diff --git a/dockerfiles/email/postfix/Dockerfile b/dockerfiles/email/postfix/Dockerfile
index c92381a094245c5523bd2793d64506e06ea305e4..175970944be22e7fefdb169e7eeb06fbd67b9433 100644
--- a/dockerfiles/email/postfix/Dockerfile
+++ b/dockerfiles/email/postfix/Dockerfile
@@ -10,7 +10,6 @@ RUN apt-get update \
&& echo "postfix postfix/root_address string 'ROOTMAIL@EXAMPLE.COM'" | debconf-set-selections \
&& apt-get install -q -y \
postfix \
- rsyslog \
supervisor \
&& rm -rf /var/lib/apt/lists/*
@@ -18,7 +17,7 @@ COPY install.sh install.sh
RUN chmod 755 /install.sh
-VOLUME ["/var/spool/mail", "/var/log"]
+VOLUME ["/var/spool/mail"]
EXPOSE 25
diff --git a/dockerfiles/email/postfix/install.sh b/dockerfiles/email/postfix/install.sh
index a4e30bd94964e33b994189c70cf64066a689274b..d08694bbf21030f3e351b0a51da2a5ff7e627396 100755
--- a/dockerfiles/email/postfix/install.sh
+++ b/dockerfiles/email/postfix/install.sh
@@ -16,8 +16,6 @@ command = /etc/init.d/postfix start
startsecs = 0
autorestart = false
-[program:rsyslog]
-command=/usr/sbin/rsyslogd -n
EOF
# put the same FQDN in /data/hostname and in reverse DNS
diff --git a/dockerfiles/load-balancer/confd/confd/templates/haproxy.cfg.tmpl b/dockerfiles/load-balancer/confd/confd/templates/haproxy.cfg.tmpl
index 39620743352f15f5d155b90941b69a26daded8fe..c534eaa113ba214eebc7a87a50ea7a0d8426ce73 100644
--- a/dockerfiles/load-balancer/confd/confd/templates/haproxy.cfg.tmpl
+++ b/dockerfiles/load-balancer/confd/confd/templates/haproxy.cfg.tmpl
@@ -1,4 +1,6 @@
global
+ log /dev/log local0 info
+ log /dev/log local0 notice
maxconn 4096
user haproxy
group haproxy
@@ -6,6 +8,7 @@ global
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
defaults
+ log global
mode http
option forwardfor
option httpclose
@@ -16,6 +19,7 @@ defaults
timeout client 50000
timeout server 50000
+
frontend https-in
mode http
bind *:443 ssl no-sslv3 crt-list /etc/haproxy/crt-list crt /etc/haproxy/approved-certs/default.pem
diff --git a/dockerfiles/load-balancer/haproxy/Dockerfile b/dockerfiles/load-balancer/haproxy/Dockerfile
index 991ba67f794ab8037ab9c7099bbd0efe4eed829c..d82471e73d365060d1001aa14108cd9da405aea3 100644
--- a/dockerfiles/load-balancer/haproxy/Dockerfile
+++ b/dockerfiles/load-balancer/haproxy/Dockerfile
@@ -10,7 +10,7 @@ RUN \
VOLUME ["/etc/haproxy"]
ENTRYPOINT ["haproxy"]
-CMD ["-d", "-f", "/etc/haproxy/haproxy.cfg"]
+CMD ["-f", "/etc/haproxy/haproxy.cfg"]
EXPOSE 80
EXPOSE 443
diff --git a/dockerfiles/load-balancer/haproxy/README.md b/dockerfiles/load-balancer/haproxy/README.md
index e839cc6f547c843b229162ddaa3e5ca11c109ada..e98557c38c5c9d58239851f57793549bbb04fbf0 100644
--- a/dockerfiles/load-balancer/haproxy/README.md
+++ b/dockerfiles/load-balancer/haproxy/README.md
@@ -4,8 +4,6 @@ The smallest HAproxy docker image in town ;)
## Run
-This image will log everything to stdout/stderr. Somehow, it respects 12-Factor App. But it uses the debug flag of HAProxy. If you have a better idea, please read this [blog post](http://pierre-o.fr/blog/2014/08/27/haproxy-coreos/) first.
