feat: integrate Uptime Kuma and Alertmanager into Docker setup

- Add Uptime Kuma service for status monitoring with health checks.
- Introduce Alertmanager service for alert management and notifications.
- Update docker-compose.yml to include new services and their configurations.
- Enhance Makefile with commands for managing Uptime Kuma and Alertmanager logs.
- Modify Ansible playbook to install necessary packages and configure SSL for new services.
- Update Nginx configuration to route traffic to Uptime Kuma and Alertmanager.
- Adjust Prometheus configuration to include alert rules and external URLs.

infra/nginx/conf.d/alertmanager.conf

@@ -0,0 +1,61 @@
+# Alertmanager Nginx Configuration
+# Proxies requests to Alertmanager
+
+# Alertmanager location
+location /alertmanager/ {
+    # Rate limiting
+    limit_req zone=api burst=10 nodelay;
+    
+    # Remove trailing slash for proxy
+    rewrite ^/alertmanager/(.*)$ /$1 break;
+    
+    # Proxy to Alertmanager
+    proxy_pass http://alertmanager_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # Timeouts
+    proxy_connect_timeout 30s;
+    proxy_send_timeout 30s;
+    proxy_read_timeout 30s;
+    
+    # Buffer settings
+    proxy_buffering on;
+    proxy_buffer_size 4k;
+    proxy_buffers 8 4k;
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+}
+
+# Alertmanager API
+location /api/v1/ {
+    # Rate limiting
+    limit_req zone=api burst=20 nodelay;
+    
+    # Proxy to Alertmanager
+    proxy_pass http://alertmanager_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # CORS headers
+    add_header Access-Control-Allow-Origin "*" always;
+    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
+    
+    # Handle preflight requests
+    if ($request_method = 'OPTIONS') {
+        add_header Access-Control-Allow-Origin "*";
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
+        add_header Access-Control-Max-Age 1728000;
+        add_header Content-Type "text/plain; charset=utf-8";
+        add_header Content-Length 0;
+        return 204;
+    }
+}

infra/nginx/conf.d/grafana.conf

@@ -1,9 +1,3 @@
-# Grafana reverse proxy configuration
-upstream grafana_backend {
-    server grafana:3000;
-    keepalive 32;
-}
-
 # Grafana proxy configuration
 location /grafana/ {
     proxy_pass http://grafana_backend/;

infra/nginx/conf.d/prometheus.conf

@@ -1,12 +1,7 @@
-# Prometheus reverse proxy configuration
-upstream prometheus_backend {
-    server prometheus:9090;
-    keepalive 32;
-}
-
 # Prometheus proxy configuration
 location /prometheus/ {
     proxy_pass http://prometheus_backend/;
+    proxy_redirect / /prometheus/;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -31,4 +26,4 @@ location /prometheus/-/healthy {
     proxy_pass http://prometheus_backend/-/healthy;
     proxy_set_header Host $host;
     access_log off;
-}
+}

infra/nginx/conf.d/status.conf

@@ -1,16 +1,35 @@
-# Status page configuration (for future uptime kuma integration)
+# Status page configuration (Uptime Kuma integration)
 
 # Rate limiting for status page
 location /status {
-    # Basic authentication for status page
-    auth_basic "Status Page Access";
-    auth_basic_user_file /etc/nginx/.htpasswd;
+    # Rate limiting
+    limit_req zone=status burst=5 nodelay;
     
-    # Placeholder for future uptime kuma integration
-    # For now, show nginx status
-    access_log off;
-    return 200 '{"status": "ok", "nginx": "running", "timestamp": "$time_iso8601"}';
-    add_header Content-Type application/json;
+    # Proxy to Uptime Kuma
+    proxy_pass http://uptime_kuma_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # WebSocket support
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    
+    # Timeouts
+    proxy_connect_timeout 30s;
+    proxy_send_timeout 30s;
+    proxy_read_timeout 30s;
+    
+    # Buffer settings
+    proxy_buffering on;
+    proxy_buffer_size 4k;
+    proxy_buffers 8 4k;
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
 }
 
 # Nginx status stub (for monitoring)
@@ -21,4 +40,4 @@ location /nginx_status {
     allow 172.16.0.0/12;  # Docker networks
     allow 192.168.0.0/16; # Private networks
     deny all;
-}
+}

infra/nginx/conf.d/uptime-kuma.conf

@@ -0,0 +1,69 @@
+# Uptime Kuma Nginx Configuration
+# Proxies requests to Uptime Kuma status page
+
+# Upstream for Uptime Kuma
+upstream uptime_kuma_backend {
+    server uptime-kuma:3001;
+    keepalive 32;
+}
+
+# Status page location
+location /status {
+    # Rate limiting
+    limit_req zone=status burst=5 nodelay;
+    
+    # Proxy to Uptime Kuma
+    proxy_pass http://uptime_kuma_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # WebSocket support
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    
+    # Timeouts
+    proxy_connect_timeout 30s;
+    proxy_send_timeout 30s;
+    proxy_read_timeout 30s;
+    
+    # Buffer settings
+    proxy_buffering on;
+    proxy_buffer_size 4k;
+    proxy_buffers 8 4k;
+    
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+}
+
+# API endpoints for Uptime Kuma
+location /api/ {
+    # Rate limiting
+    limit_req zone=api burst=10 nodelay;
+    
+    # Proxy to Uptime Kuma
+    proxy_pass http://uptime_kuma_backend;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    
+    # CORS headers
+    add_header Access-Control-Allow-Origin "*" always;
+    add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+    add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
+    
+    # Handle preflight requests
+    if ($request_method = 'OPTIONS') {
+        add_header Access-Control-Allow-Origin "*";
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
+        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
+        add_header Access-Control-Max-Age 1728000;
+        add_header Content-Type "text/plain; charset=utf-8";
+        add_header Content-Length 0;
+        return 204;
+    }
+}