--- # CloudFlare Origin certificates origin_certs: - domain: 'status.im' crt: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.crt")}}' key: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.key")}}' default: true # Kibana Dashboard kibana_domain: 'nimbus-logs.infra.status.im' kibana_version: '7.10.2' kibana_cont_name: kibana kibana_cont_port: 5601 # oauth access oauth_domain: '{{ kibana_domain }}' oauth_cont_name: '{{ kibana_cont_name }}-oauth' oauth_upstream_cont: '{{ kibana_cont_name }}' oauth_upstream_port: '{{ kibana_cont_port }}' oauth_public_port: 443 oauth_local_port: 8090 oauth_cookie_secret: '{{ lookup("bitwarden", "cookie-secret", field="secret") }}' oauth_id: '{{ lookup("bitwarden", "nimbus/kibana/oauth", field="client-id") }}' oauth_secret: '{{ lookup("bitwarden", "nimbus/kibana/oauth", field="secret") }}' # ElasticSearch Load Balancer es_lb_image: 'docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2' es_lb_cont_name: elasticsearch-lb es_lb_data_center: do-ams3 es_lb_cluster_name: 'nimbus-logs-search' es_lb_api_port: 9200 es_lb_node_port: 9300 logclean_es_host: 'localhost' logclean_es_port: '{{ es_lb_api_port }}' # JVM Memory settings es_lb_jvm_min_heap: 2g es_lb_jvm_max_heap: 2g # Nginx Proxy config nginx_sites: kibana_http: - listen 80 - server_name {{ oauth_domain }} - return 302 https://$server_name$request_uri kibana_ssl: - listen 443 ssl - server_name {{ oauth_domain }} - ssl_certificate /certs/origin.crt - ssl_certificate_key /certs/origin.key - location / { proxy_set_header Host $host; proxy_pass http://127.0.0.1:{{ oauth_local_port }}/; } # Open Nginx Ports open_ports_default_comment: 'ElasticSearch LB' open_ports_default_chain: 'VPN' open_ports_list: - { port: 80, chain: 'SERVICES', protocol: 'tcp', comment: 'Kiban & Grafana'} - { port: 443, chain: 'SERVICES', protocol: 'tcp', comment: 'Kiban & Grafana' } - { port: '{{ es_lb_api_port }}', ipset: 'log-store.nimbus' } - { port: '{{ es_lb_node_port }}', ipset: 'log-store.nimbus' }