- commit
- 4f271d2
- parent
- bb3babe
- author
- Antonio Mika
- date
- 2023-10-05 15:02:19 +0000 UTC
Added monitoring caddyfile
1 files changed,
+99,
-0
+99,
-0
1@@ -0,0 +1,99 @@
2+{
3+ on_demand_tls {
4+ ask http://web:3000/check
5+ interval 1m
6+ burst 10
7+ }
8+}
9+
10+*.{$APP_DOMAIN}, {$APP_DOMAIN} {
11+ reverse_proxy web:3000
12+ tls {$APP_EMAIL} {
13+ dns cloudflare {$CF_API_TOKEN}
14+ resolvers 1.1.1.1
15+ }
16+ encode zstd gzip
17+
18+ header {
19+ # disable FLoC tracking
20+ Permissions-Policy interest-cohort=()
21+
22+ # enable HSTS
23+ Strict-Transport-Security max-age=31536000;
24+
25+ # disable clients from sniffing the media type
26+ X-Content-Type-Options nosniff
27+
28+ # clickjacking protection
29+ X-Frame-Options DENY
30+
31+ # keep referrer data off of HTTP connections
32+ Referrer-Policy no-referrer-when-downgrade
33+
34+ Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
35+
36+ X-XSS-Protection "1; mode=block"
37+ }
38+
39+ @caddymetrics {
40+ host {$APP_DOMAIN}
41+ path /_caddy/metrics
42+ }
43+
44+ metrics @caddymetrics {
45+ disable_openmetrics
46+ }
47+
48+ @appmetrics {
49+ host {$APP_DOMAIN}
50+ path /_app/metrics
51+ }
52+
53+ handle @appmetrics {
54+ rewrite * /metrics
55+ reverse_proxy ssh:9222
56+ }
57+}
58+
59+monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
60+ @grafana {
61+ host grafana.{$MONITORING_APP_DOMAIN}
62+ }
63+
64+ @prometheus {
65+ host prometheus.{$MONITORING_APP_DOMAIN}
66+ }
67+
68+ tls {$MONITORING_APP_EMAIL} {
69+ dns cloudflare {$CF_API_TOKEN}
70+ resolvers 1.1.1.1
71+ }
72+
73+ encode zstd gzip
74+
75+ reverse_proxy @grafana grafana:3000
76+
77+ basicauth @prometheus {
78+ eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
79+ antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
80+ bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
81+ }
82+ reverse_proxy @prometheus prometheus:9090
83+
84+ @caddymetrics {
85+ host monitoring.{$MONITORING_APP_DOMAIN}
86+ path /_caddy/metrics
87+ }
88+
89+ metrics @caddymetrics {
90+ disable_openmetrics
91+ }
92+}
93+
94+:443 {
95+ reverse_proxy web:3000
96+ tls {$APP_EMAIL} {
97+ on_demand
98+ }
99+ encode zstd gzip
100+}