diff --git a/defaults/main.yml b/defaults/main.yml index f0bcf96..97beee5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,11 +7,12 @@ grafana_version: '8.4.3' grafana_image: 'grafana/grafana:{{ grafana_version }}' grafana_cont_name: '{{ grafana_service_name }}' grafana_cont_vol: '{{ grafana_service_path }}/data' -grafana_port: 9400 # see: http://docs.grafana.org/installation/docker/#migration-from-a-previous-version-of-the-docker-container-to-5-1-or-later grafana_cont_uid: 472 # Permission adjust for dockremap. grafana_host_uid: '{{ 100000 + grafana_cont_uid | int }}' +grafana_cont_port: 9400 +grafana_proxy_port: 8780 # Public domain grafana_domain: ~ diff --git a/tasks/consul.yml b/tasks/consul.yml index e40f03e..3fe79d5 100644 --- a/tasks/consul.yml +++ b/tasks/consul.yml @@ -4,11 +4,26 @@ vars: consul_config_name: '{{ grafana_service_name }}' consul_services: - - name: '{{ grafana_service_name }}' - tags: ['monitor', 'grafana'] - port: '{{ grafana_port }}' + - id: '{{ grafana_service_name }}:{{ grafana_domain }}' + name: '{{ grafana_service_name }}' + tags: ['grafana', 'monitor'] + port: '{{ grafana_cont_port }}' + address: '{{ ansible_local.wireguard.vpn_ip }}' checks: - id: '{{ grafana_service_name }}-health' - name: 'Grafana current health' + name: 'Grafana Health' type: 'http' - http: 'http://localhost:{{ grafana_port }}/api/health' + http: 'http://localhost:{{ grafana_cont_port }}/api/health' + + - id: '{{ grafana_service_name }}-proxy:{{ grafana_domain }}' + name: '{{ grafana_service_name }}-proxy' + tags: ['grafana', 'monitor', 'ssl-proxy-backend'] + port: '{{ grafana_proxy_port }}' + address: '{{ ansible_local.wireguard.vpn_ip }}' + meta: + proxy_fqdn: '{{ grafana_domain | mandatory }}' + checks: + - id: '{{ grafana_service_name }}-proxy-health' + name: 'Grafana Proxy Health' + type: 'http' + http: 'http://localhost:{{ grafana_proxy_port }}/health' diff --git a/tasks/main.yml b/tasks/main.yml index 4c231d1..1fb6862 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,5 @@ --- - import_tasks: config.yml - import_tasks: docker.yml +- import_tasks: proxy.yml - import_tasks: consul.yml diff --git a/tasks/proxy.yml b/tasks/proxy.yml new file mode 100644 index 0000000..bc61fa3 --- /dev/null +++ b/tasks/proxy.yml @@ -0,0 +1,18 @@ +--- +# Necessary to hide a few sensitive paths +- name: Configure Nginx proxy + include_role: name=nginx + vars: + nginx_sites: + grafana_ssl_backend: + - listen {{ grafana_proxy_port }} + + - location /health { return 200; } + - location /avatar { return 401; } + - location /metrics { return 401; } + - location /api/health { return 401; } + + - location / { + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ grafana_cont_port }}/; + } diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2 index 72675f8..1845b28 100644 --- a/templates/docker-compose.yml.j2 +++ b/templates/docker-compose.yml.j2 @@ -6,12 +6,12 @@ services: image: '{{ grafana_image }}' restart: always ports: - - '127.0.0.1:{{ grafana_port }}:{{ grafana_port }}' + - '127.0.0.1:{{ grafana_cont_port }}:{{ grafana_cont_port }}' volumes: - '{{ grafana_cont_vol }}/lib:/var/lib/grafana' - '{{ grafana_cont_vol }}/etc:/etc/grafana' healthcheck: - test: ["CMD", "wget", "-qO-", "http://localhost:{{ grafana_port }}/api/health"] + test: ["CMD", "wget", "-qO-", "http://localhost:{{ grafana_cont_port }}/api/health"] interval: 30s timeout: 10s retries: 3 diff --git a/templates/grafana.ini.j2 b/templates/grafana.ini.j2 index 2c71929..3c35b33 100644 --- a/templates/grafana.ini.j2 +++ b/templates/grafana.ini.j2 @@ -1,5 +1,5 @@ [server] -http_port = {{ grafana_port }} +http_port = {{ grafana_cont_port }} domain = {{ grafana_domain | mandatory }}/ root_url = https://{{ grafana_domain | mandatory }}/