Add haproxy and WIP rsyslogd + promtail + prometheus
This commit is contained in:
parent
85df924c21
commit
96d54ab33d
|
@ -168,6 +168,12 @@ redxen.eu/daemons/murmurd/${BUILD_ID_OUT}: %/${BUILD_ID_OUT} : \
|
|||
redxen.eu/data/postgres-cert/murmur/${BUILD_ID_OUT} \
|
||||
redxen.eu/data/selfsigned/${BUILD_ID_OUT}
|
||||
|
||||
# Relays
|
||||
redxen.eu/daemons/haproxy/${BUILD_ID_OUT}: %/${BUILD_ID_OUT} : \
|
||||
%/main.cfg \
|
||||
redxen.eu/data/letsencrypt/${BUILD_ID_OUT} \
|
||||
redxen.eu/data/haproxy-errpages/${BUILD_ID_OUT}
|
||||
|
||||
# Data
|
||||
redxen.eu/data/branding/${BUILD_ID_OUT}: %/${BUILD_ID_OUT} : \
|
||||
%/logo.svg
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
FROM alpine AS preparer
|
||||
|
||||
WORKDIR /root
|
||||
RUN \
|
||||
--mount=type=bind,from=redxen.eu/data/letsencrypt:latest,src=/redxen.eu,dst=/run/letsencrypt \
|
||||
cat \
|
||||
/run/letsencrypt/certs/public.crt \
|
||||
/run/letsencrypt/certs/ca.crt \
|
||||
/run/letsencrypt/keys/private.key \
|
||||
> full.crt
|
||||
|
||||
FROM haproxy:lts-alpine
|
||||
|
||||
COPY --from=preparer /root/full.crt /etc/redxen/letsencrypt/full.crt
|
||||
COPY --from=redxen.eu/data/haproxy-errpages /root/haproxy-errpages/ /etc/redxen/haproxy/errorpages/
|
||||
|
||||
ADD main.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||
|
||||
RUN haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
|
|
@ -0,0 +1,146 @@
|
|||
global
|
||||
maxconn 2048
|
||||
maxconnrate 40
|
||||
|
||||
log 127.0.0.1:514 local0 info
|
||||
|
||||
defaults
|
||||
mode http
|
||||
|
||||
log global
|
||||
|
||||
retries 3
|
||||
|
||||
option forwardfor
|
||||
option http-keep-alive
|
||||
option httplog
|
||||
option tcp-smart-connect
|
||||
option tcpka
|
||||
option abortonclose
|
||||
|
||||
balance roundrobin
|
||||
|
||||
compression algo gzip
|
||||
|
||||
timeout http-request 10s
|
||||
timeout connect 10s
|
||||
timeout client 60s
|
||||
timeout server 240s
|
||||
timeout http-keep-alive 240s
|
||||
|
||||
default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check
|
||||
|
||||
errorfile 400 /etc/redxen/haproxy/errorpages/400.http
|
||||
errorfile 403 /etc/redxen/haproxy/errorpages/403.http
|
||||
errorfile 408 /etc/redxen/haproxy/errorpages/408.http
|
||||
errorfile 500 /etc/redxen/haproxy/errorpages/500.http
|
||||
errorfile 502 /etc/redxen/haproxy/errorpages/502.http
|
||||
errorfile 503 /etc/redxen/haproxy/errorpages/503.http
|
||||
errorfile 504 /etc/redxen/haproxy/errorpages/504.http
|
||||
|
||||
resolvers local
|
||||
nameserver unbound 127.0.0.1:53
|
||||
|
||||
resolve_retries 2
|
||||
|
||||
timeout retry 300ms
|
||||
|
||||
hold other 100ms
|
||||
hold refused 100ms
|
||||
hold nx 100ms
|
||||
hold timeout 3s
|
||||
hold valid 60s
|
||||
|
||||
listen git-gitea
|
||||
mode tcp
|
||||
bind ipv4@*:2442,ipv6@*:2442
|
||||
option tcp-check
|
||||
server-template gitssh 1 _gitssh._tcp.routinginfo.internal
|
||||
|
||||
frontend metrics
|
||||
mode http
|
||||
bind ipv4@:7581,ipv6@:7581
|
||||
|
||||
http-request use-service prometheus-exporter if { path /metrics }
|
||||
|
||||
frontend http
|
||||
mode http
|
||||
bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1
|
||||
bind ipv4@:80,ipv6@:80
|
||||
|
||||
http-response set-header X-Forwarded-Proto https
|
||||
http-response set-header X-XSS-Protection 1;\ mode=block
|
||||
http-response set-header X-Content-Type-Options nosniff
|
||||
http-response set-header Referrer-Policy no-referrer-when-downgrade
|
||||
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
|
||||
|
||||
acl root path /
|
||||
|
||||
acl home hdr_beg(host) -i redxen
|
||||
acl stats hdr_beg(host) -i stats.redxen
|
||||
acl fedi hdr_beg(host) -i social.redxen
|
||||
acl git hdr_beg(host) -i git.redxen
|
||||
acl btdown hdr_beg(host) -i sd.redxen
|
||||
acl btdaemon hdr_beg(host) -i seed.redxen
|
||||
acl packs hdr_beg(host) -i packages.redxen
|
||||
acl cal hdr_beg(host) -i cal.redxen
|
||||
|
||||
redirect location https://en.uncyclopedia.co/wiki/South_Africa code 302 if fedi
|
||||
redirect prefix /web code 302 if btdaemon root
|
||||
|
||||
use_backend backend-home if home
|
||||
use_backend backend-stats if stats
|
||||
#use_backend backend-fedi if fedi
|
||||
use_backend backend-git if git
|
||||
use_backend backend-btdown if btdown
|
||||
use_backend backend-btdaemon if btdaemon
|
||||
use_backend backend-packages if packs
|
||||
use_backend backend-radicale if cal
|
||||
# Fallback to wssproxy to bypass SNI/domain filters
|
||||
use_backend backend-wssproxy
|
||||
|
||||
backend backend-home
|
||||
server-template root 1 _root._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host redxen.eu
|
||||
|
||||
backend backend-stats
|
||||
server-template grafana 2 _grafana._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host stats.redxen.eu
|
||||
|
||||
#backend backend-fedi
|
||||
# server-template pleroma 1 _pleroma._tcp.routinginfo.internal
|
||||
# option httpchk HEAD / HTTP/1.1
|
||||
# http-check send hdr Host social.redxen.eu
|
||||
|
||||
backend backend-git
|
||||
server-template gitea 1 _gitea._tcp.routinginfo.internal
|
||||
option httpchk GET /caskd/corelibs HTTP/1.1
|
||||
http-check send hdr Host gitea.redxen.eu
|
||||
timeout check 10s
|
||||
|
||||
backend backend-btdown
|
||||
server-template seedown 1 _seedown._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host sd.redxen.eu
|
||||
|
||||
backend backend-btdaemon
|
||||
server-template transmission 1 _transmission._tcp.routinginfo.internal
|
||||
|
||||
backend backend-packages
|
||||
server-template packages 1 _packages._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host packages.redxen.eu
|
||||
|
||||
backend backend-radicale
|
||||
server-template radicale 1 _radicale._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host cal.redxen.eu
|
||||
http-check expect status 401
|
||||
|
||||
backend backend-wssproxy
|
||||
server-template wssproxy 1 _wssproxy._tcp.routinginfo.internal
|
||||
option httpchk HEAD / HTTP/1.1
|
||||
http-check send hdr Host localhost
|
||||
http-check expect status 404
|
|
@ -1,5 +1,4 @@
|
|||
server:
|
||||
server-count: 4
|
||||
database: ""
|
||||
username: ""
|
||||
logfile: "/dev/stdout"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
global:
|
||||
scrape_interval: 5s
|
||||
scrape_interval: 10s
|
||||
|
||||
scrape_configs:
|
||||
- job_name: "linux"
|
||||
|
@ -26,3 +26,19 @@ scrape_configs:
|
|||
dns_sd_configs:
|
||||
- names: [ 'ceph.prometheus.routinginfo.internal' ]
|
||||
type: 'SRV'
|
||||
- job_name: "libvirt"
|
||||
dns_sd_configs:
|
||||
- names: [ 'libvirt.prometheus.routinginfo.internal' ]
|
||||
type: 'SRV'
|
||||
- job_name: "smartctl"
|
||||
scrape_interval: 1m # Less important and also takes longer to query
|
||||
scrape_timeout: 30s # Handle scraping delays
|
||||
dns_sd_configs:
|
||||
- names: [ 'smartctl_exporters.prometheus.routinginfo.internal' ]
|
||||
type: 'SRV'
|
||||
- job_name: "ipmi"
|
||||
scrape_interval: 1m # Less important and also takes longer to query
|
||||
scrape_timeout: 30s # Handle scraping delays
|
||||
dns_sd_configs:
|
||||
- names: [ 'ipmi.prometheus.routinginfo.internal' ]
|
||||
type: 'SRV'
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
FROM alpine:latest
|
||||
|
||||
RUN --network=host apk add \
|
||||
loki-promtail
|
||||
|
||||
WORKDIR /etc/redxen/promtail/
|
||||
|
||||
ADD config.yaml config.yaml
|
||||
|
||||
CMD ["promtail", "-config.file=config.yaml"]
|
|
@ -0,0 +1,26 @@
|
|||
server:
|
||||
disable: true
|
||||
|
||||
clients:
|
||||
- url: "http://loki.routinginfo.internal:7553/loki/api/v1/push"
|
||||
|
||||
positions:
|
||||
filename: "/tmp/positions.yaml"
|
||||
|
||||
scrape_configs:
|
||||
- job_name: "rsyslog"
|
||||
syslog:
|
||||
listen_address: localhost:7590
|
||||
use_incoming_timestamp: true
|
||||
label_structured_data: yes
|
||||
labels:
|
||||
job: "rsyslog"
|
||||
relabel_configs:
|
||||
- source_labels: ["__syslog_connection_ip_address"]
|
||||
target_label: "ip_address"
|
||||
- source_labels: ["__syslog_message_severity"]
|
||||
target_label: "severity"
|
||||
- source_labels: ["__syslog_message_facility"]
|
||||
target_label: "facility"
|
||||
- source_labels: ["__syslog_message_hostname"]
|
||||
target_label: "host"
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/sh
|
||||
|
||||
podman create \
|
||||
--replace \
|
||||
--read-only \
|
||||
--network=host \
|
||||
--name promtail \
|
||||
-v '/etc/resolv.conf:/etc/resolv.conf:ro' \
|
||||
redxen.eu/daemons/promtail:latest
|
|
@ -0,0 +1,5 @@
|
|||
FROM alpine
|
||||
|
||||
RUN --network=host apk add rsyslog
|
||||
|
||||
ADD rsyslogd.conf /etc/rsyslog/rsyslogd.conf
|
|
@ -0,0 +1,26 @@
|
|||
$WorkDirectory /var/lib/rsyslog
|
||||
$FileOwner root
|
||||
$FileGroup adm
|
||||
$FileCreateMode 0640
|
||||
$DirCreateMode 0755
|
||||
$Umask 0022
|
||||
$AbortOnUncleanConfig on
|
||||
|
||||
#### Modules ####
|
||||
|
||||
# Provides --MARK-- message capability.
|
||||
module(load="immark")
|
||||
|
||||
# Provides support for local system logging (e.g. via logger command).
|
||||
module(load="imuxsock")
|
||||
|
||||
# Reads kernel messages.
|
||||
module(load="imklog")
|
||||
|
||||
# Accepts messages via udp.
|
||||
module(load="imudp")
|
||||
input(type="imudp" port="514")
|
||||
|
||||
# Relay logs to promtail
|
||||
module(load="omprog")
|
||||
action(type="omfwd" Protocol="tcp" Target="127.0.0.1" Port="7590" Template="RSYSLOG_SyslogProtocol23Format" TCP_Framing="octet-counted")
|
|
@ -0,0 +1,5 @@
|
|||
FROM alpine
|
||||
|
||||
WORKDIR /root
|
||||
RUN --network=host apk add git
|
||||
RUN --network=host git clone https://git.redxen.eu/RedXen/haproxy-errpages
|
Loading…
Reference in New Issue