feat: add Nginx reverse proxy and SSL configuration

- Introduce Nginx service in docker-compose for handling HTTP/HTTPS traffic. - Configure Nginx with SSL support and health checks for Grafana and Prometheus. - Update env.template to include SERVER_IP and STATUS_PAGE_PASSWORD variables. - Enhance Ansible playbook with tasks for Nginx installation, SSL certificate generation, and configuration management.
2025-09-16 18:31:51 +03:00
parent 30830c5bd9
commit f8d6b92fd2
8 changed files with 483 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,6 +35,9 @@ services:
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD:-admin}
      - GF_USERS_ALLOW_SIGN_UP=false
      - GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource
+      - GF_SERVER_ROOT_URL=https://${SERVER_IP:-localhost}/grafana/
+      - GF_SERVER_SERVE_FROM_SUB_PATH=true
+      - GF_SERVER_DOMAIN=${SERVER_IP:-localhost}
    ports:
      - "3000:3000"
    volumes:
@@ -50,6 +53,29 @@ services:
      timeout: 10s
      retries: 3

+  # Nginx Reverse Proxy
+  nginx:
+    image: nginx:alpine
+    container_name: bots_nginx
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./infra/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./infra/nginx/conf.d:/etc/nginx/conf.d:ro
+      - ./infra/nginx/ssl:/etc/nginx/ssl:ro
+      - ./infra/nginx/.htpasswd:/etc/nginx/.htpasswd:ro
+    networks:
+      - bots_network
+    depends_on:
+      - grafana
+      - prometheus
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/nginx-health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3

  # Telegram Helper Bot
  telegram-bot: