0

What the best practice to write and manage log files written by Apache HTTPD running in a container?

We run Apache HTTPD using docker base image httpd:2.4-bullseye. Right now HTTPD is configured to write its logs to stdout and stderr. Docker captures that container output and I can see the log content via docker logs <containerId>.

I'd like to reconfigure HTTPD so access, error and other HTTPD log output goes to files, which will preserve/publish that output in an obvious way. I can handle revising httpd.conf and httpd-ssl.conf, I definitely can mount a volume to the container, and I'll fight with process and directory permissions until the docker-running HTTPD process can write.

I'm concerned about rotating the log files periodically. Relevant apache doc: https://httpd.apache.org/docs/2.4/logs.html#rotation

I thought of logrotate but not sure it's appropriate here. Just for context, in the old all-on-one-machine no-docker deployment method, HTTPD wrote a file with its process ID, then logrotate read that file and sent a signal (HUP) to the httpd process, which in turn re-read its config, redid its log files, etc.

Please tell me, what's the right way for an apache-in-docker deployment where logrotate cannot send a signal to the running HTTPD? Is piping log output to the apache-provided executable rotatelogs the best choice?

UPDATE: successfully created a user, configured the user in httpd.conf, mounted a volume, and set the following lines in httpd-ssl.conf inside a VirtualHost directive:

ErrorLog    "|bin/rotatelogs -n 14 /opt/data/logs/httpd-error.log 86400"
TransferLog "|bin/rotatelogs -n 14 /opt/data/logs/httpd-transfer.log 86400"
CustomLog   "|bin/rotatelogs -n 14 /opt/data/logs/httpd-ssl.log 86400" \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Still would like to hear an expert's opinion, thanks in advance

chrisinmtown
  • 101
  • 4

1 Answers1

0

I'm no expert but i'm running logrotate on host side, and it is a postrotate script which is charged of sending the right signal to apache to reopen the log file :

I added this on my rotate script in /etc/init.d/logrotate.d/

postrotate
   /root/postrotate.sh $1
endscript

And my in my test script /root/postrotate.sh i go into my stack folder and run the kill command inside my docker container :

cd `echo $1 | cut -d '/' -f '1-4' `
docker-compose exec my_container sudo pkill -HUP apache2 
Gnusam
  • 1
  • 2
  • Thanks. I gave up on logging directly to files and external rotate utilities. Instead I configured `httpd-ssl.conf` to write logs via the Apache-provided `rotatelogs` binary which does a reasonable job of rotating log files. For example: `ErrorLog "|bin/rotatelogs -f -n 14 /my/volume/logs/httpd-error-log 86400"` – chrisinmtown Nov 26 '22 at 19:14