Thanks for checking my question.
I'm trying to log user access from browser, into access_log file which is not working now.
My system :
[User]-[TCP proxy]-[webserver]
nginx/1.6 in AWS EC2
nginx configuration :
load_module '/usr/lib64/nginx/modules/ngx_stream_module.so';
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
stream {
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
access_log /var/log/nginx/access.log basic;
server {
listen 80;
proxy_pass web.server.com:80;
}
server {
listen 443;
proxy_pass web.server.com:443;
}
}
I opened the website from my local laptop through proxy server with Chrome, it opens well and the chrome devtool shows proxy server's ip in Headers tab > General > Remote Address field.
I checked dig from my laptop and it indicated proxy server's ip,
even tcpdump in proxy server showed good logs : sudo tcpdump -nn -A -s1500 -l -i eth0 port 443
(from tcpdump)
23:51:46.944945 IP user_ip.27149 > proxy_ip: length 357
23:51:46.945040 IP proxy_ip.44488 > webserver_ip.443: length 357
23:51:47.026161 IP webserver_ip.443 > proxy_ip.44488: length 364
23:51:47.026245 IP proxy_ip.443 > user_ip.27149: length 364
But when I opened the access log file in the proxy server there were no entries.
Unlike the similar question in stackoverflow Nginx access logs entries don't get created for some connections when they happen , there was no initial entry. just empty.
I suspect access_log config at first, but when I curl the same url from my laptop, entries suddenly appear in access_log file. It appears every time I curl the url.
user_ip [15/Feb/2021:23:21:25 +0000] TCP 200 1291080 3279 356.730
user_ip [15/Feb/2021:23:28:24 +0000] TCP 200 215 568 119.923
user_ip [15/Feb/2021:23:33:24 +0000] TCP 200 5646 643 300.140
I'm not sure why only curl requests were logged into the access_log file.
All requests were made on the https protocol.
