Adding a LOKI report in Grafana counting number of http_user_agents from NGINX logs

Posted on 17 March 2022 by kosmas

To add a Loki report in Grafana, as for example having a count of the different http_user_agents that have logged in, you can use the following query:

count by (http_agent) (rate({namespace="ingress-nginx",stream="stdout"} |= "https://domain.name.com/session/new" |~ "GET\\s/\\s" | pattern "<ip> - - [<timestamp>] \"<method> <path> <version>\" <result> <_> \"<url>\" \"<http_agent>\" <_>" [$__interval]))

You select the source (Loki) and then use the {namespace=”ingress-nginx”,stream=”stdout”} to get the log files from Nginx.

Then you can filter by two conditions:

the instance login

|= "https://domain.name.com/session/new"

and

use the regular expression to only select the GET / calls

|~ "GET\\s/\\s"

Then you can use the pattern parser for the log file in order to get the label

pattern "<ip> - - [<timestamp>] \"<method> <path> <version>\" <result> <_> \"<url>\" \"<http_agent>\" <_>"

<_> is used if we are not interested in getting the field, so everything after http_agent is not analyzed in this case.

Finally use the

count by(http_agent)

to get the data (note that you also need to use the rate with the [$__interval])

SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Posted on 23 September 2020 by kosmas

Problem

Trying to configure and use an nginx server that uses intermediate certifcates, you get the error about values mismatch and nginx does not start

2020/09/23 09:49:38 [emerg] 20958#20958: SSL_CTX_use_PrivateKey("/etc/ssl/private/cakey.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

Solution

It seems that this is a common mistake and it is mentioned here: https://nginx.org/en/docs/http/configuring_https_servers.html. In order to fix this you will need to change/reverse the original order that you have concatenated the chain, as in:

cat certs/cacert.pem intermediate/certs/intermediate.cacert.pem > intermediate/certs/ca-chain-bundle.cert_new.pem

Using nginx to redirect to a different port

Posted on 4 December 2019 by kosmas

Problem

You have a docker container with an application running in a port different than port 80 (ie port 3000), and would like to access it without specifying the port, by using the domain name only.

Solution

Use the nginx proxy_pass as follows:

server {
  listen 80;

  server_name your_server_domain_name.com;
  location / {
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  Host $http_host;
    proxy_pass        http://127.0.0.1:3000;
  }
}

curl: (7) Failed to connect to localhost port 80: Connection refused

Posted on 25 October 2018 by kosmas

Problem

You would like to access a host set up with nginx after adding your own vhost configuration file in /etc/nginx/conf.d/myfile.smth, but you get Connection refused.

Solution

Make sure that your nginx configuration file has the .conf extension as /etc/nginx/conf.d/myfile.conf.

Reload NGINX configuration

Posted on 23 February 2018 by kosmas

Problem

You have made some changes to the NGINX configuration and you would like to reload them without stopping and starting the server.

Solution

Use the following:

kill -HUP $(cat /var/run/nginx.pid)

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

42

Web notebook about thoughts and discoveries in DevOps, SRE, Software Engineering….

Tag Archives: NGINX

Adding a LOKI report in Grafana counting number of http_user_agents from NGINX logs

SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Problem

Solution

Using nginx to redirect to a different port

Problem

Solution

curl: (7) Failed to connect to localhost port 80: Connection refused

Reload NGINX configuration