Skip to content

Halogenek/web-pot

BranchesTags

Repository files navigation

Client Fingerprint Logger

Dockerized nginx server for logging visitor IP data, requested paths, and browser fingerprints.

It serves the same blank page for any normal HTTPS path. If you send a unique path to one person, the request path in the logs can be used to identify that visit.

Use this only where you have authorization or a lawful basis to collect this data.

What It Logs

  • logs/access.log: nginx JSON-style access logs with client IP, host, URI, method, status, user agent, forwarded-for header, TLS protocol, and TLS cipher.
  • logs/fingerprint.log: one JSON object per browser fingerprint submission, including IP headers, host, user agent, referrer, request path, FingerprintJS visitorId, confidence, components, and the posted payload.

Quick Start

Edit .env:

DOMAIN_NAME=your-domain.example
CERTBOT_EMAIL=you@example.com
CERTBOT_STAGING=0
CERTBOT_AUTO=1

Point DOMAIN_NAME to the server and make sure ports 80 and 443 are reachable.

Start the service:

docker compose up -d --build

Open any path on your domain:

https://your-domain.example/unique-path-for-target

Stop the service:

docker compose down

How It Works

  • nginx listens on 80 and 443.
  • HTTP traffic redirects to HTTPS, except Let's Encrypt challenge paths.
  • Certbot requests and renews a certificate for DOMAIN_NAME when configured.
  • Every normal HTTPS path falls back to html/index.html.
  • The page loads local FingerprintJS from html/vendor/fingerprintjs.min.js.
  • html/fingerprint-client.js posts the result to /fingerprint.
  • The internal Python logger writes fingerprint records to logs/fingerprint.log.

Important Settings

Variable Purpose Default
DOMAIN_NAME Domain used for the Let's Encrypt certificate. example.com
CERTBOT_EMAIL Let's Encrypt registration email. admin@example.com
CERTBOT_STAGING Use staging certs for testing when set to 1. 1
CERTBOT_AUTO Automatically request and renew certificates. 1
CERTBOT_FORCE_RENEWAL Force a new certificate request. Useful when switching from staging to production. 0
FINGERPRINT_LOG Fingerprint log path inside the container. /var/log/nginx/fingerprint.log

If you test with staging first, switch to production with:

CERTBOT_STAGING=0
CERTBOT_FORCE_RENEWAL=1

Restart the container, wait for the production certificate, then set CERTBOT_FORCE_RENEWAL=0 again.

Files

  • html/: served website files.
  • html/index.html: blank default page that loads the fingerprint scripts.
  • html/fingerprint-client.js: sends browser fingerprint data to /fingerprint.
  • fingerprint-logger.py: internal service that writes fingerprint POST data.
  • nginx.conf.template: nginx config template.
  • docker-entrypoint.sh: starts nginx, certbot, renewals, and the logger.

License

This project is licensed under the MIT License. See LICENSE.

The vendored FingerprintJS browser build keeps its own MIT license notice in html/vendor/fingerprintjs.min.js.

About

Dockerized nginx server for logging visitor IP data, requested paths, and browser fingerprints.

Topics

python letsencrypt docker nginx web-server web-analytics self-hosted alpine-linux certbot browser-fingerprinting fingerprintjs device-fingerprinting ip-logger visitor-logging ip-logging

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Jun 19, 2026

Contributors 1

Languages