:py:mod:`dissect.target.plugins.apps.webserver.nginx`
=====================================================

.. py:module:: dissect.target.plugins.apps.webserver.nginx




Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.webserver.nginx.NginxPlugin



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.target.plugins.apps.webserver.nginx.construct_hosts_record
   dissect.target.plugins.apps.webserver.nginx.parse_json_line



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.webserver.nginx.RE_ACCESS_LOG
   dissect.target.plugins.apps.webserver.nginx.RE_ERROR_LOG
   dissect.target.plugins.apps.webserver.nginx.RE_ACCESS_LOG_DIRECTIVE
   dissect.target.plugins.apps.webserver.nginx.RE_ERROR_LOG_DIRECTIVE
   dissect.target.plugins.apps.webserver.nginx.RE_INCLUDE_DIRECTIVE


.. py:data:: RE_ACCESS_LOG

.. py:data:: RE_ERROR_LOG

.. py:data:: RE_ACCESS_LOG_DIRECTIVE

.. py:data:: RE_ERROR_LOG_DIRECTIVE

.. py:data:: RE_INCLUDE_DIRECTIVE

.. py:class:: NginxPlugin(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugins.apps.webserver.webserver.WebserverPlugin`


   NGINX webserver plugin.


   .. py:attribute:: __namespace__
      :value: 'nginx'


      Defines the plugin namespace.


   .. py:attribute:: DEFAULT_LOG_DIRS
      :value: ('/var/log/nginx', '/var/log')



   .. py:attribute:: ACCESS_LOG_NAMES
      :value: ('access.log',)



   .. py:attribute:: ERROR_LOG_NAMES
      :value: ('error.log',)



   .. py:attribute:: DEFAULT_CONFIG_PATHS
      :value: ('/etc/nginx/nginx.conf', '/etc/nginx/sites-available/*.conf', '/etc/nginx/sites-enabled/*.conf')



   .. py:attribute:: access_paths


   .. py:attribute:: error_paths


   .. py:attribute:: host_paths


   .. py:attribute:: config_paths


   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with the current target (``self.target``).
      For example, check if a certain file exists. Otherwise it should raise an
      :class:`UnsupportedPluginError`.

      :raises UnsupportedPluginError: If the plugin could not be loaded.



   .. py:method:: find_logs() -> None


   .. py:method:: parse_config(path: pathlib.Path, seen: set[pathlib.Path] | None = None) -> None

      Parse the given NGINX ``.conf`` file for ``access_log``, ``error_log`` and ``include`` directives.



   .. py:method:: access() -> collections.abc.Iterator[dissect.target.plugins.apps.webserver.webserver.WebserverAccessLogRecord]

      Return contents of NGINX access log files in unified ``WebserverAccessLogRecord`` format.

      .. rubric:: References

      - https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#access_log
      - http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format



   .. py:method:: error() -> collections.abc.Iterator[dissect.target.plugins.apps.webserver.webserver.WebserverErrorLogRecord]

      Return contents of NGINX error log files in unified ``WebserverErrorLogRecord`` format.

      .. rubric:: References

      - https://nginx.org/en/docs/ngx_core_module.html#error_log
      - https://github.com/nginx/nginx/blob/master/src/core/ngx_log.c



   .. py:method:: hosts() -> collections.abc.Iterator[dissect.target.plugins.apps.webserver.webserver.WebserverHostRecord]

      Return found server directives in the NGINX configuration.

      .. rubric:: References

      - https://nginx.org/en/docs/http/ngx_http_core_module.html#server



   .. py:method:: certificates() -> collections.abc.Iterator[dissect.target.plugins.apps.webserver.webserver.WebserverCertificateRecord]

      Return found server certificates in the NGINX configuration.



.. py:function:: construct_hosts_record(target: dissect.target.target.Target, host_path: pathlib.Path, server: dict) -> dissect.target.plugins.apps.webserver.webserver.WebserverHostRecord

.. py:function:: parse_json_line(line: str) -> dict[str, str] | None

   Attempt to parse a default NGINX JSON log line.

   We assume the custom ``log_format`` uses the following default NGINX field names:

   .. code-block:: text

       time_local, time, remote_addr, remote_ip, remote_user, request_method, request,
       response, status, body_bytes_sent, request_time, http_referrer, referrer,
       http_user_agent, agent

   Unfortunately NGINX has no official default naming convention for JSON access logs,
   users can configure the JSON ``log_format`` as they see fit.

   .. rubric:: References

   - https://nginx.org/en/docs/http/ngx_http_log_module.html
   - https://github.com/elastic/examples/blob/master/Common%20Data%20Formats/nginx_json_logs/README.md