From 39867ed5c7345937dcd67f89a779206993130598 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Wed, 1 Feb 2023 14:24:40 +0100
Subject: [PATCH] nginx: Log ssl_protocol

Adding the ssl_protocol to the default log format ("combined") of nginx
allows to see when TLSv1.2 support will no longer be necessary.
---
 roles/nginx/files/nginx.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/nginx/files/nginx.conf b/roles/nginx/files/nginx.conf
index bf3320d..f436826 100644
--- a/roles/nginx/files/nginx.conf
+++ b/roles/nginx/files/nginx.conf
@@ -19,7 +19,12 @@ http {
     gzip_comp_level 6;
     gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
-    access_log /var/log/nginx/access.log;
+    log_format ssl_combined '$remote_addr - $remote_user [$time_local] '
+                    '$ssl_protocol/$ssl_cipher '
+                    '"$request" $status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent"';
+
+    access_log /var/log/nginx/access.log ssl_combined;
 
     include snippets/sslsettings.conf;
     include nginx.d/*.conf;
-- 
2.44.0