Add silence ping logging flag using ExcludePath
- Add `ping-path` option to enable switching on and passing to `logger.go` Default remains unchanged at: `"/ping"` - Add note in configuration.md about silence flag taking precedence Potential tests: - `options.go` sets `logger.SetExcludePath` based on silence flag? - Changing `PingPath` reflected in router?
This commit is contained in:
Karl Skewes
parent
08021429ea
commit
4e10cc76e0
@ -74,6 +74,7 @@ Usage of oauth2_proxy:
|
||||
-pass-user-headers: pass X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
|
||||
-profile-url string: Profile access endpoint
|
||||
-provider string: OAuth provider (default "google")
|
||||
-ping-path string: the ping endpoint that can be used for basic health checks (default "/ping")
|
||||
-proxy-prefix string: the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in) (default "/oauth2")
|
||||
-proxy-websockets: enables WebSocket proxying (default true)
|
||||
-pubjwk-url string: JWK pubkey access endpoint: required by login.gov
|
||||
@ -91,6 +92,7 @@ Usage of oauth2_proxy:
|
||||
-set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
|
||||
-set-authorization-header: set Authorization Bearer response header (useful in Nginx auth_request mode)
|
||||
-signature-key string: GAP-Signature request signature key (algorithm:secretkey)
|
||||
-silence-ping-logging bool: disable logging of requests to ping endpoint (default false)
|
||||
-skip-auth-preflight: will skip authentication for OPTIONS requests
|
||||
-skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)
|
||||
-skip-jwt-bearer-tokens: will skip requests that have verified JWT bearer tokens
|
||||
@ -140,7 +142,7 @@ There are three different types of logging: standard, authentication, and HTTP r
|
||||
|
||||
Each type of logging has their own configurable format and variables. By default these formats are similar to the Apache Combined Log.
|
||||
|
||||
A specific path can be excluded from request logs by setting `-exclude-logging-path`. This is useful for disabling logging of requests to the `/ping` endpoint to reduce log volume when health checking `oauth2_proxy`.
|
||||
Logging of requests to the `/ping` endpoint can be disabled with `-silence-ping-logging` reducing log volume. This flag sets the `-exclude-logging-path` value to the `-ping-path` and takes precedence over any other value `-exclude-logging-path` may have been set to directly.
|
||||
|
||||
### Auth Log Format
|
||||
Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format:
|
||||
|
||||
2
main.go
2
main.go
@ -69,6 +69,7 @@ func main() {
|
||||
flagSet.String("banner", "", "custom banner string. Use \"-\" to disable default banner.")
|
||||
flagSet.String("footer", "", "custom footer string. Use \"-\" to disable default footer.")
|
||||
flagSet.String("proxy-prefix", "/oauth2", "the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)")
|
||||
flagSet.String("ping-path", "/ping", "the ping endpoint that can be used for basic health checks")
|
||||
flagSet.Bool("proxy-websockets", true, "enables WebSocket proxying")
|
||||
|
||||
flagSet.String("cookie-name", "_oauth2_proxy", "the name of the cookie that the oauth_proxy creates")
|
||||
@ -99,6 +100,7 @@ func main() {
|
||||
flagSet.Bool("request-logging", true, "Log HTTP requests")
|
||||
flagSet.String("request-logging-format", logger.DefaultRequestLoggingFormat, "Template for HTTP request log lines")
|
||||
flagSet.String("exclude-logging-path", "", "Exclude logging requests to path (eg: /ping)")
|
||||
flagSet.Bool("silence-ping-logging", false, "Disable logging of requests to ping endpoint")
|
||||
|
||||
flagSet.Bool("auth-logging", true, "Log authentication attempts")
|
||||
