Develop Reference

What does "testing" mean in this NGINX error log?

I am seeing the following logged in NGINX error log. This is the NGINX reverse proxy that comes with my AWS Elastic Beanstalk deployment.
2022/06/12 09:52:48 [error] 6155#6155: *112735 testing "/var/app/current/public" existence failed (2: No such file or directory) while logging request, client: xx.xx.xx.xx, server: , request: "GET /api/v1?params=xxx HTTP/1.1", upstream: "http://127.0.0.1:5000/api/v1?params=xxx", host: "my.domain.com"
This is a valid request, so I am not sure why it results in an error statement, or what exactly doesn't exist.
I am not overriding the default log pattern for the servers error output, only the access logging, with the following pattern:
'$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';

Change access log time zone in nginx

I am running nginx with default log format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
It prints the access log in following format
1.2.3.4 - - [27/Mar/2021:09:39:43 +0000] "GET /text.txt HTTP/1.1" 200 315 "-" "curl/7.55.1" "-"
However I want the logs to print time in UTC +05:30 which is not the local time of the server. I tried adding env "TZ=Asia/Kolkata"; at the top of nginx.conf but it didn't work. Please suggest how to do this.

Regarding setting timezone in Nginx logs: Works fine; just need to set the "TZ" environment variable for nginx daemon (e.g. in the script that launches it). Or if you're using Docker, set it in the Dockerfile (or in the "environment" in docker-compose.yml file if you're using that).

How to include specific request header in access.log?

I am trying to include a request header of name My-Key into access log
I tried to add it as "$http_My-Key":
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_My-Key" "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$request_time" "$upstream_connect_time" "$upstream_header_time" "$upstream_response_time"';
however, it access log for that header, I get this value "--Key" logged:
X.X.X.X - - [22/Jul/2020:10:26:18 +0000] "POST /v1/my/app HTTP/1.1" 404 732 "--Key" "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36" "X.X.X.X" "0.009" "0.004" "0.008" "0.008"
instead of the expected value my test which I sent with postman, any idea why?

How to read nginx access.log?

My server is compiled on a docker.
The Nginx container is built from a standard assembly.
I want to read the access.log nginx but I see this kind of content:
172.68.244.173 - - [24/Aug/2018:12:14:04 +0000] "\x16\x03\x01\x00\xEC\x01\x00\x00\xE8\x03\x03\x8A?\xB5\xFA\x17?\x8A\x9B\x04T>yK\x1A\xF6\x8F_\xBE:.\xF9\xED\xF6\xEE\xFCM\xD0\x88Ji\xDD\xF5 \xFF\xBDm\x98#mo:U\xA6\x0E\xB7\x93\x02sm`\xC6\xD1s0vV*\x88y\xDA&\xFCfZ\xF4\x00\x16\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0\x13\x00\x9C\x00/\xC0(\x005\x00" 400 173 "-" "-"
How to read such a log? What does this mean?

According to nginx documentation the default access log format is:
log_format combined '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
Applied to your log line:
$remote_addr = 172.68.244.173
(literal string for compatibility reasons) = -
$remote_user (from Auth Header) = -
$time_local = [24/Aug/2018:12:14:04 +0000]
$request = "\x16\x03\x01\x00\xEC\x01\x00\x00\xE8\x03\x03\x8A?\xB5\xFA\x17?\x8A\x9B\x04T>yK\x1A\xF6\x8F_\xBE:.\xF9\xED\xF6\xEE\xFCM\xD0\x88Ji\xDD\xF5 \xFF\xBDm\x98#mo:U\xA6\x0E\xB7\x93\x02sm`\xC6\xD1s0vV*\x88y\xDA&\xFCfZ\xF4\x00\x16\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0\x13\x00\x9C\x00/\xC0(\x005\x00"
$status = 400
$body_bytes_sent = 173
$http_referer = "-"
$http_user_agent = "-"
To summarize: Your server received a request from the address 172.68.244.173 with no user agent header sent and the request consisted of mostly non-printable characters. Slight possibility this is a broken client sending a bad request, more likely it's an attempt to discover a vulnerability in your web server or application. This will happen often to any server on the internet.

Q: Nginx $upstream_response_time returns 2 values

Sometimes Nginx $upstream_response_time returns 2 values.
xxx.xxx.xxx.xxx - - [08/Nov/2017:23:43:25 +0900] "GET /xxxxxxxxxxxx HTTP/2.0" 200 284 "https://xxxxxxxxxxx" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-" "0.015" "0.001, 0.014"
"0.001, 0.014" this is a $upstream_response_time.
Why does this has two values?
Log format:
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$request_time" "$upstream_response_time"';

Note that this is spelled out in the documentation:
Times of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
This means that it made multiple requests to a backend, most likely you either have a bare proxy_pass host that resolves to different IPs (frequently the case with something like Amazon ELB as an origin), are you have a configured upstream that has multiple servers. Unless disabled, the proxy module will make round robin attempts against all healthy backends. This can be configured from proxy_next_upstream_* directives.
For example if this is not the desired behavior, you can just do:
proxy_next_upstream off;