add mSSL stub with nginx for prometheus

This commit is contained in:
histausse 2021-09-25 00:35:31 +02:00
parent 023ec5f395
commit 6e28abc1e7
Signed by: histausse
GPG key ID: 67486F107F62E9E9
3 changed files with 34 additions and 3 deletions

View file

@ -0,0 +1,2 @@
dependencies:
- role: install_nginx

View file

@ -78,6 +78,22 @@
vars: vars:
args: args:
- name: web.listen-address - name: web.listen-address
value: "{{ lan_address }}:9090" value: "127.0.0.1:9090"
- name: web.config # value: "{{ lan_address }}:9090"
value: /etc/prometheus/web-config.yaml # - name: web.config.file # Not available before 2.24, and it sucks
# value: /etc/prometheus/web-config.yaml
# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
# Think prometheus, think!
- name: Copy the nginx config
template:
src: atrocious_nginx_stub
dest: "/etc/nginx/sites-available/internal-prometheus"
notify: Reload nginx
- name: Activate the config
file:
src: "/etc/nginx/sites-available/internal-prometheus"
dest: "/etc/nginx/sites-enabled/internal-prometheus"
state: link
force: yes

View file

@ -0,0 +1,13 @@
{{ ansible_managed | comment }}
server {
listen {{ lan_address }}:9090 ssl;
ssl_certificate /etc/prometheus/prometheus-{{ lan_address }}.crt;
ssl_certificate_key /etc/prometheus/prometheus-{{ lan_address }}.key;
ssl_client_certificate /etc/prometheus/ca.crt;
ssl_verify_client on;
location / {
proxy_pass 127.0.0.1:9090;
}
}