kerrad/prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enhance Ansible playbook and Nginx configuration with authentication and logrotate setup

Browse Source 
- Added environment variables for project configuration in env.template.
- Updated Ansible playbook to use environment variables for project settings and added tasks for monitoring authentication setup.
- Enhanced Nginx configuration for Alertmanager and Prometheus with HTTP Basic Authentication.
- Introduced logrotate configuration for managing log files and set up cron for daily execution.
- Removed obsolete Uptime Kuma docker-compose file.
This commit is contained in:
Andrey
2025-09-19 12:09:05 +03:00
parent 1eb11e454d
commit f7b08ae9e8
16 changed files with 959 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
infra/nginx/conf.d/alertmanager.conf
View File

@@ -1,8 +1,12 @@
# Alertmanager Nginx Configuration
# Proxies requests to Alertmanager
# Alertmanager location
# Alertmanager location with authentication
location /alerts/ {
# HTTP Basic Authentication
auth_basic "Alertmanager Monitoring";
auth_basic_user_file /etc/nginx/passwords/monitoring.htpasswd;
# Rate limiting
limit_req zone=api burst=10 nodelay;
@@ -31,8 +35,12 @@ location /alerts/ {
add_header X-Content-Type-Options "nosniff" always;
}
# Alertmanager API
# Alertmanager API with authentication
location /api/v1/ {
# HTTP Basic Authentication
auth_basic "Alertmanager API";
auth_basic_user_file /etc/nginx/passwords/monitoring.htpasswd;
# Rate limiting
limit_req zone=api burst=20 nodelay;

15
infra/nginx/conf.d/prometheus.conf
View File

@@ -1,7 +1,14 @@
# Prometheus proxy configuration
# Prometheus proxy configuration with authentication
location /prometheus/ {
proxy_pass http://prometheus_backend/;
proxy_redirect / /prometheus/;
# HTTP Basic Authentication
auth_basic "Prometheus Monitoring";
auth_basic_user_file /etc/nginx/passwords/monitoring.htpasswd;
# Rate limiting
limit_req zone=api burst=10 nodelay;
proxy_pass http://prometheus_backend/prometheus/;
proxy_redirect /prometheus/ /prometheus/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -23,7 +30,7 @@ location /prometheus/ {
# Health check endpoint
location /prometheus/-/healthy {
proxy_pass http://prometheus_backend/-/healthy;
proxy_pass http://prometheus_backend/prometheus/-/healthy;
proxy_set_header Host $host;
access_log off;
}