feat: integrate Uptime Kuma and Alertmanager into Docker setup

- Add Uptime Kuma service for status monitoring with health checks. - Introduce Alertmanager service for alert management and notifications. - Update docker-compose.yml to include new services and their configurations. - Enhance Makefile with commands for managing Uptime Kuma and Alertmanager logs. - Modify Ansible playbook to install necessary packages and configure SSL for new services. - Update Nginx configuration to route traffic to Uptime Kuma and Alertmanager. - Adjust Prometheus configuration to include alert rules and external URLs.
2025-09-16 21:50:56 +03:00
parent 5e10204137
commit 9ec3f02767
20 changed files with 2173 additions and 38 deletions
--- a/scripts/setup-ssl.sh
+++ b/scripts/setup-ssl.sh
@@ -0,0 +1,163 @@
+#!/bin/bash
+
+# SSL Setup Script for Let's Encrypt
+# This script sets up SSL certificates using Let's Encrypt
+
+set -e
+
+# Configuration
+DOMAIN="${DOMAIN:-localhost}"
+EMAIL="${EMAIL:-admin@${DOMAIN}}"
+NGINX_CONTAINER="bots_nginx"
+CERTBOT_IMAGE="certbot/certbot:latest"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Logging function
+log() {
+    echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] $1${NC}"
+}
+
+warn() {
+    echo -e "${YELLOW}[$(date +'%Y-%m-%d %H:%M:%S')] WARNING: $1${NC}"
+}
+
+error() {
+    echo -e "${RED}[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $1${NC}"
+    exit 1
+}
+
+# Check if running as root
+if [[ $EUID -eq 0 ]]; then
+   error "This script should not be run as root for security reasons"
+fi
+
+# Check if domain is localhost
+if [[ "$DOMAIN" == "localhost" ]]; then
+    warn "Domain is set to localhost. Let's Encrypt certificates cannot be issued for localhost."
+    warn "Please set the DOMAIN environment variable to your actual domain name."
+    warn "Example: DOMAIN=example.com ./scripts/setup-ssl.sh"
+    exit 1
+fi
+
+# Check if Docker is running
+if ! docker info > /dev/null 2>&1; then
+    error "Docker is not running. Please start Docker and try again."
+fi
+
+# Check if nginx container is running
+if ! docker ps | grep -q "$NGINX_CONTAINER"; then
+    error "Nginx container ($NGINX_CONTAINER) is not running. Please start it first with 'docker-compose up -d nginx'"
+fi
+
+log "Setting up SSL certificates for domain: $DOMAIN"
+log "Email for Let's Encrypt: $EMAIL"
+
+# Create necessary directories
+log "Creating Let's Encrypt directories..."
+sudo mkdir -p /etc/letsencrypt/live
+sudo mkdir -p /etc/letsencrypt/archive
+sudo mkdir -p /etc/letsencrypt/renewal
+sudo chmod 755 /etc/letsencrypt
+
+# Stop nginx temporarily for certificate generation
+log "Stopping nginx container for certificate generation..."
+docker stop "$NGINX_CONTAINER" || true
+
+# Generate certificate using certbot
+log "Generating SSL certificate using Let's Encrypt..."
+docker run --rm \
+    -v /etc/letsencrypt:/etc/letsencrypt \
+    -v /var/lib/letsencrypt:/var/lib/letsencrypt \
+    -p 80:80 \
+    -p 443:443 \
+    "$CERTBOT_IMAGE" certonly \
+    --standalone \
+    --non-interactive \
+    --agree-tos \
+    --email "$EMAIL" \
+    --domains "$DOMAIN" \
+    --expand
+
+# Check if certificate was generated successfully
+if [[ ! -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]]; then
+    error "Failed to generate SSL certificate for $DOMAIN"
+fi
+
+log "SSL certificate generated successfully!"
+
+# Set proper permissions
+log "Setting proper permissions for SSL certificates..."
+sudo chmod 755 /etc/letsencrypt/live
+sudo chmod 755 /etc/letsencrypt/archive
+sudo chmod 644 /etc/letsencrypt/live/"$DOMAIN"/*.pem
+sudo chmod 600 /etc/letsencrypt/live/"$DOMAIN"/privkey.pem
+
+# Update nginx configuration to use Let's Encrypt certificates
+log "Updating nginx configuration..."
+if [[ -f "infra/nginx/ssl/letsencrypt.conf" ]]; then
+    # Replace domain placeholder in letsencrypt.conf
+    sed "s/{{DOMAIN}}/$DOMAIN/g" infra/nginx/ssl/letsencrypt.conf > /tmp/letsencrypt.conf
+    sudo cp /tmp/letsencrypt.conf /etc/letsencrypt/live/"$DOMAIN"/letsencrypt.conf
+    rm /tmp/letsencrypt.conf
+fi
+
+# Start nginx container
+log "Starting nginx container..."
+docker start "$NGINX_CONTAINER"
+
+# Wait for nginx to start
+log "Waiting for nginx to start..."
+sleep 10
+
+# Test SSL certificate
+log "Testing SSL certificate..."
+if curl -k -s "https://$DOMAIN" > /dev/null; then
+    log "SSL certificate is working correctly!"
+else
+    warn "SSL certificate test failed. Please check nginx configuration."
+fi
+
+# Set up automatic renewal
+log "Setting up automatic certificate renewal..."
+cat > /tmp/ssl-renewal.sh << EOF
+#!/bin/bash
+# SSL Certificate Renewal Script
+
+set -e
+
+DOMAIN="$DOMAIN"
+NGINX_CONTAINER="$NGINX_CONTAINER"
+CERTBOT_IMAGE="$CERTBOT_IMAGE"
+
+# Renew certificates
+docker run --rm \\
+    -v /etc/letsencrypt:/etc/letsencrypt \\
+    -v /var/lib/letsencrypt:/var/lib/letsencrypt \\
+    "$CERTBOT_IMAGE" renew --quiet
+
+# Reload nginx
+docker exec "\$NGINX_CONTAINER" nginx -s reload
+
+echo "\$(date): SSL certificates renewed successfully" >> /var/log/ssl-renewal.log
+EOF
+
+sudo mv /tmp/ssl-renewal.sh /usr/local/bin/ssl-renewal.sh
+sudo chmod +x /usr/local/bin/ssl-renewal.sh
+
+# Add cron job for automatic renewal (every Monday at 2 AM)
+log "Adding cron job for automatic renewal..."
+(crontab -l 2>/dev/null; echo "0 2 * * 1 /usr/local/bin/ssl-renewal.sh") | crontab -
+
+log "SSL setup completed successfully!"
+log "Certificate location: /etc/letsencrypt/live/$DOMAIN/"
+log "Automatic renewal is configured to run every Monday at 2 AM"
+log "You can test the renewal manually with: sudo /usr/local/bin/ssl-renewal.sh"
+
+# Display certificate information
+log "Certificate information:"
+openssl x509 -in "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" -text -noout | grep -E "(Subject:|Not Before|Not After|DNS:)"