Update gitea logs for better request tracing

In gitea 1.14.0 they dropped the macaron http router for go-chi. This seems to have changed how the request context's RemoteAddr is parsed in logging. Importantly instead of a valid source port we get :0 which makes it difficult to trace a connection from apache to gitea. The origin of this behavior seems to be handling of X-Forwarded-For headers that apache is setting. To address this we drop those headers in hopes that gitea will log raw details for the apacher -> gitea connection in that case. Due to not using x-forwarded-for anymore we need to log the source port that apache is using for the proxy pass connection which is done by modifying the apache log format. Change-Id: I1e69431bf703947dc5c223df2a9e1b55bd0d841c
2022-09-30 10:55:39 -07:00 · 2022-09-30 10:55:39 -07:00 · 2fb310972c
commit 2fb310972c
parent fbb55cd9ec
1 changed files with 4 additions and 1 deletions
--- a/playbooks/roles/gitea/templates/gitea.vhost.j2
+++ b/playbooks/roles/gitea/templates/gitea.vhost.j2
@ -17,7 +17,7 @@ Listen 3081

  LogLevel warn

-  LogFormat "%h:%{remote}p %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combinedport
+  LogFormat "%h:%{remote}p %A:%{proxy-source-port}n %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combinedport
  CustomLog ${APACHE_LOG_DIR}/gitea-ssl-access.log combinedport

  SSLEngine on
@ -37,6 +37,9 @@ Listen 3081
  </Location>

  Use UserAgentFilter
+  # Disable x-forwarded- headers because gitea logging can't
+  # parse them properly
+  ProxyAddHeaders Off
  ProxyPass  /.well-known/ !
  ProxyPass  / https://{{ inventory_hostname }}:3000/ retry=0
  ProxyPassReverse / https://{{ inventory_hostname }}:3000/