From ae0c039c5bda00426eb1a7570abdf8eef43066d9 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Sat, 21 Jan 2023 20:14:57 -0300
Subject: [PATCH] feat: fix access_logd + provide default database

---
 Dockerfile         |   9 ++++++++-
 access_log.sqlite3 | Bin 0 -> 45056 bytes
 access_logd.sh     |  13 +++++++++++++
 3 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 access_log.sqlite3
 create mode 100755 access_logd.sh

diff --git a/Dockerfile b/Dockerfile
index f571cd3..4f47a86 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@ ARG BASE_IMAGE=sutty/monit
 FROM ${BASE_IMAGE}:${ALPINE_VERSION}
 MAINTAINER "f <f@sutty.nl>"
 
-ARG ACCESS_LOGS_FLAGS="--database=sqlite3:///root/development.sqlite3 -c /usr/share/crawler-user-agents/crawler-user-agents.json"
+ARG ACCESS_LOGS_FLAGS="--database=sqlite3:///var/log/access_log.sqlite3 -c /usr/share/crawler-user-agents/crawler-user-agents.json"
 
 ENV ACCESS_LOGS_FLAGS=${ACCESS_LOGS_FLAGS}
 
@@ -17,7 +17,9 @@ RUN addgroup nginx ssl
 
 COPY ./monit.conf /etc/monit.d/nginx.conf
 COPY ./prometheusd.sh /usr/local/bin/prometheusd
+COPY ./access_logd.sh /usr/bin/access_logd
 COPY ./nginx /etc/nginx
+COPY ./access_log.sqlite3 /var/lib/access_log.sqlite3
 
 # Install modules after rewriting /etc/nginx
 RUN apk add --no-cache nginx-mod-http-brotli nginx-mod-http-geoip2
@@ -27,6 +29,11 @@ RUN mv /etc/nginx/access_logd_`access_log -v`.conf /etc/nginx/access_logd.conf
 RUN chown -R nginx:nginx /etc/nginx
 RUN nginx -t
 
+# access_logd runs as nobody but the socket can be written to by nginx
+RUN delgroup nobody nobody
+RUN addgroup nobody www-data
+RUN chown nobody:www-data /var/lib/access_log.sqlite3
+
 # Shared configuration
 VOLUME /etc/nginx/sites
 VOLUME /etc/letsencrypt
diff --git a/access_log.sqlite3 b/access_log.sqlite3
new file mode 100644
index 0000000000000000000000000000000000000000..21840f687669bf7945d09cf6533d8d88042ab46d
GIT binary patch
literal 45056
zcmeI#O>g5w7zgkqP2)7HYKw#vakE?r5s7!iaRp^JNEO)@N-MFa(bSnZ7LLa|o-7Fx
zha5Qb4fq}$`9xef@{H58(>7ygujU^qX;RP2GrxKN@rO~Yg+GyM#<l-N<EYVUHNN)!
zMx)W9_Y-<=UI+B0z4<|Zo7Q*N*H+`>uzC3O-$rlm_lEb+)4#o6y>92XPHX??_FwHI
z`X^ox_`eIRx;?M|^0>MBC{D*>QG75Sh9b{dBBPwilufnHm{f5Tr`D4v&o722mqY*b
z?8WdWKd8zX_~&PSVC4_|4+5*?V6b}s!0U4g<;opOBxIa@&c<AG7RGwXQa%$_p}ie~
z+FHie@V2KMtUl>_{fGkPI|eG}saB6-J$Tz#tzxRfwG$6k?|NSUiXwjIj=1QHc`g*=
zkw~?L+T9`02f4S#_b|<1+41_%DXRC}QRSNJd2R*c?GVg5)7BVn9t~FA{mOB##Ot}p
zHJhv03ZSz?09MYeQP|H1S=;MBBZWh^!u<&LcZh&;Y^~Y+e~|Ba{jaFTcic5jB}v^a
z1MMBEG+DORSv(m0ao+U$$H&b-h340ZJ!!3aS~vAvo_sSJK3pz(w91SF|LpwIKf4-@
z{O>PLU!GjN^1mCt`jDQj>wm*lIOWQJG5q%AYP3#ip3ZU+2L2?Gbk=zIj0XK18uyu!
zT81(Sd{-fxewztBl@v-<x=_xtMCe$i?zBZuxeB5INDD`<Rh&ldA~xeaPPK@{<F@BC
zpVzB+C@Bg3(92Ael=mpTNJBX;kKr~C^>10Mx9Jj2b8AM$PGV7FS*#jnh-5UnTuxRZ
zRvoLII^k(FrxmZF>`d`!#w!wqJe&$<j8)kvDyoksES0HXboLFW73Gf8s;1wq+Z9Ev
zw{dr(%?Q`=j7YXmm+Pe#IWvPQ@LfahT8@`&mxP-N6Ol%mAY26&XhfTeuzWscaoNzm
zD}mkAoV)A1xBuH4s&gFP%dt71xV7^<A;)6zF$bCQgw@NFDNb;eEQ<qDd1*PF@Mv8k
z1sXdg)6bL{&M8E4a?QRXO`J`I+9^><LAQ&;f-UF-YMNZt-*=1Kf=v`DGMSkXQWlC;
zjlCkiO-{2WhqRC?p5~cUn);ELsLS20OX&c;V6@X1cz3eQY;vw?pu~(wn3?bH5<<m)
zNlb!kDQTxoZ#TS8i+$1@=arZURaVAkUOKm@-r&ntr+<3fY!s)6{B=UNdB*2j7QgRZ
zB0jUW_&vIEb<MTw(0m-354<1%0SG_<0uX=z1Rwwb2tWV=5U8s_&om78|GIWB+64g!
zKmY;|fB*y_009U<00Iyw1aSYyK!5-QAOHafKmY;|fB*y_009WpUjX<2`u8zf2muH{
z00Izz00bZa0SG_<0uaFcA7cOl5P$##AOHafKmY;|fB*y_P=5j3|Lfn!Xdwh3009U<
z00Izz00bZa0SG_<_kWB52tWV=5P$##AOHafKmY;|fI$5PaR0A=AESj3fB*y_009U<
z00Izz00bZa0o?yF1|R?d2tWV=5P$##AOHafKmY>u7r_0${(X!VLI45~fB*y_009U<
L00Izz00jO6uhl_}

literal 0
HcmV?d00001

diff --git a/access_logd.sh b/access_logd.sh
new file mode 100755
index 0000000..9739c18
--- /dev/null
+++ b/access_logd.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Fail if there are no options provided
+test -n "$ACCESS_LOGS_FLAGS" || exit 1
+
+# Give write access to Nginx
+umask 007
+
+# Copy default database
+install -m 640 /var/lib/access_log.sqlite3 /var/log/access_log.sqlite3
+
+# Read from fifo and load into database
+daemonize -p /run/access_logd.pid -u nobody /usr/bin/access_log $ACCESS_LOGS_FLAGS