aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com/haproxy
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2023-01-14 04:30:53 +0000
committerterminaldweller <thabogre@gmail.com>2023-01-14 04:30:53 +0000
commitc81052b70888eb18dca82e33444ebbd9910f5ebc (patch)
tree6b6eb892438a15f7b4849d7508d61d9491b809c3 /terminaldweller.com/haproxy
parentupdate (diff)
downloadscripts-c81052b70888eb18dca82e33444ebbd9910f5ebc.tar.gz
scripts-c81052b70888eb18dca82e33444ebbd9910f5ebc.zip
update
Diffstat (limited to '')
-rw-r--r--terminaldweller.com/haproxy/conf.yml429
-rw-r--r--terminaldweller.com/haproxy/docker-compose.yaml90
2 files changed, 480 insertions, 39 deletions
diff --git a/terminaldweller.com/haproxy/conf.yml b/terminaldweller.com/haproxy/conf.yml
new file mode 100644
index 0000000..f3c8a9c
--- /dev/null
+++ b/terminaldweller.com/haproxy/conf.yml
@@ -0,0 +1,429 @@
+# my global config
+global:
+ scrape_interval: 60s
+ evaluation_interval: 120s
+ scrape_timeout: 10s
+
+ external_labels:
+ monitor: codelab
+ foo: bar
+
+rule_files:
+ - "first.rules"
+ - "my/*.rules"
+
+remote_write:
+ - url: http://remote1/push
+ name: drop_expensive
+ write_relabel_configs:
+ - source_labels: [__name__]
+ regex: expensive.*
+ action: drop
+ oauth2:
+ client_id: "123"
+ client_secret: "456"
+ token_url: "http://remote1/auth"
+ tls_config:
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+
+ - url: http://remote2/push
+ name: rw_tls
+ tls_config:
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+ headers:
+ name: value
+
+remote_read:
+ - url: http://remote1/read
+ read_recent: true
+ name: default
+ enable_http2: false
+ - url: http://remote3/read
+ read_recent: false
+ name: read_special
+ required_matchers:
+ job: special
+ tls_config:
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+
+scrape_configs:
+ - job_name: prometheus
+
+ honor_labels: true
+ # scrape_interval is defined by the configured global (15s).
+ # scrape_timeout is defined by the global default (10s).
+
+ # metrics_path defaults to '/metrics'
+ # scheme defaults to 'http'.
+
+ file_sd_configs:
+ - files:
+ - foo/*.slow.json
+ - foo/*.slow.yml
+ - single/file.yml
+ refresh_interval: 10m
+ - files:
+ - bar/*.yaml
+
+ static_configs:
+ - targets: ["localhost:9090", "localhost:9191"]
+ labels:
+ my: label
+ your: label
+
+ relabel_configs:
+ - source_labels: [job, __meta_dns_name]
+ regex: (.*)some-[regex]
+ target_label: job
+ replacement: foo-${1}
+ # action defaults to 'replace'
+ - source_labels: [abc]
+ target_label: cde
+ - replacement: static
+ target_label: abc
+ - regex:
+ replacement: static
+ target_label: abc
+ - source_labels: [foo]
+ target_label: abc
+ action: keepequal
+ - source_labels: [foo]
+ target_label: abc
+ action: dropequal
+
+ authorization:
+ credentials_file: valid_token_file
+
+ tls_config:
+ min_version: TLS10
+
+ - job_name: service-x
+
+ basic_auth:
+ username: admin_name
+ password: "multiline\nmysecret\ntest" #pragma: allowlist secret
+
+ scrape_interval: 50s
+ scrape_timeout: 5s
+
+ body_size_limit: 10MB
+ sample_limit: 1000
+
