From 437fc047e789340ace274159bf2046382b069140 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Mon, 16 Jan 2023 15:34:12 +0330 Subject: update --- terminaldweller.com/haproxy/conf.yml | 427 +----------------------- terminaldweller.com/haproxy/docker-compose.yaml | 50 ++- terminaldweller.com/haproxy/haproxy.cfg | 9 +- 3 files changed, 38 insertions(+), 448 deletions(-) (limited to 'terminaldweller.com/haproxy') diff --git a/terminaldweller.com/haproxy/conf.yml b/terminaldweller.com/haproxy/conf.yml index f3c8a9c..9e3a61e 100644 --- a/terminaldweller.com/haproxy/conf.yml +++ b/terminaldweller.com/haproxy/conf.yml @@ -4,426 +4,21 @@ global: evaluation_interval: 120s scrape_timeout: 10s - external_labels: - monitor: codelab - foo: bar - -rule_files: - - "first.rules" - - "my/*.rules" - -remote_write: - - url: http://remote1/push - name: drop_expensive - write_relabel_configs: - - source_labels: [__name__] - regex: expensive.* - action: drop - oauth2: - client_id: "123" - client_secret: "456" - token_url: "http://remote1/auth" - tls_config: - cert_file: valid_cert_file - key_file: valid_key_file - - - url: http://remote2/push - name: rw_tls - tls_config: - cert_file: valid_cert_file - key_file: valid_key_file - headers: - name: value - -remote_read: - - url: http://remote1/read - read_recent: true - name: default - enable_http2: false - - url: http://remote3/read - read_recent: false - name: read_special - required_matchers: - job: special - tls_config: - cert_file: valid_cert_file - key_file: valid_key_file +# remote_write: +# - url: https://prometheus-blocks-prod-us-central1.grafana.net/api/prom/push +# basic_auth: +# username: 151269 +# password: eyJrIjoiY2E0NDIwNTM1MmMzMDUxMjZjZTBlYWYzYmNiOGY5ZjU1NzBhYTM0ZiIsIm4iOiJoYXByb3h5X3Byb20iLCJpZCI6NTE2NjQyfQ== scrape_configs: - - job_name: prometheus + - job_name: haproxy honor_labels: true - # scrape_interval is defined by the configured global (15s). - # scrape_timeout is defined by the global default (10s). - - # metrics_path defaults to '/metrics' - # scheme defaults to 'http'. - - file_sd_configs: - - files: - - foo/*.slow.json - - foo/*.slow.yml - - single/file.yml - refresh_interval: 10m - - files: - - bar/*.yaml + metrics_path: '/metrics' + scheme: 'http' static_configs: - - targets: ["localhost:9090", "localhost:9191"] + - targets: ["haproxy:8404"] labels: - my: label - your: label - - relabel_configs: - - source_labels: [job, __meta_dns_name] - regex: (.*)some-[regex] - target_label: job - replacement: foo-${1} - # action defaults to 'replace' - - source_labels: [abc] - target_label: cde - - replacement: static - target_label: abc - - regex: - replacement: static - target_label: abc - - source_labels: [foo] - target_label: abc - action: keepequal - - source_labels: [foo] - target_label: abc - action: dropequal - - authorization: - credentials_file: valid_token_file - - tls_config: - min_version: TLS10 - - - job_name: service-x - - basic_auth: - username: admin_name - password: "multiline\nmysecret\ntest" #pragma: allowlist secret - - scrape_interval: 50s - scrape_timeout: 5s - - body_size_limit: 10MB - sample_limit: 1000 - - metrics_path: /my_path - scheme: https - - dns_sd_configs: - - refresh_interval: 15s - names: - - first.dns.address.domain.com - - second.dns.address.domain.com - - names: - - first.dns.address.domain.com - - relabel_configs: - - source_labels: [job] - regex: (.*)some-[regex] - action: drop - - source_labels: [__address__] - modulus: 8 - target_label: __tmp_hash - action: hashmod - - source_labels: [__tmp_hash] - regex: 1 - action: keep - - action: labelmap - regex: 1 - - action: labeldrop - regex: d - - action: labelkeep - regex: k - - metric_relabel_configs: - - source_labels: [__name__] - regex: expensive_metric.