agala/server-initializer
1
0
Fork 0
mirror of https://github.com/elAgala/server-initializer.git synced 2026-02-14 05:06:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: fix caddy config for prometheus and loki

Browse Source
This commit is contained in:
elAgala
2025-07-10 02:21:18 -03:00
parent 7cd8095663
commit 379bdefea7
4 changed files with 63 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
templates/caddy/full/caddy/Caddyfile
View File

@@ -5,17 +5,14 @@
# Enable metrics for Prometheus # Enable metrics for Prometheus
metrics metrics
# Console logging for Docker logs # Logging - console for Docker logs and file for CrowdSec/Promtail
log { log {
level INFO level INFO
format console format console
} output file /var/log/caddy/access.log {
# Access logs for CrowdSec and Promtail
log {
output file /var/log/caddy/access.log
format json format json
} }
}
# Allow CrowdSec globally # Allow CrowdSec globally
crowdsec { crowdsec {

31
templates/caddy/full/caddy/sites-enabled/loki.Caddyfile Normal file
View File

@@ -0,0 +1,31 @@
# Loki API endpoint for external Grafana/API access
your_logging_domain {
# Basic auth for Loki path
basic_auth {
loki {$LOKI_PASSWORD}
}
# Only allow Loki API endpoints that Grafana needs
@allowed_endpoints {
path /api/v1/*
path /loki/api/v1/*
path /ready
path /metrics
}
# Block everything else (UI, admin endpoints, etc.)
handle {
@blocked {
not path /api/v1/*
not path /loki/api/v1/*
not path /ready
not path /metrics
}
respond @blocked "API access only" 403
}
# Forward only allowed endpoints (no WAF needed for API)
handle @allowed_endpoints {
reverse_proxy * http://loki:3100
}
}

13
templates/caddy/full/caddy/sites-enabled/prometheus.Caddyfile
View File

@@ -1,8 +1,5 @@
# Prometheus API endpoint for external Grafana access via IP # Prometheus API endpoint for external Grafana access
# Access via: https://YOUR_SERVER_IP/prometheus/ your_monitoring_domain {
:443 {
# Basic auth for Prometheus path
handle_path /prometheus/* {
basic_auth { basic_auth {
prometheus {$PROMETHEUS_PASSWORD} prometheus {$PROMETHEUS_PASSWORD}
} }
@@ -26,10 +23,6 @@
# Forward only allowed endpoints (no WAF needed for API) # Forward only allowed endpoints (no WAF needed for API)
handle @allowed_endpoints { handle @allowed_endpoints {
reverse_proxy * http://prometheus:9090 reverse_proxy * prometheus:9090
} }
}
# Default response for other paths
respond "Server monitoring" 200
} }

2
templates/caddy/full/docker-compose.yml
View File

@@ -22,6 +22,8 @@ services:
- "443:443" - "443:443"
environment: environment:
- CROWDSEC_API_KEY=${CROWDSEC_API_KEY} - CROWDSEC_API_KEY=${CROWDSEC_API_KEY}
- PROMETHEUS_PASSWORD=${PROMETHEUS_PASSWORD}
- LOKI_PASSWORD=${LOKI_PASSWORD}
volumes: volumes:
- ../../deploy/static:/srv/static # Your static files location - ../../deploy/static:/srv/static # Your static files location
- ./caddy/Caddyfile:/etc/caddy/Caddyfile - ./caddy/Caddyfile:/etc/caddy/Caddyfile