add mSSL stub with nginx for prometheus

monitoring
histausse 3 years ago
parent 023ec5f395
commit 6e28abc1e7
Signed by: histausse
GPG Key ID: 67486F107F62E9E9

@ -0,0 +1,2 @@
dependencies:
- role: install_nginx

@ -78,6 +78,22 @@
vars:
args:
- name: web.listen-address
value: "{{ lan_address }}:9090"
- name: web.config
value: /etc/prometheus/web-config.yaml
value: "127.0.0.1:9090"
# value: "{{ lan_address }}:9090"
# - name: web.config.file # Not available before 2.24, and it sucks
# value: /etc/prometheus/web-config.yaml
# Here we go, using nginx to add mSSL to prometheus... because who need to authentication on the server with ALL the jucy data?
# Think prometheus, think!
- name: Copy the nginx config
template:
src: atrocious_nginx_stub
dest: "/etc/nginx/sites-available/internal-prometheus"
notify: Reload nginx
- name: Activate the config
file:
src: "/etc/nginx/sites-available/internal-prometheus"
dest: "/etc/nginx/sites-enabled/internal-prometheus"
state: link
force: yes

@ -0,0 +1,13 @@
{{ ansible_managed | comment }}
server {
listen {{ lan_address }}:9090 ssl;
ssl_certificate /etc/prometheus/prometheus-{{ lan_address }}.crt;
ssl_certificate_key /etc/prometheus/prometheus-{{ lan_address }}.key;
ssl_client_certificate /etc/prometheus/ca.crt;
ssl_verify_client on;
location / {
proxy_pass 127.0.0.1:9090;
}
}
Loading…
Cancel
Save