flagSet.String("auth-logging-format", logger.DefaultAuthLoggingFormat, "Template for authentication log lines")
|
||||
|
||||
@ -254,7 +254,7 @@ func NewOAuthProxy(opts *Options, validator func(string) bool) *OAuthProxy {
|
||||
Validator: validator,
|
||||
|
||||
RobotsPath: "/robots.txt",
|
||||
PingPath: "/ping",
|
||||
PingPath: opts.PingPath,
|
||||
SignInPath: fmt.Sprintf("%s/sign_in", opts.ProxyPrefix),
|
||||
SignOutPath: fmt.Sprintf("%s/sign_out", opts.ProxyPrefix),
|
||||
OAuthStartPath: fmt.Sprintf("%s/start", opts.ProxyPrefix),
|
||||
|
||||
13
options.go
13
options.go
@ -30,6 +30,7 @@ import (
|
||||
// or Config File
|
||||
type Options struct {
|
||||
ProxyPrefix string `flag:"proxy-prefix" cfg:"proxy_prefix" env:"OAUTH2_PROXY_PROXY_PREFIX"`
|
||||
PingPath string `flag:"ping-path" cfg:"ping-path" env:"OAUTH2_PROXY_PING_PATH"`
|
||||
ProxyWebSockets bool `flag:"proxy-websockets" cfg:"proxy_websockets" env:"OAUTH2_PROXY_PROXY_WEBSOCKETS"`
|
||||
HTTPAddress string `flag:"http-address" cfg:"http_address" env:"OAUTH2_PROXY_HTTP_ADDRESS"`
|
||||
HTTPSAddress string `flag:"https-address" cfg:"https_address" env:"OAUTH2_PROXY_HTTPS_ADDRESS"`
|
||||
@ -103,9 +104,8 @@ type Options struct {
|
||||
StandardLoggingFormat string `flag:"standard-logging-format" cfg:"standard_logging_format" env:"OAUTH2_PROXY_STANDARD_LOGGING_FORMAT"`
|
||||
RequestLogging bool `flag:"request-logging" cfg:"request_logging" env:"OAUTH2_PROXY_REQUEST_LOGGING"`
|
||||
RequestLoggingFormat string `flag:"request-logging-format" cfg:"request_logging_format" env:"OAUTH2_PROXY_REQUEST_LOGGING_FORMAT"`
|
||||
PingPath string `flag:"ping-path" cfg:"ping_path" env:"OAUTH2_PROXY_PING_PATH"`
|
||||
SilencePingLogging bool `flag:"silence-ping-logging" cfg:"silence_ping_logging" env:"OAUTH2_PROXY_SILENCE_PING_LOGGING"`
|
||||
ExcludeLoggingPath string `flag:"exclude-logging-path" cfg:"exclude_logging_path" env:"OAUTH2_PROXY_EXCLUDE_LOGGING_PATH"`
|
||||
SilencePingLogging bool `flag:"silence-ping-logging" cfg:"silence_ping_logging" env:"OAUTH2_PROXY_SILENCE_PING_LOGGING"`
|
||||
AuthLogging bool `flag:"auth-logging" cfg:"auth_logging" env:"OAUTH2_PROXY_LOGGING_AUTH_LOGGING"`
|
||||
AuthLoggingFormat string `flag:"auth-logging-format" cfg:"auth_logging_format" env:"OAUTH2_PROXY_AUTH_LOGGING_FORMAT"`
|
||||
SignatureKey string `flag:"signature-key" cfg:"signature_key" env:"OAUTH2_PROXY_SIGNATURE_KEY"`
|
||||
@ -136,6 +136,7 @@ type SignatureData struct {
|
||||
func NewOptions() *Options {
|
||||
return &Options{
|
||||
ProxyPrefix: "/oauth2",
|
||||
PingPath: "/ping",
|
||||
ProxyWebSockets: true,
|
||||
HTTPAddress: "127.0.0.1:4180",
|
||||
HTTPSAddress: ":443",
|
||||
@ -168,7 +169,6 @@ func NewOptions() *Options {
|
||||
LoggingLocalTime: true,
|
||||
LoggingCompress: false,
|
||||
ExcludeLoggingPath: "",
|
||||
PingPath: "/ping",
|
||||
SilencePingLogging: false,
|
||||
StandardLogging: true,
|
||||
StandardLoggingFormat: logger.DefaultStandardLoggingFormat,
|
||||
@ -572,11 +572,16 @@ func setupLogger(o *Options, msgs []string) []string {
|
||||
logger.SetStandardEnabled(o.StandardLogging)
|
||||
logger.SetAuthEnabled(o.AuthLogging)
|
||||
logger.SetReqEnabled(o.RequestLogging)
|
||||
logger.SetExcludePath(o.ExcludeLoggingPath)
|
||||
logger.SetStandardTemplate(o.StandardLoggingFormat)
|
||||
logger.SetAuthTemplate(o.AuthLoggingFormat)
|
||||
logger.SetReqTemplate(o.RequestLoggingFormat)
|
||||
|
||||
if o.SilencePingLogging {
|
||||
logger.SetExcludePath(o.PingPath)
|
||||
} else {
|
||||
logger.SetExcludePath(o.ExcludeLoggingPath)
|
||||
}
|
||||
|
||||
if !o.LoggingLocalTime {
|
||||
logger.SetFlags(logger.Flags() | logger.LUTC)
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user