* - action: drop - - - job_name: service-y - - consul_sd_configs: - - server: "localhost:1234" - token: mysecret - services: ["nginx", "cache", "mysql"] - tags: ["canary", "v1"] - node_meta: - rack: "123" - allow_stale: true - scheme: https - tls_config: - ca_file: valid_ca_file - cert_file: valid_cert_file - key_file: valid_key_file - insecure_skip_verify: false - - relabel_configs: - - source_labels: [__meta_sd_consul_tags] - separator: "," - regex: label:([^=]+)=([^,]+) - target_label: ${1} - replacement: ${2} - - - job_name: service-z - - tls_config: - cert_file: valid_cert_file - key_file: valid_key_file - - authorization: - credentials: mysecret - - - job_name: service-kubernetes - - kubernetes_sd_configs: - - role: endpoints - api_server: "https://localhost:1234" - tls_config: - cert_file: valid_cert_file - key_file: valid_key_file - - basic_auth: - username: "myusername" - password: "mysecret" #pragma: allowlist secret - - - job_name: service-kubernetes-namespaces - - kubernetes_sd_configs: - - role: endpoints - api_server: "https://localhost:1234" - namespaces: - names: - - default - - basic_auth: - username: "myusername" - password_file: valid_password_file #pragma: allowlist secret - - - job_name: service-kuma - - kuma_sd_configs: - - server: http://kuma-control-plane.kuma-system.svc:5676 - - - job_name: service-marathon - marathon_sd_configs: - - servers: - - "https://marathon.example.com:443" - - auth_token: "mysecret" - tls_config: - cert_file: valid_cert_file - key_file: valid_key_file - - - job_name: service-nomad - nomad_sd_configs: - - server: 'http://localhost:4646' - - - job_name: service-ec2 - ec2_sd_configs: - - region: us-east-1 - access_key: access - secret_key: mysecret #pragma: allowlist secret - profile: profile - filters: - - name: tag:environment - values: - - prod - - - name: tag:service - values: - - web - - db - - - job_name: service-lightsail - lightsail_sd_configs: - - region: us-east-1 - access_key: access - secret_key: mysecret #pragma: allowlist secret - profile: profile - - - job_name: service-azure - azure_sd_configs: - - environment: AzurePublicCloud - authentication_method: OAuth - subscription_id: 11AAAA11-A11A-111A-A111-1111A1111A11 - resource_group: my-resource-group - tenant_id: BBBB222B-B2B2-2B22-B222-2BB2222BB2B2 - client_id: 333333CC-3C33-3333-CCC3-33C3CCCCC33C - client_secret: mysecret #pragma: allowlist secret - port: 9100 - - - job_name: service-nerve - nerve_sd_configs: - - servers: - - localhost - paths: - - /monitoring - - - job_name: 0123service-xxx - metrics_path: /metrics - static_configs: - - targets: - - localhost:9090 - - - job_name: badfederation - honor_timestamps: false - metrics_path: /federate - static_configs: - - targets: - - localhost:9090 - - - job_name: 測試 - metrics_path: /metrics - static_configs: - - targets: - - localhost:9090 - - - job_name: httpsd - http_sd_configs: - - url: "http://example.com/prometheus" - - - job_name: service-triton - triton_sd_configs: - - account: "testAccount" - dns_suffix: "triton.example.com" - endpoint: "triton.example.com" - port: 9163 - refresh_interval: 1m - version: 1 - tls_config: - cert_file: valid_cert_file - key_file: valid_key_file - - - job_name: digitalocean-droplets - digitalocean_sd_configs: - - authorization: - credentials: abcdef - - - job_name: docker - docker_sd_configs: - - host: unix:///var/run/docker.sock - - - job_name: dockerswarm - dockerswarm_sd_configs: - - host: http://127.0.0.1:2375 - role: nodes - - - job_name: service-openstack - openstack_sd_configs: - - role: instance - region: RegionOne - port: 80 - refresh_interval: 1m - tls_config: - ca_file: valid_ca_file - cert_file: valid_cert_file - key_file: valid_key_file - - - job_name: service-puppetdb - puppetdb_sd_configs: - - url: https://puppetserver/ - query: 'resources { type = "Package" and title = "httpd" }' - include_parameters: true - port: 80 - refresh_interval: 1m - tls_config: - ca_file: valid_ca_file - cert_file: valid_cert_file - key_file: valid_key_file - - - job_name: hetzner - relabel_configs: - - action: uppercase - source_labels: [instance] - target_label: instance - hetzner_sd_configs: - - role: hcloud - authorization: - credentials: abcdef - - role: robot - basic_auth: - username: abcdef - password: abcdef - - - job_name: service-eureka - eureka_sd_configs: - - server: "http://eureka.example.com:8761/eureka" - - - job_name: ovhcloud - ovhcloud_sd_configs: - - service: vps - endpoint: ovh-eu - application_key: testAppKey - application_secret: testAppSecret #pragma: allowlist secret - consumer_key: testConsumerKey - refresh_interval: 1m - - service: dedicated_server - endpoint: