FZ-152 tired of a simple solution with storing personal data on nginx

Hello everyone,

For the past few years, I have very often come across adaptation projects under 152-FZ and, to be honest, I am rather tired of it. Therefore, after reading the entire law again , all the comments of various departments and interpretations of respected people, as well as analyzing a number of decisions that have been successfully audited. I seem to have found a simple technical option on how to make your website, API or application that complies with the Law on Personal Data 152-FZ in the context of the requirement to collect pnd in Russia.

I even automated the deployment of this thing and it takes no more than 10 minutes. Let's discuss the applicability of this approach !?

A little bit about the law itself, 152-FZ

I don't even remember why it was actually created, if only for Facebook and Twitter to store data about Russian citizens in the Russian Federation, and thus there would be an easier way to access them for law enforcement agencies. Perhaps to keep them safe. Let's leave the purpose of the law itself outside the brackets, and delve right into its requirements. The law itself is extensive, but the biggest stumbling block is described in article 18, paragraph 5:

" , - "", , , , , (, ), , , ,   2, 3, 4, 8 1 6  ."

" ". , , . , . , , - , . , :

• , .

  
  
  
  
  

• .

  
  
  
  
  

• .

  
  
  
  
  

, , . - .

:

1. . Facebook Twitter.

   
   
   
   
   

2. , . , , , .

   
   
   
   
   

3. , excel - " .xls" .

   
   
   
   
   

4. excel .

   
   
   
   
   

5. DNS .

   
   
   
   
   

6. , . ( ).

   
   
   
   
   

, , , , .

- Reverse Proxy

.

:

1. DNS . , . Route53, DNS .

   
   
   
   
   

2. Reverse proxy, nginx HTTP/HTTPS (POST, PUT, DELETE ), (PostgreSQL) - rsyslog-pgsql json .

   
   
   
   
   

3. , .

   
   
   
   
   

4. , - .

   
   
   
   
   

", HTTP/S , ?" - . -. . , SAP , . , .

HTTP/S , - changefeed. python trigger , changefeed , .

?

Github open source . - pull request.

:

1. DNS A-record , reverse-proxy.

   
   
   
   
   

2. : git clone https://github.com/Gaploid/FZ-152-Reverse-Proxy
   
   
   
   

   
   
   
   
   

3. executable: chmod +x install.sh

   
   
   
   
   

4. : sudo ./install.sh <incoming_domain> <url_to_forward_traffic>
   
   
   
   : sudo ./install.sh example.com http://example.com



<incoming_domain>
   
   
   
   , . <url_to_forward_traffic>
   
   
   
   .

   
   
   
   
   

5. , <incoming_domain>
   
   
   
   POST, DELETE, PUT - /var/log/nginx/reverse-access.log : proxy_logs : accesslog.

   
   
   
   
   

HTTPS, :

• nginx. .

  
  
  
  
  

• let's encrypt. ./add_ssl.sh
  
  
  
  . let's encrypt , , <incoming_domain> , .

  
  
  
  
  

- API .

?

1. nginx , , URL - myapp.com/profile/ , .

   
   
   
   
   

2. , JSON , .

   
   
   
   
   

3. , , .

   
   
   
   
   

, , . .

- , .