replatform/configure_goaccess.yml at master · programmer-ke/replatform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
---
- name: Ensure that we have goaccess installed
  apt: name=goaccess state=present

- name: Specify custom log format for use with goaccess
  template:
    src: "templates/nginx_custom_log_format.conf.j2"
    dest: "/etc/nginx/conf.d/nginx_custom_log_format.conf"
  notify: reload nginx

- name: Remove the default access log declaration from main nginx config
  lineinfile:
    dest: "/etc/nginx/nginx.conf"
    regexp: '^\s+access_log\s+'
    state: absent
    backup: yes
  notify: reload nginx

- name: Ensure goaccess db path exists
  file:
    path: /var/lib/goaccess
    state: directory
    owner: admin
    group: admin

- name: Ensure that the admin user can write to goaccess output location
  file:
    path: "/var/www/{{ server_hostname }}"
    state: directory
    owner: admin
    group: admin

- name: Configure goaccess parameters
  lineinfile:
    dest: "/etc/goaccess/goaccess.conf"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: present
  with_items:
    - regexp: '^log-format\s+'
      line: "log-format VCOMBINED"
    - regexp: '^log-file\s+'
      line: "log-file /var/log/nginx/access.log"
    - regexp: '^output\s+'
      line: "output /var/www/{{ server_hostname }}/report.html"
    - regexp: '^anonymize-ip\s+'
      line: "anonymize-ip true"
    - regexp: '^db-path\s+'
      line: "db-path /var/lib/goaccess/"
    - regexp: '^persist\s+'
      line: "persist true"
    - regexp: '^restore\s+'
      line: "restore true"
    - regexp: '^ignore-crawlers\s+'
      line: "ignore-crawlers true"
    - regexp: '^all-static-files\s+'
      line: "all-static-files true"
    - regexp: '^with-output-resolver\s+'
      line: "with-output-resolver false"
    - regexp: '^agent-list\s+'
      line: "agent-list true"

- name: Set goaccess exclude-ip block
  blockinfile:
    path: "/etc/goaccess/goaccess.conf"
    marker_begin: "BEGIN_EXCLUDE_IP"
    marker_end: "END_EXCLUDE_IP"
    state: present
    block: |
      exclude-ip 127.0.0.1
      exclude-ip {{ ipv4_address }}

- name: Set goaccess ignore-status block
  blockinfile:
    path: "/etc/goaccess/goaccess.conf"
    marker_begin: "BEGIN_IGNORE_STATUS"
    marker_end: "END_IGNORE_STATUS"
    state: present
    block: |
      ignore-status 301
      ignore-status 404

- name: Ensure a cron job regenerates the report every few minutes via admin
  cron:
    name: "Generate goaccess report"
    state: present
    user: admin
    job: "goaccess > /dev/null 2>&1"
    minute: "*/5"