+ metrics_path: /my_path
+ scheme: https
+
+ dns_sd_configs:
+ - refresh_interval: 15s
+ names:
+ - first.dns.address.domain.com
+ - second.dns.address.domain.com
+ - names:
+ - first.dns.address.domain.com
+
+ relabel_configs:
+ - source_labels: [job]
+ regex: (.*)some-[regex]
+ action: drop
+ - source_labels: [__address__]
+ modulus: 8
+ target_label: __tmp_hash
+ action: hashmod
+ - source_labels: [__tmp_hash]
+ regex: 1
+ action: keep
+ - action: labelmap
+ regex: 1
+ - action: labeldrop
+ regex: d
+ - action: labelkeep
+ regex: k
+
+ metric_relabel_configs:
+ - source_labels: [__name__]
+ regex: expensive_metric.*
+ action: drop
+
+ - job_name: service-y
+
+ consul_sd_configs:
+ - server: "localhost:1234"
+ token: mysecret
+ services: ["nginx", "cache", "mysql"]
+ tags: ["canary", "v1"]
+ node_meta:
+ rack: "123"
+ allow_stale: true
+ scheme: https
+ tls_config:
+ ca_file: valid_ca_file
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+ insecure_skip_verify: false
+
+ relabel_configs:
+ - source_labels: [__meta_sd_consul_tags]
+ separator: ","
+ regex: label:([^=]+)=([^,]+)
+ target_label: ${1}
+ replacement: ${2}
+
+ - job_name: service-z
+
+ tls_config:
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+
+ authorization:
+ credentials: mysecret
+
+ - job_name: service-kubernetes
+
+ kubernetes_sd_configs:
+ - role: endpoints
+ api_server: "https://localhost:1234"
+ tls_config:
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+
+ basic_auth:
+ username: "myusername"
+ password: "mysecret" #pragma: allowlist secret
+
+ - job_name: service-kubernetes-namespaces
+
+ kubernetes_sd_configs:
+ - role: endpoints
+ api_server: "https://localhost:1234"
+ namespaces:
+ names:
+ - default
+
+ basic_auth:
+ username: "myusername"
+ password_file: valid_password_file #pragma: allowlist secret
+
+ - job_name: service-kuma
+
+ kuma_sd_configs:
+ - server: http://kuma-control-plane.kuma-system.svc:5676
+
+ - job_name: service-marathon
+ marathon_sd_configs:
+ - servers:
+ - "https://marathon.example.com:443"
+
+ auth_token: "mysecret"
+ tls_config:
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+
+ - job_name: service-nomad
+ nomad_sd_configs:
+ - server: 'http://localhost:4646'
+
+ - job_name: service-ec2
+ ec2_sd_configs:
+ - region: us-east-1
+ access_key: access
+ secret_key: mysecret #pragma: allowlist secret
+ profile: profile
+ filters:
+ - name: tag:environment
+ values:
+ - prod
+
+ - name: tag:service
+ values:
+ - web
+ - db
+
+ - job_name: service-lightsail
+ lightsail_sd_configs:
+ - region: us-east-1
+ access_key: access
+ secret_key: mysecret #pragma: allowlist secret
+ profile: profile
+
+ - job_name: service-azure
+ azure_sd_configs:
+ - environment: AzurePublicCloud
+ authentication_method: OAuth
+ subscription_id: 11AAAA11-A11A-111A-A111-1111A1111A11
+ resource_group: my-resource-group
+ tenant_id: BBBB222B-B2B2-2B22-B222-2BB2222BB2B2
+ client_id: 333333CC-3C33-3333-CCC3-33C3CCCCC33C
+ client_secret: mysecret #pragma: allowlist secret
+ port: 9100
+
+ - job_name: service-nerve
+ nerve_sd_configs:
+ - servers:
+ - localhost
+ paths:
+ - /monitoring
+
+ - job_name: 0123service-xxx
+ metrics_path: /metrics
+ static_configs:
+ - targets:
+ - localhost:9090
+
+ - job_name: badfederation
+ honor_timestamps: false
+ metrics_path: /federate
+ static_configs:
+ - targets:
+ - localhost:9090
+
+ - job_name: 測試
+ metrics_path: /metrics
+ static_configs:
+ - targets:
+ - localhost:9090
+
+ - job_name: httpsd
+ http_sd_configs:
+ - url: "http://example.com/prometheus"
+
+ - job_name: service-triton
+ triton_sd_configs:
+ - account: "testAccount"
+ dns_suffix: "triton.example.com"
+ endpoint: "triton.example.com"
+ port: 9163
+ refresh_interval: 1m
+ version: 1
+ tls_config:
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+
+ - job_name: digitalocean-droplets
+ digitalocean_sd_configs:
+ - authorization:
+ credentials: abcdef
+
+ - job_name: docker
+ docker_sd_configs:
+ - host: unix:///var/run/docker.sock
+
+ - job_name: dockerswarm
+ dockerswarm_sd_configs:
+ - host: http://127.0.0.1:2375
+ role: nodes
+
+ - job_name: service-openstack
+ openstack_sd_configs:
+ - role: instance
+ region: RegionOne
+ port: 80
+ refresh_interval: 1m
+ tls_config:
+ ca_file: valid_ca_file
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+
+ - job_name: service-puppetdb
+ puppetdb_sd_configs:
+ - url: https://puppetserver/
+ query: 'resources { type = "Package" and title = "httpd" }'
+ include_parameters: true
+ port: 80
+ refresh_interval: 1m
+ tls_config:
+ ca_file: valid_ca_file
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+
+ - job_name: hetzner
+ relabel_configs:
+ - action: uppercase
+ source_labels: [instance]
+ target_label: instance
+ hetzner_sd_configs:
+ - role: hcloud
+ authorization:
+ credentials: abcdef
+ - role: robot
+ basic_auth:
+ username: abcdef
+ password: abcdef
+
+ - job_name: service-eureka
+ eureka_sd_configs:
+ - server: "http://eureka.example.com:8761/eureka"
+
+ - job_name: ovhcloud
+ ovhcloud_sd_configs:
+ - service: vps
+ endpoint: ovh-eu
+ application_key: testAppKey
+ application_secret: testAppSecret #pragma: allowlist secret
+ consumer_key: testConsumerKey
+ refresh_interval: 1m
+ - service: dedicated_server
+ endpoint: ovh-eu
+ application_key: testAppKey
+ application_secret: testAppSecret #pragma: allowlist secret
+ consumer_key: testConsumerKey
+ refresh_interval: 1m
+
+ - job_name: scaleway
+ scaleway_sd_configs:
+ - role: instance
+ project_id: 11111111-1111-1111-1111-111111111112
+ access_key: SCWXXXXXXXXXXXXXXXXX
+ secret_key: 11111111-1111-1111-1111-111111111111
+ - role: baremetal
+ project_id: 11111111-1111-1111-1111-111111111112
+ access_key: SCWXXXXXXXXXXXXXXXXX
+ secret_key: 11111111-1111-1111-1111-111111111111
+
+ - job_name: linode-instances
+ linode_sd_configs:
+ - authorization:
+ credentials: abcdef
+
+ - job_name: uyuni
+ uyuni_sd_configs:
+ - server: https://localhost:1234
+ username: gopher
+ password: hole #pragma: allowlist secret
+
+ - job_name: ionos
+ ionos_sd_configs:
+ - datacenter_id: 8feda53f-15f0-447f-badf-ebe32dad2fc0
+ authorization:
+ credentials: abcdef
+
