Configure guincorn access logs - GDPR

_mark · February 8, 2021, 2:16pm

I would like to deactivate the gunicorn access log of both the LMS and CMS but there is currently no way to do this without patching the Dockerfile.

Having access logs which contain ip addresses of users is problematic with GDPR. When I don’t use information I am not allowed to gather and retain them.

Is there a way to disable gunicorn access logs? I couldn’t find a way to do this without patching the Dockerfile. I think it would be great to have a way to completely disable gunicorn access logs and to rely more on the nginx logging capabilities which are already configurable via plugins.

regis · February 8, 2021, 3:50pm

Hi @_mark! Unfortunately this is not possible at the moment other than by creating a custom plugin – which is the standard way of changing Tutor behaviour. All you have to do is to create a new Docker image that inherits from the base openedx Docker image and overrides the CMD statement. Then set this image as DOCKER_IMAGE_OPENEDX.

regis · February 8, 2021, 3:50pm

Also, you should note that in v11+ Tutor does not use gunicorn but uwsgi. The latter does not log end user IP addresses, but only the address of the web proxy (nginx), so this is GDPR-compliant.

_mark · February 8, 2021, 3:49pm

Thanks for your fast reply @regis

Good to know that this is fixed in v11+

Maybe also for the record for other people struggling with this, changing the nginx to not save logs and disabling tracking which also stores a lot of meta data can be done with a plugin like this:

---
name: disable-tracking
version: 0.1.1
patches:
  openedx-common-settings: |
    TRACKING_IGNORE_URL_PATTERNS = [r'.*']
    LOGGING["loggers"]["tracking"]["handlers"] = []
  nginx-lms: |
    access_log off;