From 71f96d4c2ba647db6ffe67765fd8aae6bfaca14b Mon Sep 17 00:00:00 2001
From: Tim Schneider <tim.schneider@greensynergy.de>
Date: Thu, 24 May 2018 23:41:11 +0200
Subject: [PATCH 1/2] Adding the possibility to use anonymized logging

---
 README.md  |  7 +++++++
 nginx.tmpl | 24 ++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/README.md b/README.md
index 054b4d1..86eefad 100644
--- a/README.md
+++ b/README.md
@@ -145,6 +145,13 @@ To set the default host for nginx use the env var `DEFAULT_HOST=foo.bar.com` for
     $ docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
 
 
+### Anonymized logging
+
+The default access log messages created by this container contain information like the IP address, referer and the user agent. To anonymize the IP and remove the referer and user agent from logging, set the env var `ANONYMIZE_LOGGING=1` for example
+
+    $ docker run -d -p 80:80 -e ANONYMIZE_LOGGING=1 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
+
+
 ### Separate Containers
 
 nginx-proxy can also be run as two separate containers using the [jwilder/docker-gen](https://index.docker.io/u/jwilder/docker-gen/)
diff --git a/nginx.tmpl b/nginx.tmpl
index 39e38f7..1a624d0 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -57,11 +57,35 @@ map $scheme $proxy_x_forwarded_ssl {
   https on;
 }
 
+
+
 gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
+{{ if $.Env.ANONYMIZE_LOGGING }}
+map $remote_addr $ip_anonym1 {
+ default 0.0.0;
+ "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
+ "~(?P<ip>[^:]+:[^:]+):" $ip;
+}
+
+map $remote_addr $ip_anonym2 {
+ default .0;
+ "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
+ "~(?P<ip>[^:]+:[^:]+):" ::;
+}
+
+map $ip_anonym1$ip_anonym2 $ip_anonymized {
+ default 0.0.0.0;
+ "~(?P<ip>.*)" $ip;
+}
+log_format vhost '$host $ip_anonymized [$time_local] '
+                 '"$request" $status $body_bytes_sent ';
+
+{{ else }}
 log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                  '"$request" $status $body_bytes_sent '
                  '"$http_referer" "$http_user_agent"';
+{{ end }}
 
 access_log off;
 

From 63300aa4db8fe3c52d4b1d3b38db3c7ab80fb820 Mon Sep 17 00:00:00 2001
From: Tim Schneider <tim.schneider@greensynergy.de>
Date: Fri, 8 Jun 2018 23:06:58 +0200
Subject: [PATCH 2/2] Adding referece to stackoverflow

---
 nginx.tmpl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nginx.tmpl b/nginx.tmpl
index 1a624d0..c0daf3f 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -62,6 +62,8 @@ map $scheme $proxy_x_forwarded_ssl {
 gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
 {{ if $.Env.ANONYMIZE_LOGGING }}
+# Anonymize the ip address
+# https://stackoverflow.com/a/27749834/3135319
 map $remote_addr $ip_anonym1 {
  default 0.0.0;
  "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;