+ - job_name: vultr
+ vultr_sd_configs:
+ - authorization:
+ credentials: abcdef
+
+alerting:
+ alertmanagers:
+ - scheme: https
+ static_configs:
+ - targets:
+ - "1.2.3.4:9093"
+ - "1.2.3.5:9093"
+ - "1.2.3.6:9093"
+
+storage:
+ tsdb:
+ out_of_order_time_window: 30m
+
+tracing:
+ endpoint: "localhost:4317"
+ client_type: "grpc"
+ headers:
+ foo: "bar"
+ timeout: 5s
+ compression: "gzip"
+ tls_config:
+ cert_file: valid_cert_file
+ key_file: valid_key_file
+ insecure_skip_verify: true
diff --git a/terminaldweller.com/haproxy/docker-compose.yaml b/terminaldweller.com/haproxy/docker-compose.yaml
index f24d17c..6e89024 100644
--- a/terminaldweller.com/haproxy/docker-compose.yaml
+++ b/terminaldweller.com/haproxy/docker-compose.yaml
@@ -1,7 +1,7 @@
version: "3.4"
services:
haproxy:
- image: haproxy
+ image: haproxy:2.7.1-bullseye
ports:
- "80:80"
- "443:443"
@@ -17,51 +17,63 @@ services:
- "587:587"
volumes:
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
- - ./certs:/usr/local/etc/certs:ro
+ # - ./certs:/usr/local/etc/certs:ro
networks:
- proxynet
- - certnet
+ - metricsnet
+ # - certnet
restart: unless-stopped
cap_drop:
- ALL
- certbot:
- image: certbot
- build:
- context: ./certbot
- ports:
- - "127.0.0.1:9080:80"
- - "127.0.0.1:9443:443"
+ # certbot:
+ # image: certbot
+ # build:
+ # context: ./certbot
+ # ports:
+ # - "127.0.0.1:9080:80"
+ # - "127.0.0.1:9443:443"
+ # networks:
+ # - certnet
+ # # restart: unless-stopped
+ # volumes:
+ # - ./letsencrypt:/etc/letsencrypt
+ # - ./webroot:/webroot
+ # - ./certs:/certs
+ # # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"]
+ # entrypoint: ["/certbot-entrypoint.sh"]
+ # environment:
+ # - DOMAIN=chat.terminaldweller.com
+ # - EMAIL=devi@mail.terminaldweller.com
+ # nginx:
+ # image: nginx
+ # ports:
+ # - "127.0.0.1:8080:80"
+ # networks:
+ # - certnet
+ # restart: unless-stopped
+ # volumes:
+ # - ./webroot:/usr/share/nginx/html
+ # udpproxy:
+ # image: nginx
+ # ports:
+ # - "127.0.0.1:3478:3478/udp"
+ # - "127.0.0.1:5349:5349/udp"
+ # networks:
+ # - proxynet
+ # restart: unless-stopped
+ # volumes:
+ # - ./nginx.conf:/etc/nginx/nginx.conf:ro
+ prometheus:
+ image: bitnami/prometheus:2.41.0
networks:
- - certnet
- # restart: unless-stopped
- volumes:
- - ./letsencrypt:/etc/letsencrypt
- - ./webroot:/webroot
- - ./certs:/certs
- # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"]
- entrypoint: ["/certbot-entrypoint.sh"]
- environment:
- - DOMAIN=chat.terminaldweller.com
- - EMAIL=devi@mail.terminaldweller.com
- nginx:
- image: nginx
- ports:
- - "127.0.0.1:8080:80"
- networks:
- - certnet
- restart: unless-stopped
- volumes:
- - ./webroot:/usr/share/nginx/html
- udpproxy:
- image: nginx
- ports:
- - "127.0.0.1:3478:3478/udp"
- - "127.0.0.1:5349:5349/udp"
- networks:
- - proxynet
+ - metricsnet
restart: unless-stopped
volumes:
- - ./nginx.conf:/etc/nginx/nginx.conf:ro
+ - metricsvault:/opt/bitnami/prometheus/data
+ - ./conf.yml:/opt/bitnami/prometheus/conf/prometheus.yml:ro
networks:
proxynet:
- certnet:
+ metricsnet:
+ # certnet:
+volumes:
+ metricsvault: