feat: integrate Uptime Kuma and Alertmanager into Docker setup

- Add Uptime Kuma service for status monitoring with health checks. - Introduce Alertmanager service for alert management and notifications. - Update docker-compose.yml to include new services and their configurations. - Enhance Makefile with commands for managing Uptime Kuma and Alertmanager logs. - Modify Ansible playbook to install necessary packages and configure SSL for new services. - Update Nginx configuration to route traffic to Uptime Kuma and Alertmanager. - Adjust Prometheus configuration to include alert rules and external URLs.
2025-09-16 21:50:56 +03:00
parent 5e10204137
commit 9ec3f02767
20 changed files with 2173 additions and 38 deletions
--- a/infra/nginx/nginx.conf
+++ b/infra/nginx/nginx.conf
@@ -63,6 +63,27 @@ http {
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

+    # Upstream configurations
+    upstream grafana_backend {
+        server grafana:3000;
+        keepalive 32;
+    }
+
+    upstream prometheus_backend {
+        server prometheus:9090;
+        keepalive 32;
+    }
+
+    upstream uptime_kuma_backend {
+        server uptime-kuma:3001;
+        keepalive 32;
+    }
+
+    upstream alertmanager_backend {
+        server alertmanager:9093;
+        keepalive 32;
+    }
+
    # Main server block
    server {
        listen 80;
@@ -74,17 +95,19 @@ http {
        listen 443 ssl http2;
        server_name _;

-        # SSL configuration
-        ssl_certificate /etc/nginx/ssl/cert.pem;
-        ssl_certificate_key /etc/nginx/ssl/key.pem;
+        # SSL configuration (self-signed certificate)
+        ssl_certificate /etc/letsencrypt/live/{{SERVER_IP}}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/{{SERVER_IP}}/privkey.pem;еще 
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+        ssl_prefer_server_ciphers off;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 10m;

        # Security headers
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Content-Type-Options "nosniff" always;

-        # Rate limiting
-        limit_req zone=api burst=20 nodelay;
-
        # Redirect root to Grafana
        location = / {
            return 301 /grafana/;