[PATCH] conf/nginx.conf: add example "privacy" log_format

Hans-Christoph Steiner hans at guardianproject.info
Wed Jan 13 11:06:14 UTC 2021

Quick update: I now realize that this proposed format matched the
Apache standard format, but the nginx "main" format is different in
that it has one extra column for "$http_x_forwarded_for".  I updated
the patch to make the "privacy" format have the same number of columns
as the "main" format.  This makes it possible to freely switch between
"main" and "privacy" and the logs will retain the same columns/format.
The downside is that this means nginx's "privacy" format is not
strictly compatible with Apache's "privacy" format.

# HG changeset patch
# User Hans-Christoph Steiner <hans at eds.org>
# Date 1609333908 -3600
#      Wed Jan 13 14:11:48 202 +0100
# Node ID 0e6fb2161806a4c4e3df54e2ed6523aca7c70e23
# Parent  82228f955153527fba12211f52bf102c90f38dfb
conf/nginx.conf: add example "privacy" log_format

The standard log_formats store detailed information which falls under
data regulations like the EU's GDPR and California's CCPA. This merge
request adds a suggested "privacy" log_format that generates logs that
cannot be used to identify users. This has been developed and used by
Tor Project, Guardian Project, and F-Droid.

* https://guardianproject.info/2017/06/08/tracking-usage-without-tracking-people
* https://gitweb.torproject.org/webstats.git/tree/src/sanitize.py
* https://f-droid.org/2019/04/15/privacy-preserving-analytics.html

diff -r 82228f955153 -r 0e6fb2161806 conf/nginx.conf
--- a/conf/nginx.conf	Tue Dec 15 17:41:39 2020 +0300
+++ b/conf/nginx.conf	Wed Dec 30 14:11:48 2020 +0100
@@ -21,6 +21,8 @@
      #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
      #                  '$status $body_bytes_sent "$http_referer" '
      #                  '"$http_user_agent" "$http_x_forwarded_for"';
+    #log_format privacy ' - - [$time_local] "$request" '
+    #                   '$status $body_bytes_sent "$http_referer" '
+    #                   '"-" "-"';

      #access_log  logs/access.log  main;

More information about the nginx-devel mailing list