nginx

The nginx integration collects connection metrics and access logs. Connection metrics capture the current state of the connection: active, reading, or waiting. Access logs are parsed for their connection details, which include fields mapped to request, client, server, and message.

For more information about nginx, see the nginx documentation.

Prerequisites

To collect nginx telemetry, you must install the Ops Agent:

  • For metrics, install version 2.1.0 or higher.
  • For logs, install version 2.1.0 or higher.

This integration supports nginx versions 1.18 and 1.20.

Configure your nginx instance

You must enable the stub_status module in the nginx configuration file to set up a locally reachable URL, for example, http://www.example.com/nginx_status for the status page. To enable the stub_status module, complete the following steps:

  1. Edit the status.conf file, or create the file if it doesn't exist. You can find this file in the nginx configuration directory, typically found at /etc/nginx/conf.d.

  2. Add the following lines to the server section:

    location /nginx_status {
        stub_status on;
        access_log off;
        allow 127.0.0.1;
        deny all;
    }
    

    Your configuration file might look like the following example:

    server {
       listen 80;
       server_name 127.0.0.1;
       location /nginx_status {
           stub_status on;
           access_log off;
           allow 127.0.0.1;
           deny all;
       }
       location / {
           root /dev/null;
       }
    }
    
  3. Reload the nginx configuration.

    sudo service nginx reload
    

You can run the following command to automate the previous steps. It creates a status.conf file if it doesn't exist or overwrites the existing one if it does exist. The command turns on stub_status, reloads nginx, and verifies that the expected information is exposed through the endpoint.

sudo tee /etc/nginx/conf.d/status.conf > /dev/null << EOF
server {
    listen 80;
    server_name 127.0.0.1;
    location /nginx_status {
        stub_status on;
        access_log off;
        allow 127.0.0.1;
        deny all;
    }
    location / {
       root /dev/null;
    }
}
EOF
sudo service nginx reload
curl http://127.0.0.1:80/nginx_status

The sample output is:

Active connections: 1
server accepts handled requests
 23 23 74
Reading: 0 Writing: 1 Waiting: 0

Alternately, instead of using a separate status.conf file, you can also directly embed the lines to the main nginx.conf file, which is typically located in one of the following directories: /etc/nginx, /usr/local/nginx/conf, or /usr/local/etc/nginx.

Configure the Ops Agent for nginx

Following the guide for Configuring the Ops Agent, add the required elements to collect telemetry from nginx instances, and restart the agent.

Example configuration

The following commands create the configuration to collect and ingest telemetry for nginx and restarts the Ops Agent.

# Configures Ops Agent to collect telemetry from the app and restart Ops Agent.

set -e

# Create a back up of the existing file so existing configurations are not lost.
sudo cp /etc/google-cloud-ops-agent/config.yaml /etc/google-cloud-ops-agent/config.yaml.bak

# Configure the Ops Agent.
sudo tee /etc/google-cloud-ops-agent/config.yaml > /dev/null << EOF
metrics:
  receivers:
    nginx:
      type: nginx
      stub_status_url: http://127.0.0.1:80/nginx_status
  service:
    pipelines:
      nginx:
        receivers:
          - nginx
logging:
  receivers:
    nginx_access:
      type: nginx_access
    nginx_error:
      type: nginx_error
  service:
    pipelines:
      nginx:
        receivers:
          - nginx_access
          - nginx_error
EOF

sudo service google-cloud-ops-agent restart
sleep 60

Configure logs collection

To ingest logs from nginx, you must create receivers for the logs that nginx produces and then create a pipeline for the new receivers.

To configure a receiver for your nginx_access logs, specify the following fields:

Field Default Description
exclude_paths A list of filesystem path patterns to exclude from the set matched by include_paths.
include_paths [/var/log/nginx/access.log] A list of filesystem paths to read by tailing each file. A wild card (*) can be used in the paths.
record_log_file_path false If set to true, then the path to the specific file from which the log record was obtained appears in the output log entry as the value of the agent.googleapis.com/log_file_path label. When using a wildcard, only the path of the file from which the record was obtained is recorded.
type The value must be nginx_access.
wildcard_refresh_interval 60s The interval at which wildcard file paths in include_paths are refreshed. Given as a time duration parsable by time.ParseDuration, for example 30s or 2m. This property might be useful under high logging throughputs where log files are rotated faster than the default interval.

To configure a receiver for your nginx_error logs, specify the following fields:

Field Default Description
exclude_paths A list of filesystem path patterns to exclude from the set matched by include_paths.
include_paths [/var/log/nginx/error.log] A list of filesystem paths to read by tailing each file. A wild card (*) can be used in the paths.
record_log_file_path false If set to true, then the path to the specific file from which the log record was obtained appears in the output log entry as the value of the agent.googleapis.com/log_file_path label. When using a wildcard, only the path of the file from which the record was obtained is recorded.
type The value must be nginx_error.
wildcard_refresh_interval 60s The interval at which wildcard file paths in include_paths are refreshed. Given as a time duration parsable by time.ParseDuration, for example 30s or 2m. This property might be useful under high logging throughputs where log files are rotated faster than the default interval.

What is logged

The logName is derived from the receiver IDs specified in the configuration. Detailed fields inside the LogEntry are as follows.

The nginx_access logs contain the following fields in the LogEntry:

Field Type Description
httpRequest object See HttpRequest
jsonPayload.host string Contents of the Host header (usually not reported by nginx)
jsonPayload.level string Log entry level
jsonPayload.user string Authenticated username for the request
severity string (LogSeverity) Log entry level (translated).

