feat: integrate Uptime Kuma and Alertmanager into Docker setup

- Add Uptime Kuma service for status monitoring with health checks.
- Introduce Alertmanager service for alert management and notifications.
- Update docker-compose.yml to include new services and their configurations.
- Enhance Makefile with commands for managing Uptime Kuma and Alertmanager logs.
- Modify Ansible playbook to install necessary packages and configure SSL for new services.
- Update Nginx configuration to route traffic to Uptime Kuma and Alertmanager.
- Adjust Prometheus configuration to include alert rules and external URLs.

infra/nginx/conf.d/alertmanager.conf

@@ -0,0 +1,61 @@
+# Alertmanager Nginx Configuration
+# Proxies requests to Alertmanager
+
+# Alertmanager location
+location /alertmanager/ {
+    # Rate limiting
+    limit_req zone=api burst=10 nodelay;
+    
+    # Remove trailing slash for proxy
+    rewrite ^/alertmanager/(.*)$ /$1 break;
+    
+    # Proxy to Alertmanager
+    proxy_pass http://alertmanager_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # Timeouts
+    proxy_connect_timeout 30s;
+    proxy_send_timeout 30s;
+    proxy_read_timeout 30s;
+    
+    # Buffer settings
+    proxy_buffering on;
+    proxy_buffer_size 4k;
+    proxy_buffers 8 4k;
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+}
+
+# Alertmanager API
+location /api/v1/ {
+    # Rate limiting
+    limit_req zone=api burst=20 nodelay;
+    
+    # Proxy to Alertmanager
+    proxy_pass http://alertmanager_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # CORS headers
+    add_header Access-Control-Allow-Origin "*" always;
+    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
+    
+    # Handle preflight requests
+    if ($request_method = 'OPTIONS') {
+        add_header Access-Control-Allow-Origin "*";
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
+        add_header Access-Control-Max-Age 1728000;
+        add_header Content-Type "text/plain; charset=utf-8";
+        add_header Content-Length 0;
+        return 204;
+    }
+}

infra/nginx/conf.d/grafana.conf

@@ -1,9 +1,3 @@
-# Grafana reverse proxy configuration
-upstream grafana_backend {
-    server grafana:3000;
-    keepalive 32;
-}
-
 # Grafana proxy configuration
 location /grafana/ {
     proxy_pass http://grafana_backend/;

infra/nginx/conf.d/prometheus.conf

@@ -1,12 +1,7 @@
-# Prometheus reverse proxy configuration
-upstream prometheus_backend {
-    server prometheus:9090;
-    keepalive 32;
-}
-
 # Prometheus proxy configuration
 location /prometheus/ {
     proxy_pass http://prometheus_backend/;
+    proxy_redirect / /prometheus/;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -31,4 +26,4 @@ location /prometheus/-/healthy {
     proxy_pass http://prometheus_backend/-/healthy;
     proxy_set_header Host $host;
     access_log off;
-}
+}

infra/nginx/conf.d/status.conf

@@ -1,16 +1,35 @@
-# Status page configuration (for future uptime kuma integration)
+# Status page configuration (Uptime Kuma integration)
 
 # Rate limiting for status page
 location /status {
-    # Basic authentication for status page
-    auth_basic "Status Page Access";
-    auth_basic_user_file /etc/nginx/.htpasswd;
+    # Rate limiting
+    limit_req zone=status burst=5 nodelay;
     
-    # Placeholder for future uptime kuma integration
-    # For now, show nginx status
-    access_log off;
-    return 200 '{"status": "ok", "nginx": "running", "timestamp": "$time_iso8601"}';
-    add_header Content-Type application/json;
+    # Proxy to Uptime Kuma
+    proxy_pass http://uptime_kuma_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # WebSocket support
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    
+    # Timeouts
+    proxy_connect_timeout 30s;
+    proxy_send_timeout 30s;
+    proxy_read_timeout 30s;
+    
+    # Buffer settings
+    proxy_buffering on;
+    proxy_buffer_size 4k;
+    proxy_buffers 8 4k;
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
 }
 
