ansible-ffibk/roles/service-prometheus/templates/prometheus_vhost.conf.j2

server {
    listen 80;
    listen [::]:80;
    server_name {{ prometheus_url_external }} {{ prometheus_url_internal }};

    include /etc/nginx/snippets/redirect-to-ssl.conf;
    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name {{ prometheus_url_external }} {{ prometheus_url_internal }};

    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;

    satisfy  any;

    allow 127.0.0.0/8;
    allow ::1/128;
    allow {{ lookup('dig', inventory_hostname, 'qtype=A') }};
    allow {{ lookup('dig', inventory_hostname, 'qtype=AAAA') }};

    location /alertmanager {
      proxy_pass http://127.0.0.1:9093;
      auth_basic "Prometheus";
      auth_basic_user_file /etc/nginx/htpasswd_prometheus;
    }

    location / {
      proxy_pass http://127.0.0.1:9090;
      auth_basic "Prometheus";
      auth_basic_user_file /etc/nginx/htpasswd_prometheus;
    }
}
role service-prometheus: add vhost 2018-09-25 10:33:52 +02:00			`server {`
			`listen 80;`
			`listen [::]:80;`
			`server_name {{ prometheus_url_external }} {{ prometheus_url_internal }};`

			`include /etc/nginx/snippets/redirect-to-ssl.conf;`
			`include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;`
			`}`

			`server {`
			`listen 443 ssl;`
			`listen [::]:443 ssl;`
			`server_name {{ prometheus_url_external }} {{ prometheus_url_internal }};`

			`ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;`
			`ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;`

			`include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;`

role service-prometheus: configure alertmanager 2018-09-26 15:35:47 +02:00			`satisfy any;`

			`allow 127.0.0.0/8;`
			`allow ::1/128;`
			`allow {{ lookup('dig', inventory_hostname, 'qtype=A') }};`
			`allow {{ lookup('dig', inventory_hostname, 'qtype=AAAA') }};`

			`location /alertmanager {`
			`proxy_pass http://127.0.0.1:9093;`
Role service-prometheus: move auth in vhosts to location 2018-11-27 10:55:37 +01:00			`auth_basic "Prometheus";`
			`auth_basic_user_file /etc/nginx/htpasswd_prometheus;`
role service-prometheus: configure alertmanager 2018-09-26 15:35:47 +02:00			`}`

role service-prometheus: add vhost 2018-09-25 10:33:52 +02:00			`location / {`
			`proxy_pass http://127.0.0.1:9090;`
Role service-prometheus: move auth in vhosts to location 2018-11-27 10:55:37 +01:00			`auth_basic "Prometheus";`
			`auth_basic_user_file /etc/nginx/htpasswd_prometheus;`
role service-prometheus: add vhost 2018-09-25 10:33:52 +02:00			`}`
			`}`