caddy/Caddyfile.monitoring@main

pico / caddy
d7d2aff
Antonio Mika · 05 Oct 23
Caddyfile.monitoring

  1{
  2	on_demand_tls {
  3		ask http://web:3000/check
  4		interval 1m
  5		burst 10
  6	}
  7	servers {
  8		metrics
  9	}
 10}
 11
 12*.{$APP_DOMAIN}, {$APP_DOMAIN} {
 13	reverse_proxy web:3000
 14	tls {$APP_EMAIL} {
 15		dns cloudflare {$CF_API_TOKEN}
 16		resolvers 1.1.1.1
 17	}
 18	encode zstd gzip
 19
 20	header {
 21		# disable FLoC tracking
 22		Permissions-Policy interest-cohort=()
 23
 24		# enable HSTS
 25		Strict-Transport-Security max-age=31536000;
 26
 27		# disable clients from sniffing the media type
 28		X-Content-Type-Options nosniff
 29
 30		# clickjacking protection
 31		X-Frame-Options DENY
 32
 33		# keep referrer data off of HTTP connections
 34		Referrer-Policy no-referrer-when-downgrade
 35
 36		Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
 37
 38		X-XSS-Protection "1; mode=block"
 39	}
 40
 41	@caddymetrics {
 42		host {$APP_DOMAIN}
 43		path /_caddy/metrics
 44	}
 45
 46	metrics @caddymetrics {
 47		disable_openmetrics
 48	}
 49
 50	@appmetrics {
 51		host {$APP_DOMAIN}
 52		path /_app/metrics
 53	}
 54
 55	handle @appmetrics {
 56		rewrite * /metrics
 57		reverse_proxy ssh:9222
 58	}
 59}
 60
 61monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
 62       @grafana {
 63               host grafana.{$MONITORING_APP_DOMAIN}
 64       }
 65
 66       @prometheus {
 67               host prometheus.{$MONITORING_APP_DOMAIN}
 68       }
 69
 70       tls {$MONITORING_APP_EMAIL} {
 71               dns cloudflare {$CF_API_TOKEN}
 72               resolvers 1.1.1.1
 73       }
 74
 75       encode zstd gzip
 76
 77       reverse_proxy @grafana grafana:3000
 78
 79       basicauth @prometheus {
 80               eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
 81               antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
 82               bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
 83       }
 84       reverse_proxy @prometheus prometheus:9090
 85
 86       @caddymetrics {
 87               host monitoring.{$MONITORING_APP_DOMAIN}
 88               path /_caddy/metrics
 89       }
 90
 91       metrics @caddymetrics {
 92               disable_openmetrics
 93       }
 94}
 95
 96:443 {
 97	reverse_proxy web:3000
 98	tls {$APP_EMAIL} {
 99		on_demand
100	}
101	encode zstd gzip
102}