 # Nginx status stub (for monitoring)
@@ -21,4 +40,4 @@ location /nginx_status {
     allow 172.16.0.0/12;  # Docker networks
     allow 192.168.0.0/16; # Private networks
     deny all;
-}
+}

infra/nginx/conf.d/uptime-kuma.conf

@@ -0,0 +1,69 @@
+# Uptime Kuma Nginx Configuration
+# Proxies requests to Uptime Kuma status page
+
+# Upstream for Uptime Kuma
+upstream uptime_kuma_backend {
+    server uptime-kuma:3001;
+    keepalive 32;
+}
+
+# Status page location
+location /status {
+    # Rate limiting
+    limit_req zone=status burst=5 nodelay;
+    
+    # Proxy to Uptime Kuma
+    proxy_pass http://uptime_kuma_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # WebSocket support
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    
+    # Timeouts
+    proxy_connect_timeout 30s;
+    proxy_send_timeout 30s;
+    proxy_read_timeout 30s;
+    
+    # Buffer settings
+    proxy_buffering on;
+    proxy_buffer_size 4k;
+    proxy_buffers 8 4k;
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+}
+
+# API endpoints for Uptime Kuma
+location /api/ {
+    # Rate limiting
+    limit_req zone=api burst=10 nodelay;
+    
+    # Proxy to Uptime Kuma
+    proxy_pass http://uptime_kuma_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # CORS headers
+    add_header Access-Control-Allow-Origin "*" always;
+    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
+    
+    # Handle preflight requests
+    if ($request_method = 'OPTIONS') {
+        add_header Access-Control-Allow-Origin "*";
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
+        add_header Access-Control-Max-Age 1728000;
+        add_header Content-Type "text/plain; charset=utf-8";
+        add_header Content-Length 0;
+        return 204;
+    }
+}

infra/nginx/nginx.conf

@@ -63,6 +63,27 @@ http {
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 10m;
 
+    # Upstream configurations
+    upstream grafana_backend {
+        server grafana:3000;
+        keepalive 32;
+    }
+
+    upstream prometheus_backend {
+        server prometheus:9090;
+        keepalive 32;
+    }
+
+    upstream uptime_kuma_backend {
+        server uptime-kuma:3001;
+        keepalive 32;
+    }
+
+    upstream alertmanager_backend {
+        server alertmanager:9093;
+        keepalive 32;
+    }
+
     # Main server block
     server {
         listen 80;
@@ -74,17 +95,19 @@ http {
         listen 443 ssl http2;
         server_name _;
 
-        # SSL configuration
-        ssl_certificate /etc/nginx/ssl/cert.pem;
-        ssl_certificate_key /etc/nginx/ssl/key.pem;
+        # SSL configuration (self-signed certificate)
+        ssl_certificate /etc/letsencrypt/live/{{SERVER_IP}}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/{{SERVER_IP}}/privkey.pem;еще 
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+        ssl_prefer_server_ciphers off;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 10m;
 
         # Security headers
         add_header X-Frame-Options "SAMEORIGIN" always;
         add_header X-Content-Type-Options "nosniff" always;
 
-        # Rate limiting
-        limit_req zone=api burst=20 nodelay;
-
         # Redirect root to Grafana
         location = / {
             return 301 /grafana/;

infra/nginx/ssl/letsencrypt.conf

@@ -0,0 +1,27 @@
+# Let's Encrypt SSL Configuration
+# This file contains the SSL configuration for Let's Encrypt certificates
+
+# SSL certificate paths (Let's Encrypt)
+ssl_certificate /etc/letsencrypt/live/{{DOMAIN}}/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN}}/privkey.pem;
+
+# SSL Security Configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+ssl_prefer_server_ciphers off;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;
+ssl_session_tickets off;
+
+# OCSP Stapling
+ssl_stapling on;
+ssl_stapling_verify on;
+ssl_trusted_certificate /etc/letsencrypt/live/{{DOMAIN}}/chain.pem;
+
+# Security Headers
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss: https:;" always;