ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE

monitoring-nginx.conf.j2 (2461B)

      1 server {
      2 
      3   include conf.d/listen.conf.inc;
      4 
      5   server_name monitoring.{{ domain_name }};
      6 
      7   ssl_certificate /etc/letsencrypt/live/monitoring/fullchain.pem;
      8   ssl_certificate_key /etc/letsencrypt/live/monitoring/privkey.pem;
      9   ssl_trusted_certificate /etc/letsencrypt/live/monitoring/chain.pem;
     10 
     11   error_log /var/log/nginx/monitoring.{{ domain_name }}.err;
     12   access_log /var/log/nginx/monitoring.{{ domain_name }}.log;
     13 
     14   location /prometheus/ {
     15      if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
     16         return 401;
     17      }
     18      rewrite ^/prometheus/(.*)$ /$1 break;
     19      proxy_pass http://127.0.0.1:9090/;
     20   }
     21 
     22   location /node/ {
     23      # Put API behind simple access control.
     24      if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
     25         return 401;
     26      }
     27      rewrite ^/node/(.*)$ /$1 break;
     28      proxy_pass http://127.0.0.1:9100/;
     29   }
     30 
     31   location /nginx/ {
     32      # Put API behind simple access control.
     33      if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
     34         return 401;
     35      }
     36      rewrite ^/nginx/(.*)$ /$1 break;
     37      proxy_pass http://127.0.0.1:9113/;
     38   }
     39 
     40   location /postgres/ {
     41      # Put API behind simple access control.
     42      if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
     43         return 401;
     44      }
     45      rewrite ^/postgres/(.*)$ /$1 break;
     46      proxy_pass http://127.0.0.1:9187/;
     47   }
     48 
     49 #  location /systemd/ {
     50      # Put API behind simple access control.
     51 #     if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
     52 #        return 401;
     53 #     }
     54 #     rewrite ^/systemd/(.*)$ /$1 break;
     55 #     proxy_pass http://127.0.0.1:9116/;
     56 #  }
     57 
     58   # See /etc/default/alloy for the export
     59   location /alloy/ {
     60      # Put API behind simple access control.
     61      if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
     62         return 401;
     63      }
     64      rewrite ^/alloy/(.*)$ /$1 break;
     65      proxy_pass http://127.0.0.1:12345/;
     66   }
     67 
     68   location /alertmanager/ {
     69      if ($http_authorization != "Bearer {{ PROMETHEUS_ACCESS_TOKEN }}") {
     70         return 401;
     71      }
     72      rewrite ^/alertmanager/(.*)$ /$1 break;
     73      proxy_pass http://127.0.0.1:9093/;
     74   }
     75 }
     76 
     77 
     78 
     79 # Expose Nginx /metrics on loopback for the node exporter
     80 # See /etc/default/prometheus-nginx-exporter for the use
     81 server {
     82   listen localhost;
     83   root /dev/null;
     84   server_name localhost;
     85 
     86   location /metrics {
     87      stub_status on;
     88      access_log off;
     89      allow 127.0.0.1;
     90      deny all;
     91    }
     92 }