search

chainguard-images / images

Public Chainguard Images
https://chainguard.dev/chainguard-images
Apache License 2.0
543 stars 140 forks source link

NGINX log to stdout/stderr #342

Closed mts-dyt closed 1 year ago

mts-dyt commented 1 year ago

Which image/versions are related to this issue/feature request?

cgr.dev/chainguard/nginx:1.23

Issue/Feature description

NGINX docker image send logs to files by default (/var/log/nginx/access.log) Is it possible to send logs to standard outputs? I need to display all logs on stdout as I am running containers on Kubernetes

rawlingsj commented 1 year ago

The wolfi nginx package does change the default error logs to go to standard err https://github.com/wolfi-dev/os/blob/9a579f80ce73244f49d95d304fd44c7a83877009/nginx.yaml#L104-L105

Though you are looking for all logs? There was some discussion around the time we initially added the nginx wolfi based image of whether to also send access logs to standard out. From memory I think we decided against doing that by default as not everyone may like having access logs automatically added to centralised logging systems. Though I maybe wrong. @amouat or @patflynn can you remember?

One approach you could do today is create a customised nginx.conf and mount it via a config map into your nginx pod at /etc/nginx/nginx.conf. Would that help?

amouat commented 1 year ago

I agree with @mts-dyt, we shouldn't be logging to file at all; it's going to fill up the FS and crash the container. All logs should got to stderr/out or be disabled, we can show how to use a config file to put anything to file for people that need it.

mts-dyt commented 1 year ago

I managed to do it with custom NGINX configuration:

error_log  /dev/stderr notice;
access_log  /dev/stdout;

The downside is that log files are no more generated. In the official NGINX image, they use both methods by creating symlink: https://github.com/nginxinc/docker-nginx/blob/1.23.1/stable/alpine/Dockerfile#L118-L119

Can we do the same?

amouat commented 1 year ago

I don't think that's doing both, I think it sends all logs to stdout/stderr. But yes, we should do the same.

amouat commented 1 year ago

I'm away until the week of the 27th, but will try to take a look then if no-one else has fixed this by then. I'd like to fix some other issues at the same time.

amouat commented 1 year ago

This should be fixed by https://github.com/wolfi-dev/os/pull/957