I’m trying to setup logrotate for vaultwarden, which I have working but it doesn’t work well with filebeat to collect these logs.
The main method everyone uses with logrotate is to copytruncate the logs. This works if you’re not using anything to collect those logs. Filebeat keeps track of which files have been read through inode so if I copy and truncate, filebeat will duplicate all logs in the copied/rotated log file. If I leave off the copytruncate, vaultwarden will continue to use the rotated file as the active log and continue to write to it. The only workaround I’ve found is to restart the docker container every time I rotate but this takes long enough to call it a disruption in service.
I like how traefik handles this by allowing you to send a user signal to the process which forces it to release the file and open a new one. Vaultwarden doesn’t seem to support this, so my question is, how do I handle logrotate with vaulwarden and filebeat?