feat: enhance Ansible playbook and Nginx configuration with authentication and logrotate setup

- Added environment variables for project configuration in env.template.
- Updated Ansible playbook to use environment variables for project settings and added tasks for monitoring authentication setup.
- Enhanced Nginx configuration for Alertmanager and Prometheus with HTTP Basic Authentication.
- Introduced logrotate configuration for managing log files and set up cron for daily execution.
- Removed obsolete Uptime Kuma docker-compose file.
This commit is contained in:
2025-09-19 12:09:05 +03:00
parent 1eb11e454d
commit f7b08ae9e8
16 changed files with 959 additions and 51 deletions

View File

@@ -1,4 +1,4 @@
.PHONY: help build up down logs clean restart status deploy backup restore update clean-monitoring monitoring check-deps check-bot-deps check-anonBot-deps
.PHONY: help build up down logs clean restart status deploy backup restore update clean-monitoring monitoring check-deps check-bot-deps check-anonBot-deps auth-setup auth-add-user auth-reset
help: ## Показать справку
@echo "🏗️ Production Infrastructure - Доступные команды:"
@@ -114,7 +114,7 @@ clean: ## Очистить все контейнеры и образы
clean-monitoring: ## Очистить только данные мониторинга
docker-compose down -v
docker volume rm prod_prometheus_data prod_grafana_data 2>/dev/null || true
docker volume rm prod_prometheus_data prod_grafana_data prod_uptime_kuma_data prod_alertmanager_data 2>/dev/null || true
security-scan: ## Сканировать образы на уязвимости
@echo "🔍 Scanning Docker images for vulnerabilities..."
@@ -295,3 +295,37 @@ monitoring-all: ## Открыть все мониторинг сервисы
@echo " - Uptime Kuma: http://localhost:3001"
@echo " - Alertmanager: http://localhost:9093"
@open http://localhost:3000 || xdg-open http://localhost:3000 || echo "Please open manually"
# ========================================
# 🔐 АВТОРИЗАЦИЯ МОНИТОРИНГА
# ========================================
auth-setup: ## Настроить авторизацию для мониторинга
@echo "🔐 Setting up monitoring authentication..."
@sudo mkdir -p /etc/nginx/passwords
@sudo cp scripts/generate_auth_passwords.sh /usr/local/bin/generate_auth_passwords.sh
@sudo chmod +x /usr/local/bin/generate_auth_passwords.sh
@echo "✅ Authentication setup complete!"
@echo "💡 Use 'make auth-add-user' to add users"
auth-add-user: ## Добавить пользователя для мониторинга (make auth-add-user USER=username)
@if [ -z "$(USER)" ]; then \
echo "❌ Please specify USER: make auth-add-user USER=username"; \
exit 1; \
fi
@echo "🔐 Adding user $(USER) for monitoring..."
@sudo /usr/local/bin/generate_auth_passwords.sh $(USER)
@echo "✅ User $(USER) added successfully!"
auth-reset: ## Сбросить пароль для пользователя (make auth-reset USER=username)
@if [ -z "$(USER)" ]; then \
echo "❌ Please specify USER: make auth-reset USER=username"; \
exit 1; \
fi
@echo "🔐 Resetting password for user $(USER)..."
@sudo htpasswd /etc/nginx/passwords/monitoring.htpasswd $(USER)
@echo "✅ Password reset for user $(USER)!"
auth-list: ## Показать список пользователей мониторинга
@echo "👥 Monitoring users:"
@sudo cat /etc/nginx/passwords/monitoring.htpasswd 2>/dev/null | cut -d: -f1 || echo "❌ No users found"