Separate traefik and grafana prometheus
This commit is contained in:
parent
d51a9802b0
commit
8c337a324b
14 changed files with 136 additions and 98 deletions
|
|
@ -9,6 +9,7 @@ services:
|
|||
- no-new-privileges:true
|
||||
networks:
|
||||
proxy: {}
|
||||
metrics: {}
|
||||
vpn:
|
||||
ipv4_address: {{ server.vpn.reverse_proxy_ip }}
|
||||
ports:
|
||||
|
|
@ -24,91 +25,32 @@ services:
|
|||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
extra_hosts:
|
||||
- "host.docker.internal:host-gateway"
|
||||
- host.docker.internal:host-gateway
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.middlewares.traefik-stripprefix.stripprefix.prefixes=/traefik"
|
||||
- "traefik.http.routers.traefik-secure.entrypoints=https"
|
||||
- "traefik.http.routers.traefik-secure.rule=Host(`dash.{{ server.domain }}`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))"
|
||||
- "traefik.http.middlewares.tls-rep.redirectregex.permanent=true"
|
||||
- "traefik.http.middlewares.tls-header.headers.SSLRedirect=true"
|
||||
- "traefik.http.middlewares.tls-header.headers.forceSTSHeader=true"
|
||||
- "traefik.http.middlewares.tls-header.headers.STSSeconds=315360000"
|
||||
- "traefik.http.middlewares.tls-header.headers.STSIncludeSubdomains=true"
|
||||
- "traefik.http.middlewares.tls-header.headers.STSPreload=true"
|
||||
- "traefik.http.middlewares.tls-header.headers.browserXSSFilter=true"
|
||||
- "traefik.http.middlewares.tls-header.headers.contentTypeNosniff=true"
|
||||
- "traefik.http.middlewares.tls-header.headers.frameDeny=true"
|
||||
- "traefik.http.middlewares.tls-header.headers.customFrameOptionsValue=SAMEORIGIN"
|
||||
- "traefik.http.middlewares.tls-header.headers.featurePolicy=accelerometer 'none'; ambient-light-sensor 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; usb 'none'; midi 'none'; sync-xhr 'none'; vr 'none'"
|
||||
- "traefik.http.middlewares.tls-header.headers.referrerPolicy=strict-origin-when-cross-origin"
|
||||
- "traefik.http.middlewares.tls-chain.chain.middlewares=tls-rep,tls-header"
|
||||
- "traefik.http.routers.traefik-secure.middlewares=traefik-stripprefix,tls-chain,private-network@file"
|
||||
- "traefik.http.routers.traefik-secure.tls=true"
|
||||
- "traefik.http.routers.traefik-secure.tls.certresolver=sslResolver"
|
||||
- "traefik.http.routers.traefik-secure.service=api@internal"
|
||||
|
||||
prometheus:
|
||||
image: prom/prometheus:latest
|
||||
restart: unless-stopped
|
||||
container_name: prometheus
|
||||
volumes:
|
||||
- ./prometheus/:/etc/prometheus/
|
||||
- {{ server.work_dir }}/traefik/prometheus:/prometheus
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
command:
|
||||
- "--web.route-prefix=/"
|
||||
- "--web.external-url=https://dash.{{ server.domain }}/prometheus"
|
||||
- "--config.file=/etc/prometheus/prometheus.yml"
|
||||
- "--storage.tsdb.path=/prometheus"
|
||||
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
|
||||
- "--web.console.templates=/usr/share/prometheus/consoles"
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus"
|
||||
- "traefik.http.routers.prometheus-secure.entrypoints=https"
|
||||
- "traefik.http.routers.prometheus-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/prometheus`)"
|
||||
- "traefik.http.routers.prometheus-secure.middlewares=tls-chain,prometheus-stripprefix,private-network@file"
|
||||
- "traefik.http.routers.prometheus-secure.tls=true"
|
||||
- "traefik.http.routers.prometheus-secure.tls.certresolver=sslResolver"
|
||||
- "traefik.http.routers.prometheus-secure.service=prometheus"
|
||||
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
|
||||
- "traefik.docker.network=proxy"
|
||||
|
||||
grafana:
|
||||
image: grafana/grafana:latest
|
||||
restart: unless-stopped
|
||||
container_name: grafana
|
||||
volumes:
|
||||
- {{ server.work_dir }}/traefik/grafana:/var/lib/grafana
|
||||
- ./grafana/provisioning:/etc/grafana/provisioning
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
env_file:
|
||||
- grafana.env
|
||||
depends_on:
|
||||
- prometheus
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana"
|
||||
- "traefik.http.routers.grafana-secure.entrypoints=https"
|
||||
- "traefik.http.routers.grafana-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/grafana`)"
|
||||
- "traefik.http.routers.grafana-secure.middlewares=tls-chain,grafana-stripprefix,private-network@file"
|
||||
- "traefik.http.routers.grafana-secure.tls=true"
|
||||
- "traefik.http.routers.grafana-secure.tls.certresolver=http"
|
||||
- "traefik.http.routers.grafana-secure.service=grafana"
|
||||
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
||||
- "traefik.docker.network=proxy"
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.traefik-secure.entrypoints=https
|
||||
- traefik.http.routers.traefik-secure.rule=Host(`traefik.{{ server.domain }}`)
|
||||
- traefik.http.middlewares.tls-rep.redirectregex.permanent=true
|
||||
- traefik.http.middlewares.tls-header.headers.SSLRedirect=true
|
||||
- traefik.http.middlewares.tls-header.headers.forceSTSHeader=true
|
||||
- traefik.http.middlewares.tls-header.headers.STSSeconds=315360000
|
||||
- traefik.http.middlewares.tls-header.headers.STSIncludeSubdomains=true
|
||||
- traefik.http.middlewares.tls-header.headers.STSPreload=true
|
||||
- traefik.http.middlewares.tls-header.headers.browserXSSFilter=true
|
||||
- traefik.http.middlewares.tls-header.headers.contentTypeNosniff=true
|
||||
- traefik.http.middlewares.tls-header.headers.frameDeny=true
|
||||
- traefik.http.middlewares.tls-header.headers.customFrameOptionsValue=SAMEORIGIN
|
||||
- traefik.http.middlewares.tls-header.headers.featurePolicy=accelerometer 'none'; ambient-light-sensor 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; usb 'none'; midi 'none'; sync-xhr 'none'; vr 'none'
|
||||
- traefik.http.middlewares.tls-header.headers.referrerPolicy=strict-origin-when-cross-origin
|
||||
- traefik.http.middlewares.tls-chain.chain.middlewares=tls-rep,tls-header
|
||||
- traefik.http.routers.traefik-secure.middlewares=tls-chain,private-network@file
|
||||
- traefik.http.routers.traefik-secure.tls=true
|
||||
- traefik.http.routers.traefik-secure.tls.certresolver=sslResolver
|
||||
- traefik.http.routers.traefik-secure.service=api@internal
|
||||
|
||||
networks:
|
||||
internal:
|
||||
metrics:
|
||||
external: true
|
||||
proxy:
|
||||
external: true
|
||||
vpn:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue