Browse Source

add mSSL stub with nginx for prometheus

monitoring
histausse 1 year ago
parent
commit
6e28abc1e7
Signed by: histausse
GPG Key ID: 67486F107F62E9E9
  1. 2
      roles/prometheus/meta/main.yml
  2. 22
      roles/prometheus/tasks/main.yml
  3. 13
      roles/prometheus/templates/atrocious_nginx_stub

2
roles/prometheus/meta/main.yml

@ -0,0 +1,2 @@
dependencies:
- role: install_nginx

22
roles/prometheus/tasks/main.yml

@ -78,6 +78,22 @@
vars:
args:
- name: web.listen-address
value: "{{ lan_address }}:9090"
- name: web.config
value: /etc/prometheus/web-config.yaml
value: "127.0.0.1:9090"
# value: "{{ lan_address }}:9090"
# - name: web.config.file # Not available before 2.24, and it sucks
# value: /etc/prometheus/web-config.yaml
# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
# Think prometheus, think!
- name: Copy the nginx config
template:
src: atrocious_nginx_stub
dest: "/etc/nginx/sites-available/internal-prometheus"
notify: Reload nginx
- name: Activate the config
file:
src: "/etc/nginx/sites-available/internal-prometheus"
dest: "/etc/nginx/sites-enabled/internal-prometheus"
state: link
force: yes

13
roles/prometheus/templates/atrocious_nginx_stub

@ -0,0 +1,13 @@
{{ ansible_managed | comment }}
server {
listen {{ lan_address }}:9090 ssl;
ssl_certificate /etc/prometheus/prometheus-{{ lan_address }}.crt;
ssl_certificate_key /etc/prometheus/prometheus-{{ lan_address }}.key;
ssl_client_certificate /etc/prometheus/ca.crt;
ssl_verify_client on;
location / {
proxy_pass 127.0.0.1:9090;
}
}
Loading…
Cancel
Save