-
```bash
docker run\
-v /haproxy-config:/etc/haproxy\
diff --git a/dockerfiles/rsyslog/Dockerfile b/dockerfiles/rsyslog/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..96ff42cc5c354d0ebd202dd43b94faca5fd7b0a2
--- /dev/null
+++ b/dockerfiles/rsyslog/Dockerfile
@@ -0,0 +1,14 @@
+FROM debian:jessie
+
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update && \
+ apt-get install -q -y rsyslog && \
+ rm -rf /var/lib/apt/lists/*
+
+ADD haproxy /etc/logrotate.d/haproxy
+ADD postfix /etc/logrotate.d/postfix
+
+VOLUME [ "/dev", "/var/log" ]
+
+ENTRYPOINT [ "rsyslogd", "-n" ]
+
diff --git a/dockerfiles/rsyslog/haproxy b/dockerfiles/rsyslog/haproxy
new file mode 100644
index 0000000000000000000000000000000000000000..9bba22f0bf6529ddde8d4cb6a1a3579737bb5a97
--- /dev/null
+++ b/dockerfiles/rsyslog/haproxy
@@ -0,0 +1,14 @@
+/var/log/haproxy*.log
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ reload rsyslog >/dev/null 2>&1 || true
+ endscript
+}
+
diff --git a/dockerfiles/rsyslog/postfix b/dockerfiles/rsyslog/postfix
new file mode 100644
index 0000000000000000000000000000000000000000..79fdf3f80520c9f63d2f43b80e30d82495c48fec
--- /dev/null
+++ b/dockerfiles/rsyslog/postfix
@@ -0,0 +1,14 @@
+/var/log/mail.*
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ reload rsyslog >/dev/null 2>&1 || true
+ endscript
+}
+
diff --git a/unit-files/haproxy.service b/unit-files/haproxy.service
index 6345b4ccd96c30ee8c0a758bc737eb5e4b8b38cd..0a55ca92664ff8603689aff82fafc931dd9ea601 100644
--- a/unit-files/haproxy.service
+++ b/unit-files/haproxy.service
@@ -6,6 +6,7 @@ Requires=docker.service
# Dependency ordering
After=docker.service
+After=rsyslog.service
[Service]
Restart=always
@@ -16,6 +17,7 @@ ExecStartPre=-/usr/bin/docker rm %p
ExecStart=/usr/bin/docker run \
--rm \
--name %p \
+ -v /data/runtime/dev/log:/dev/log \
-v /data/runtime/haproxy:/etc/haproxy \
-p 80:80 \
-p 443:443 \
diff --git a/unit-files/mysql@.service b/unit-files/mysql@.service
index 5892aec4d9e6bd6eefcd3c3e81f2af547f423908..ce276a060d6b08e6725f19f49709dfbfe55fad8a 100644
--- a/unit-files/mysql@.service
+++ b/unit-files/mysql@.service
@@ -34,6 +34,7 @@ ExecStartPre=/bin/bash -euxc ' \
ExecStart=/opt/bin/systemd-docker run \
--rm \
--name %p-%i \
+ -v /data/runtime/domains/%i/log/mysql:/var/log/mysql \
-v /data/runtime/domains/%i/%p/db_files:/var/lib/mysql \
--env-file /data/domains/%i/%p/.env \
pierreozoux/mysql
diff --git a/unit-files/postfix.service b/unit-files/postfix.service
index 3ccc0cbd919796bdb1a0c49ec0278d11ba0bdcd9..45180789e338eedf43c4b666546abcb8e21066f3 100644
--- a/unit-files/postfix.service
+++ b/unit-files/postfix.service
@@ -6,6 +6,7 @@ Requires=docker.service
# Dependency ordering
After=docker.service
+After=rsyslog.service
[Service]
Restart=always
@@ -16,6 +17,7 @@ ExecStartPre=-/usr/bin/docker rm %p
ExecStart=/usr/bin/docker run \
--rm \
--name %p \
+ -v /data/runtime/dev/log:/dev/log \
-v /data/runtime/postfix/:/data \
-p 25:25 \
pierreozoux/postfix
diff --git a/unit-files/rsyslog.service b/unit-files/rsyslog.service
new file mode 100644
index 0000000000000000000000000000000000000000..7c5d058cf82ea82ebd66445e986d6a82e5cb62ef
--- /dev/null
+++ b/unit-files/rsyslog.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=%p
+
+# Requirements
+Requires=docker.service
+
+# Dependency ordering
+After=docker.service
+
+[Service]
+Restart=always
+RestartSec=20
+TimeoutStartSec=0
+ExecStartPre=-/usr/bin/docker kill %p
+ExecStartPre=-/usr/bin/docker rm %p
+ExecStart=/usr/bin/docker run \
+ --rm \
+ --name rsyslog \
+ -v /data/runtime/dev:/dev \
+ -v /data/runtime/log:/var/log \
+ pierreozoux/rsyslog
+ExecReload=/usr/bin/docker restart %p
+ExecStop=/usr/bin/docker stop %p
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/unit-files/web@.service b/unit-files/web@.service
index 70005339eacbca9a52808bff1d5371a2e4605563..5dbd89f4df3bbc63f7d754a87a933cbd2dd502f0 100644
--- a/unit-files/web@.service
+++ b/unit-files/web@.service
@@ -27,6 +27,7 @@ ExecStart=/bin/bash -euxc ' \
/opt/bin/systemd-docker --env run \
--rm \
--name %i \
+ -v /data/runtime/domains/%i/log/apache2:/var/log/apache2 \
${DOCKER_ARGUMENTS} \
pierreozoux/${APPLICATION}'
ExecReload=/usr/bin/docker restart %i