Turn on Traefik access logs (cvat-ai#7109)

This will be useful for debugging issues and gathering statistics.

Use the JSON format, since that allows us to include more information
than the traditional HTTP access logs. Switch the other logs to JSON as
well, for ease of parsing.

changelog.d/20231107_183551_roman_traefik_logs.md

@@ -0,0 +1,5 @@
+### Changed
+
+- The Docker Compose file and Helm chart now enable Traefik access logs by
+  default, and change the log format to JSON
+  (<https://github.com/opencv/cvat/pull/7109>)

docker-compose.https.yml

@@ -16,20 +16,14 @@ services:
   traefik:
     image: traefik:v2.9
     container_name: traefik
-    command:
-      - "--providers.docker.exposedByDefault=false"
-      - "--providers.docker.network=cvat"
-      - '--providers.file.directory=/etc/traefik/rules'
-      - "--entryPoints.web.address=:80"
-      - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
-      - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
-      - "--entryPoints.websecure.address=:443"
-      - "--certificatesResolvers.lets-encrypt.acme.email=${ACME_EMAIL:?Please set the ACME_EMAIL env variable}"
-      - "--certificatesResolvers.lets-encrypt.acme.tlsChallenge=true"
-      - "--certificatesResolvers.lets-encrypt.acme.storage=/letsencrypt/acme.json"
-      # Uncomment to get Traefik dashboard
-      # - "--entryPoints.dashboard.address=:8090"
-      # - "--api.dashboard=true"
+    environment:
+      TRAEFIK_ENTRYPOINTS_web_ADDRESS: :80
+      TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
+      TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
+      TRAEFIK_ENTRYPOINTS_websecure_ADDRESS: :443
+      TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL: "${ACME_EMAIL:?Please set the ACME_EMAIL env variable}"
+      TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE: "true"
+      TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE: /letsencrypt/acme.json
     ports:
       - 80:80
       - 443:443

docker-compose.yml

@@ -224,13 +224,6 @@ services:
     container_name: traefik
     restart: always
     command:
-      - '--providers.docker.exposedByDefault=false'
-      - '--providers.docker.network=cvat'
-      - '--entryPoints.web.address=:8080'
-      - '--providers.file.directory=/etc/traefik/rules'
-    # Uncomment to get Traefik dashboard
-    #   - "--entryPoints.dashboard.address=:8090"
-    #   - "--api.dashboard=true"
     # labels:
     #   - traefik.enable=true
     #   - traefik.http.routers.dashboard.entrypoints=dashboard
@@ -243,11 +236,32 @@ services:
       CVAT_HOST: ${CVAT_HOST:-localhost}
       DJANGO_LOG_VIEWER_HOST: grafana
       DJANGO_LOG_VIEWER_PORT: 3000
+
+      TRAEFIK_ACCESSLOG_FORMAT: json
+      # We ought to restrict which fields get logged, so as to avoid redundant information,
+      # but it doesn't work when configuring with environment variables:
+      # <https://github.com/traefik/traefik/issues/9755>.
+      # And we want to use environment variables to allow individual settings to be
+      # overridden by other Compose files.
+      TRAEFIK_LOG_FORMAT: json
+      TRAEFIK_ENTRYPOINTS_web_ADDRESS: :8080
+      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
+      TRAEFIK_PROVIDERS_DOCKER_NETWORK: cvat
+      TRAEFIK_PROVIDERS_FILE_DIRECTORY: /etc/traefik/rules
+
+      # Uncomment to get Traefik dashboard
+      # TRAEFIK_API_DASHBOARD: "true"
+      # TRAEFIK_ENTRYPOINTS_dashboard_ADDRESS: :8090
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./components/analytics/grafana_conf.yml:/etc/traefik/rules/grafana_conf.yml:ro
     networks:
       - cvat
+    logging:
+      driver: "json-file"
+      options:
+        max-size: 100m
+        max-file: "10"
 
   cvat_opa:
     container_name: cvat_opa

helm-chart/values.yaml

@@ -392,6 +392,27 @@ ingress:
 
 traefik:
   enabled: false
+  logs:
+    general:
+      format: json
+    access:
+      enabled: true
+      format: json
+      fields:
+        general:
+          defaultmode: drop
+          names:
+            ClientHost: keep
+            DownstreamContentSize: keep
+            DownstreamStatus: keep
+            Duration: keep
+            RequestHost: keep
+            RequestMethod: keep
+            RequestPath: keep
+            RequestPort: keep
+            RequestProtocol: keep
+            RouterName: keep
+            StartUTC: keep
 
 smokescreen:
   opts: ''