Adding the possibility to use anonymized logging

README.md

@@ -145,6 +145,13 @@ To set the default host for nginx use the env var `DEFAULT_HOST=foo.bar.com` for
     $ docker run -d -p 80:80 -e DEFAULT_HOST=foo.bar.com -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
 
 
+### Anonymized logging
+
+The default access log messages created by this container contain information like the IP address, referer and the user agent. To anonymize the IP and remove the referer and user agent from logging, set the env var `ANONYMIZE_LOGGING=1` for example
+
+    $ docker run -d -p 80:80 -e ANONYMIZE_LOGGING=1 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
+
+
 ### Separate Containers
 
 nginx-proxy can also be run as two separate containers using the [jwilder/docker-gen](https://index.docker.io/u/jwilder/docker-gen/)

nginx.tmpl

@@ -57,11 +57,35 @@ map $scheme $proxy_x_forwarded_ssl {
   https on;
 }
 
+
+
 gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
+{{ if $.Env.ANONYMIZE_LOGGING }}
+map $remote_addr $ip_anonym1 {
+ default 0.0.0;
+ "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
+ "~(?P<ip>[^:]+:[^:]+):" $ip;
+}
+
+map $remote_addr $ip_anonym2 {
+ default .0;
+ "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
+ "~(?P<ip>[^:]+:[^:]+):" ::;
+}
+
+map $ip_anonym1$ip_anonym2 $ip_anonymized {
+ default 0.0.0.0;
+ "~(?P<ip>.*)" $ip;
+}
+log_format vhost '$host $ip_anonymized [$time_local] '
+                 '"$request" $status $body_bytes_sent ';
+
+{{ else }}
 log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                  '"$request" $status $body_bytes_sent '
                  '"$http_referer" "$http_user_agent"';
+{{ end }}
 
 access_log off;