Nginx Wildcard Subdomain Automatic Creation of Access Log File

Question

I have almost 200 subdomains on NGINX and have the directive

access_log  /var/log/nginx/$host-access.log;

The problem is none of the subdomain access log files actually exist, so the error log is loaded up with errors like

(13: Permission denied) while logging request...

This is a Wordpress Multisite installation, so subdomains are created inside the WP database. NGINX knows nothing until a request comes in.

How should this be handled? I've thought about writing a PHP script that parses the URI and checks for the presence of the log file, writing it if it does not exist. I don't care if the very first request is not logged. Or is there a way to have NGINX create the log file initially, if it does not exist? I know that would create some trash log files from bad requests. The PHP script would avoid that. Any advice is appreciated!

Answer 1

Using $host in the file name is not a good approach. This means that your web server can be attacked by sending requests with millions of different Host: header contents. This might lead into exhaustion of inodes in your file system.

To prevent this, you should have your all subdomains listed in nginx server_name directive, and then use $server_name as the variable in your log file name. For default vhost, you can either use one log file or no log file at all.

However, to solve your current permission issue, you should make sure that the user running nginx has write permissions to the nginx log directory.

For example, you should apply the following:

• Log file directory is at /var/log/nginx
• Log directory owner is www-data
• nginx runs as www-data user
• Log directory permissions are 0755