Commit bf2dbe56 authored by nono's avatar nono 💻
Browse files

Début de la configuration du monitoring du serveur sso

parent 0a02f938
......@@ -21,12 +21,44 @@ certbot_create_method: standalone
certbot_certs:
- domains:
- sso.lqdn.fr
- stats.sso.lqdn.fr
certbot_auto_renew_options: '--webroot -w /var/www/letsencrypt && systemctl reload nginx'
certbot_auto_renew: true
## Nginx config
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "stats.sso.lqdn.fr"
access_log: "/var/log/nginx/stats_keycloak_access.log"
error_log: "/var/log/nginx/stats_keycloak_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "stats.sso.lqdn.fr.https.conf"
extra_parameters: |
location / {
proxy_buffering off;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://127.0.0.1:9001;
proxy_redirect off;
}
location /.well-known/acme-challenge {
alias /var/www/letsencrypt/.well-known/acme-challenge;
}
ssl_certificate /etc/letsencrypt/live/stats.sso.lqdn.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stats.sso.lqdn.fr/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "443 ssl http2"
server_name: "sso.lqdn.fr"
access_log: "/var/log/nginx/keycloak_access.log"
......@@ -75,3 +107,7 @@ nginx_vhosts:
location / {
return 302 https://sso.lqdn.fr$request_uri;
}
# Node-exporter
node_exporter_version: "latest"
node_exporter_web_listen_address: "0.0.0.0:9100"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment