collect traefik access logs

remove forgejo access logs

ansible/roles/monitoring/elasticsearch.yml.j2

@@ -26,10 +26,10 @@ datasources:
       index: 'fluentd.diskfree-*'
       timeField: '@timestamp'
 
-  - name: forgejo_access
+  - name: traefik_access
     type: elasticsearch
     access: proxy
     url: http://maestro.dmz:{{ elasticsearch_port }}
     jsonData:
-      index: 'fluentd.docker.forgejo_forgejo.**'
+      index: 'fluentd.access.traefik-*'
       timeField: '@timestamp'

ansible/roles/monitoring/fluent.conf.j2

@@ -6,7 +6,7 @@
   port {{ fluent_forward_port }}
 </source>
 
-<filter docker.forgejo_forgejo.**>
+<filter access.**>
   @type geoip
   geoip_lookup_keys  host
   backend_library geoip2_c
@@ -17,7 +17,7 @@
   skip_adding_null_record  true
 </filter>
 
-<match cpu memory diskfree docker.forgejo_forgejo.**>
+<match cpu memory diskfree access.**>
   @type elasticsearch
   host maestro.dmz
   port {{ elasticsearch_port }}

ansible/roles/traefik/docker-stack.yml.j2

@@ -125,3 +125,11 @@ services:
       - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
 
       - --serversTransport.insecureSkipVerify=true
+
+      - --accesslog=true
+      - --accesslog.fields.defaultmode=keep
+      - --accesslog.fields.names.ClientUsername=drop
+      - --accesslog.fields.headers.defaultmode=keep
+      - --accesslog.fields.headers.names.User-Agent=keep
+      - --accesslog.fields.headers.names.Authorization=drop
+      - --accesslog.fields.headers.names.Content-Type=keep

terraform/elasticsearch/main.tf

@@ -52,7 +52,7 @@ resource "elasticstack_elasticsearch_index_template" "logs_template" {
   name = "logs_template"
 
   priority = 42
-  index_patterns = ["fluentd.docker.**"]
+  index_patterns = ["fluentd.access.**"]
 
   template {
     settings = jsonencode({