From 2fb310972c7b4e118efc9f98917f83a1c2cad8e6 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Fri, 30 Sep 2022 10:55:39 -0700
Subject: [PATCH] Update gitea logs for better request tracing

In gitea 1.14.0 they dropped the macaron http router for go-chi. This
seems to have changed how the request context's RemoteAddr is parsed in
logging. Importantly instead of a valid source port we get :0 which
makes it difficult to trace a connection from apache to gitea.

The origin of this behavior seems to be handling of X-Forwarded-For
headers that apache is setting. To address this we drop those headers
in hopes that gitea will log raw details for the apacher -> gitea
connection in that case. Due to not using x-forwarded-for anymore we
need to log the source port that apache is using for the proxy pass
connection which is done by modifying the apache log format.

Change-Id: I1e69431bf703947dc5c223df2a9e1b55bd0d841c
---
 playbooks/roles/gitea/templates/gitea.vhost.j2 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/playbooks/roles/gitea/templates/gitea.vhost.j2 b/playbooks/roles/gitea/templates/gitea.vhost.j2
index ca71238fb1..1af73797ae 100644
--- a/playbooks/roles/gitea/templates/gitea.vhost.j2
+++ b/playbooks/roles/gitea/templates/gitea.vhost.j2
@@ -17,7 +17,7 @@ Listen 3081
 
   LogLevel warn
 
-  LogFormat "%h:%{remote}p %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combinedport
+  LogFormat "%h:%{remote}p %A:%{proxy-source-port}n %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combinedport
   CustomLog ${APACHE_LOG_DIR}/gitea-ssl-access.log combinedport
 
   SSLEngine on
@@ -37,6 +37,9 @@ Listen 3081
   </Location>
 
   Use UserAgentFilter
+  # Disable x-forwarded- headers because gitea logging can't
+  # parse them properly
+  ProxyAddHeaders Off
   ProxyPass  /.well-known/ !
   ProxyPass  / https://{{ inventory_hostname }}:3000/ retry=0
   ProxyPassReverse / https://{{ inventory_hostname }}:3000/