From 1db289b604c0456a7a12ecbc7a9a9eedd088a649 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Wed, 19 Jan 2022 09:00:20 +0000
Subject: [PATCH] Show domain in logs rather than upstream

The upstream is always the same, and no use to us
---
 ansible/roles/gateway/files/nginx.conf | 6 ++++--
 ansible/roles/ingress/files/nginx.conf | 4 +++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/gateway/files/nginx.conf b/ansible/roles/gateway/files/nginx.conf
index 4cbd321..3f53ada 100644
--- a/ansible/roles/gateway/files/nginx.conf
+++ b/ansible/roles/gateway/files/nginx.conf
@@ -36,15 +36,17 @@ stream {
 
     log_format access '$remote_addr [$time_local] '
                     '$protocol $status $bytes_sent $bytes_received '
-                    '$session_time "$upstream_addr" '
+                    '$session_time "$ssl_preread_server_name" '
                     '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
 
-    log_format ips '$remote_addr [$time_local] $upstream_addr';
+    log_format ips '$remote_addr [$time_local] $ssl_preread_server_name';
 
 
     access_log /var/log/nginx/access.log access;
     access_log /var/log/nginx/ips.log ips;
 
+    ssl_preread on;
+
     server {
         listen 443;
         listen 8448;
diff --git a/ansible/roles/ingress/files/nginx.conf b/ansible/roles/ingress/files/nginx.conf
index dc5296b..d3d8e6a 100644
--- a/ansible/roles/ingress/files/nginx.conf
+++ b/ansible/roles/ingress/files/nginx.conf
@@ -35,11 +35,13 @@ stream {
 
     log_format access '$remote_addr [$time_local] '
                     '$protocol $status $bytes_sent $bytes_received '
-                    '$session_time "$upstream_addr" '
+                    '$session_time "$ssl_preread_server_name" '
                     '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
 
     access_log /var/log/nginx/access.log access;
 
+    ssl_preread on;
+
     # Internal LAN route
     server {
         listen 443;