The nginx_error logs contain the following fields in the LogEntry:

Field Type Description
jsonPayload.client string Client IP address (optional)
jsonPayload.connection number Connection ID
jsonPayload.host string Host header (optional)
jsonPayload.level string Log entry level
jsonPayload.message string Log message
jsonPayload.pid number The process ID issuing the log
jsonPayload.referer string Referer header (optional)
jsonPayload.request string Original HTTP request (optional)
jsonPayload.server string Nginx server name (optional)
jsonPayload.subrequest string Nginx subrequest (optional)
jsonPayload.tid number Thread ID where the log originated
jsonPayload.upstream string Upstream request URI (optional)
severity string (LogSeverity) Log entry level (translated).

Configure metrics collection

To ingest metrics from nginx, you must create a receiver for the metrics that nginx produces and then create a pipeline for the new receiver.

This receiver does not support the use of multiple instances in the configuration, for example, to monitor multiple endpoints. All such instances write to the same time series, and Cloud Monitoring has no way to distinguish among them.

To configure a receiver for your nginx metrics, specify the following fields:

Field Default Description
collection_interval 60s A time duration, such as 30s or 5m.
server_status_url http://localhost/status The URL exposed by the nginx stub status module.
type This value must be nginx.

What is monitored

The following table provides the list of metrics that the Ops Agent collects from the nginx instance.

Metric type 
Kind, Type
Monitored resources
Labels
workload.googleapis.com/nginx.connections_accepted
CUMULATIVEINT64
gce_instance
 
workload.googleapis.com/nginx.connections_current
GAUGEINT64
gce_instance
state
workload.googleapis.com/nginx.connections_handled
CUMULATIVEINT64
gce_instance
 
workload.googleapis.com/nginx.requests
CUMULATIVEINT64
gce_instance
 

Verify the configuration

This section describes how to verify that you correctly configured the nginx receiver. It might take one or two minutes for the Ops Agent to begin collecting telemetry.

To verify that nginx logs are being sent to Cloud Logging, do the following:

  1. In the navigation panel of the Google Cloud console, select Logging, and then select Logs Explorer:

    Go to Logs Explorer

  2. Enter the following query in the editor, and then click Run query:
    resource.type="gce_instance"
    (log_id("nginx_access") OR log_id("nginx_error"))
    

To verify that nginx metrics are being sent to Cloud Monitoring, do the following:

  1. In the navigation panel of the Google Cloud console, select Monitoring, and then select  Metrics explorer:

    Go to Metrics explorer

  2. In the toolbar of the query-builder pane, select the button whose name is either  MQL or  PromQL.
  3. Verify that MQL is selected in the Language toggle. The language toggle is in the same toolbar that lets you format your query.
  4. Enter the following query in the editor, and then click Run query:
    fetch gce_instance
    | metric 'workload.googleapis.com/nginx.requests'
    | every 1m
    

View dashboard

To view your nginx metrics, you must have a chart or dashboard configured. The nginx integration includes one or more dashboards for you. Any dashboards are automatically installed after you configure the integration and the Ops Agent has begun collecting metric data.

You can also view static previews of dashboards without installing the integration.

To view an installed dashboard, do the following:

  1. In the navigation panel of the Google Cloud console, select Monitoring, and then select  Dashboards:

    Go to Dashboards

  2. Select the Dashboard List tab, and then choose the Integrations category.
  3. Click the name of the dashboard you want to view.

If you have configured an integration but the dashboard has not been installed, then check that the Ops Agent is running. When there is no metric data for a chart in the dashboard, installation of the dashboard fails. After the Ops Agent begins collecting metrics, the dashboard is installed for you.

To view a static preview of the dashboard, do the following:

  1. In the navigation panel of the Google Cloud console, select Monitoring, and then select  Integrations:

    Go to Integrations

  2. Click the Compute Engine deployment-platform filter.
  3. Locate the entry for nginx and click View Details.
  4. Select the Dashboards tab to see a static preview. If the dashboard is installed, then you can navigate to it by clicking View dashboard.

For more information about dashboards in Cloud Monitoring, see Dashboards and charts.

For more information about using the Integrations page, see Manage integrations.

Install alerting policies

Alerting policies instruct Cloud Monitoring to notify you when specified conditions occur. The nginx integration includes one or more alerting policies for you to use. You can view and install these alerting policies from the Integrations page in Monitoring.

To view the descriptions of available alerting policies and install them, do the following:

  1. In the navigation panel of the Google Cloud console, select Monitoring, and then select  Integrations:

    Go to Integrations

  2. Locate the entry for nginx and click View Details.
  3. Select the Alerts tab. This tab provides descriptions of available alerting policies and provides an interface for installing them.
  4. Install alerting policies. Alerting policies need to know where to send notifications that the alert has been triggered, so they require information from you for installation. To install alerting policies, do the following:
    1. From the list of available alerting policies, select those that you want to install.
    2. In the Configure notifications section, select one or more notification channels. You have the option to disable the use of notification channels, but if you do, then your alerting policies fire silently. You can check their status in Monitoring, but you receive no notifications.

      For more information about notification channels, see Manage notification channels.

    3. Click Create Policies.

For more information about alerting policies in Cloud Monitoring, see Introduction to alerting.

For more information about using the Integrations page, see Manage integrations.

Troubleshooting

On most distributions, nginx comes with ngx_http_stub_status_module enabled. You can check if the module is enabled by running the following command:

sudo nginx -V 2>&1 | grep -o with-http_stub_status_module

The expected output is with-http_stub_status_module, which means the module is enabled. In rare cases, if the command returns no output, you must compile nginx from source with the -with-http_stub_status_module following the nginx public documentation.

What's next

For a walkthrough on how to use Ansible to install the Ops Agent, configure a third-party application, and install a sample dashboard, see the Install the Ops Agent to troubleshoot third-party applications video.