ovh-eu - application_key: testAppKey - application_secret: testAppSecret #pragma: allowlist secret - consumer_key: testConsumerKey - refresh_interval: 1m - - - job_name: scaleway - scaleway_sd_configs: - - role: instance - project_id: 11111111-1111-1111-1111-111111111112 - access_key: SCWXXXXXXXXXXXXXXXXX - secret_key: 11111111-1111-1111-1111-111111111111 - - role: baremetal - project_id: 11111111-1111-1111-1111-111111111112 - access_key: SCWXXXXXXXXXXXXXXXXX - secret_key: 11111111-1111-1111-1111-111111111111 - - - job_name: linode-instances - linode_sd_configs: - - authorization: - credentials: abcdef - - - job_name: uyuni - uyuni_sd_configs: - - server: https://localhost:1234 - username: gopher - password: hole #pragma: allowlist secret - - - job_name: ionos - ionos_sd_configs: - - datacenter_id: 8feda53f-15f0-447f-badf-ebe32dad2fc0 - authorization: - credentials: abcdef - - - job_name: vultr - vultr_sd_configs: - - authorization: - credentials: abcdef - -alerting: - alertmanagers: - - scheme: https - static_configs: - - targets: - - "1.2.3.4:9093" - - "1.2.3.5:9093" - - "1.2.3.6:9093" - -storage: - tsdb: - out_of_order_time_window: 30m - -tracing: - endpoint: "localhost:4317" - client_type: "grpc" - headers: - foo: "bar" - timeout: 5s - compression: "gzip" - tls_config: - cert_file: valid_cert_file - key_file: valid_key_file - insecure_skip_verify: true + my: haproxy + your: haproxy diff --git a/terminaldweller.com/haproxy/docker-compose.yaml b/terminaldweller.com/haproxy/docker-compose.yaml index 6e89024..126613c 100644 --- a/terminaldweller.com/haproxy/docker-compose.yaml +++ b/terminaldweller.com/haproxy/docker-compose.yaml @@ -17,47 +17,29 @@ services: - "587:587" volumes: - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro - # - ./certs:/usr/local/etc/certs:ro networks: - proxynet - metricsnet - # - certnet restart: unless-stopped cap_drop: - ALL - # certbot: - # image: certbot - # build: - # context: ./certbot - # ports: - # - "127.0.0.1:9080:80" - # - "127.0.0.1:9443:443" - # networks: - # - certnet - # # restart: unless-stopped - # volumes: - # - ./letsencrypt:/etc/letsencrypt - # - ./webroot:/webroot - # - ./certs:/certs - # # command: ["certonly","--test-cert","--webroot","-w","/webroot","-d","chat.terminaldweller.com","--email","thabogre@gmail.com","--non-interactive","--agree-tos"] - # entrypoint: ["/certbot-entrypoint.sh"] - # environment: - # - DOMAIN=chat.terminaldweller.com - # - EMAIL=devi@mail.terminaldweller.com - # nginx: - # image: nginx - # ports: - # - "127.0.0.1:8080:80" - # networks: - # - certnet - # restart: unless-stopped - # volumes: - # - ./webroot:/usr/share/nginx/html # udpproxy: # image: nginx # ports: # - "127.0.0.1:3478:3478/udp" # - "127.0.0.1:5349:5349/udp" + # - "80:80" + # - "443:443" + # - "5222:5222" + # - "5280:5280" + # - "5443:5443" + # - "143:143" + # - "993:993" + # - "110:110" + # - "995:995" + # - "25:25" + # - "465:465" + # - "587:587" # networks: # - proxynet # restart: unless-stopped @@ -68,12 +50,18 @@ services: networks: - metricsnet restart: unless-stopped + ports: + - "127.0.0.1:9099:9090" volumes: - metricsvault:/opt/bitnami/prometheus/data - ./conf.yml:/opt/bitnami/prometheus/conf/prometheus.yml:ro + environment: + - HTTPS_PROXY=socks5h://172.17.0.1:9993 + - HTTP_PROXY=socks5h://172.17.0.1:9993 + - ALL_PROXY=socks5h://172.17.0.1:9993 + - NO_PROXY=localhost,127.0.0.0/8,172.16.0.0/12,10.0.0.0/8,192.168.0.0/16 networks: proxynet: metricsnet: - # certnet: volumes: metricsvault: diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index 57f79f4..6408b44 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -1,5 +1,5 @@ global - maxconn 256 + maxconn 768 log 127.0.0.1 local0 ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL ssl-default-bind-options no-sslv3 @@ -251,6 +251,13 @@ frontend mail-submission acl mail-host-ss req.ssl_sni -i terminaldweller.com use_backend mail-backend-submission if mail-host-s use_backend mail-backend-submission if mail-host-ss +frontend stats + mode http + bind *:8404 + http-request use-service prometheus-exporter if { path /metrics } + stats enable + stats uri /stats + stats refresh 10s #Backends backend certbot-backend -- cgit v1.2.3