diff --git a/README.md b/README.md
index a03b5e2..3f24e73 100644
--- a/README.md
+++ b/README.md
@@ -167,6 +167,13 @@ nginx-proxy will then redirect all requests to a container where `VIRTUAL_HOST`
 
     $ docker run -d -e VIRTUAL_HOST=foo.bar.com nginx
 
+### Anonymized logging
+
+The default access log messages created by this container contain information like the IP address, referer and the user agent. To anonymize the IP and remove the referer and user agent from logging, set the env var `ANONYMIZE_LOGGING=1` for example
+
+    $ docker run -d -p 80:80 -e ANONYMIZE_LOGGING=1 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
+
+
 ### Separate Containers
 
 nginx-proxy can also be run as two separate containers using the [jwilder/docker-gen](https://hub.docker.com/r/jwilder/docker-gen)
diff --git a/nginx.tmpl b/nginx.tmpl
index 66f346c..056aaf6 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -104,11 +104,37 @@ map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
   https on;
 }
 
+
+
 gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
+{{ if $.Env.ANONYMIZE_LOGGING }}
+# Anonymize the ip address
+# https://stackoverflow.com/a/27749834/3135319
+map $remote_addr $ip_anonym1 {
+ default 0.0.0;
+ "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
+ "~(?P<ip>[^:]+:[^:]+):" $ip;
+}
+
+map $remote_addr $ip_anonym2 {
+ default .0;
+ "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
+ "~(?P<ip>[^:]+:[^:]+):" ::;
+}
+
+map $ip_anonym1$ip_anonym2 $ip_anonymized {
+ default 0.0.0.0;
+ "~(?P<ip>.*)" $ip;
+}
+log_format vhost '$host $ip_anonymized [$time_local] '
+                 '"$request" $status $body_bytes_sent ';
+
+{{ else }}
 log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                  '"$request" $status $body_bytes_sent '
                  '"$http_referer" "$http_user_agent"';
+{{ end }}
 
 access_log off;