIRTUAL_HOST`
 
     $ docker run -d -e VIRTUAL_HOST=foo.bar.com nginx
 
+### Anonymized logging
+
+The default access log messages created by this container contain information like the IP address, referer and the user agent. To anonymize the IP and remove the referer and user agent from logging, set the env var `ANONYMIZE_LOGGING=1` for example
+
+    $ docker run -d -p 80:80 -e ANONYMIZE_LOGGING=1 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
+
+
 ### Separate Containers
 
 nginx-proxy can also be run as two separate containers using the [jwilder/docker-gen](https://hub.docker.com/r/jwilder/docker-gen)

nginx.tmpl

@@ -104,11 +104,37 @@ map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
   https on;
 }
 
+
+
 gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
+{{ if $.Env.ANONYMIZE_LOGGING }}
+# Anonymize the ip address
+# https://stackoverflow.com/a/27749834/3135319
+map $remote_addr $ip_anonym1 {
+ default 0.0.0;
+ "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
+ "~(?P<ip>[^:]+:[^:]+):" $ip;
+}
+
+map $remote_addr $ip_anonym2 {
+ default .0;
+ "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
+ "~(?P<ip>[^:]+:[^:]+):" ::;
+}
+
+map $ip_anonym1$ip_anonym2 $ip_anonymized {
+ default 0.0.0.0;
+ "~(?P<ip>.*)" $ip;
+}
+log_format vhost '$host $ip_anonymized [$time_local] '
+                 '"$request" $status $body_bytes_sent ';
+
+{{ else }}
 log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                  '"$request" $status $body_bytes_sent '
                  '"$http_referer" "$http_user_agent"';
+{{ end }}
 
 access_log off;