Skip to content

feat: add per-host log retrieval and summary API endpoints#5648

Open
b3nw wants to merge 1 commit into
NginxProxyManager:developfrom
b3nw:feat/proxy-host-logs
Open

feat: add per-host log retrieval and summary API endpoints#5648
b3nw wants to merge 1 commit into
NginxProxyManager:developfrom
b3nw:feat/proxy-host-logs

Conversation

@b3nw

@b3nw b3nw commented Jun 8, 2026

Copy link
Copy Markdown

Why

This implements the feature originally proposed in Discussion #5576. Nginx Proxy Manager currently provides no way to inspect proxy host access or error logs through the API. Users must SSH into the host and read log files manually. Sysadmins and monitoring tools need programmatic access to recent log lines and aggregate statistics (status code distribution, top paths, top clients, cache hit rate) for troubleshooting, observability, and integration with external monitoring systems.

This change adds two read-only endpoints per proxy host — /logs for raw log line retrieval with filtering (type, lines, search, since) and /logs/summary for computed statistics from the last 1000 access log lines. The implementation follows the Discussion #5576 proposal with adjustments made during code review (file and total_lines fields removed to avoid leaking internal paths; permission naming aligned to codebase convention proxy_hosts:logs).

The implementation is purely additive: no existing API behavior is modified, no database migrations are required, and no configuration changes are needed. Existing proxy hosts automatically have log access for admin users and for non-admin users on their own hosts, reusing the existing proxy_hosts view permission model.

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Code refactoring
  • API changes
  • Performance improvement
  • Test addition or update

AI Usage

  • AI was used to write this
  • AI was used to review this

Testing Performed

Automated (Cypress E2E)

  • test/cypress/e2e/api/ProxyHostLogs.cy.js — 10 test cases covering:
    • 404 for nonexistent host
    • 403 for unauthorized user
    • 404 for missing log file
    • 200 retrieval of access and error logs
    • search parameter filter
    • since (ISO 8601 timestamp) filter
    • lines limiter
    • Summary endpoint accuracy (status codes, top paths, top clients, cache hit rate, file sizes)

Static Analysis

  • Schema validation (npm run validate-schema) — passed
  • Lint (npm run lint) — 91 files checked, 0 issues

Live Deployment Test

A disposable NPM instance was deployed and populated with real traffic, and the following were verified against live Nginx log files:

Positive-path:

  • Access log retrieval from /data/logs/proxy-host-{id}_access.log files at the standard NPM path
  • Error log retrieval from /data/logs/proxy-host-{id}_error.log files at the standard NPM path
  • Search filtering across log content
  • Summary endpoint returning accurate real-traffic statistics (status codes, top paths, top clients, nonzero file sizes)

Negative/security-path:

  • No auth token → 404 (safe, no exposure)
  • Invalid type (path traversal attempt ../../etc/passwd) → 400
  • Excessive lines (1001, above max 1000) → 400
  • Missing host (ID 999999) → 404
  • Invalid since (non-ISO-8601) → 400 with descriptive error message

All negative paths return safe, consistent error responses with no internal path or stack leakage.

@claw-io claw-io force-pushed the feat/proxy-host-logs branch 3 times, most recently from 959a24f to 69b26a7 Compare June 9, 2026 05:16
@b3nw @claw-io
feat: add per-host log retrieval and summary API endpoints
3e27509 
Implement two new read-only endpoints for retrieving proxy host logs:

- GET /api/nginx/proxy-hosts/{id}/logs
  Returns the last N lines from a proxy host's access or error log file.
  Supports query filters: type, lines, search, since.

- GET /api/nginx/proxy-hosts/{id}/logs/summary
  Parses the last 1000 access log lines and returns structured statistics:
  status code distribution, top paths, top clients, cache hit rate,
  and log file sizes.

Key implementation details:
- Reverse chunk-reader (64KB buffer) for efficient tail reading of log
  files without loading them entirely into memory
- Permission model reuses proxy_hosts view permission, scoped to non-admin
  users' own hosts via the existing owner_user_id check
- Log format regex aligns with the 'proxy' log_format template defined
  in docker/rootfs/etc/nginx/conf.d/include/log-proxy.conf
- File descriptor safety: fs.open is wrapped in a null-guarded
  try-finally block to prevent leaks on I/O errors
- Cypress E2E tests cover 404, 403, 200, search, since, lines limit,
  and summary accuracy
- Mock log data is written via a Cypress task (writeMockLog) instead of
  a production HTTP endpoint

Co-authored-by: claw-io <agent@ben.io>
@claw-io claw-io force-pushed the feat/proxy-host-logs branch from 69b26a7 to 3e27509 Compare June 9, 2026 14:11
@nginxproxymanagerci

nginxproxymanagerci Bot commented Jun 9, 2026

Copy link
Copy Markdown

Docker Image for build 5 is available on DockerHub:

nginxproxymanager/nginx-proxy-manager-dev:pr-5648

Note

Ensure you backup your NPM instance before testing this image! Especially if there are database changes.
This is a different docker image namespace than the official image.

Warning

Changes and additions to DNS Providers require verification by at least 2 members of the community!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@b3nw