version: '3' services: prometheus: image: prom/prometheus:latest restart: unless-stopped container_name: prometheus volumes: - {{ server.work_dir }}/prometheus/config:/etc/prometheus - {{ server.work_dir }}/prometheus/base:/prometheus - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro command: - "--web.route-prefix=/" - "--web.external-url=https://prometheus.{{ server.domain }}/" - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/usr/share/prometheus/console_libraries" - "--web.console.templates=/usr/share/prometheus/consoles" networks: - metrics - proxy labels: - traefik.enable=true - traefik.http.routers.prometheus-secure.entrypoints=https - traefik.http.routers.prometheus-secure.rule=Host(`prometheus.{{ server.domain }}`) - traefik.http.routers.prometheus-secure.middlewares=private-network@file - traefik.http.routers.prometheus-secure.tls=true - traefik.http.routers.prometheus-secure.tls.certresolver=sslResolver - traefik.http.routers.prometheus-secure.service=prometheus - traefik.http.services.prometheus.loadbalancer.server.port=9090 - traefik.docker.network=proxy loki: image: grafana/loki:latest restart: unless-stopped command: -config.file=/etc/loki/config.yml volumes: - {{ server.work_dir }}/loki/config:/etc/loki networks: - metrics labels: - traefik.enable=true - traefik.http.routers.loki-secure.entrypoints=https - traefik.http.routers.loki-secure.rule=Host(`loki.{{ server.domain }}`) - traefik.http.middlewares.loki-whitelist.ipWhiteList.sourceRange={{ server.ip }},192.168.1.0/24 - traefik.http.middlewares.loki-auth.basicauth.users=lokidoki:$$2y$$05$$HHJS7jsXv9g.1AsZX6f0jeFP.CrfGuvm1qoj/V8d/iXrX9oTKbDH2 - traefik.http.routers.loki-secure.middlewares=loki-whitelist,loki-auth - traefik.http.routers.loki-secure.tls=true - traefik.http.routers.loki-secure.tls.certresolver=sslResolver - traefik.http.routers.loki-secure.service=loki - traefik.http.services.loki.loadbalancer.server.port=3100 - traefik.docker.network=proxy promtail: image: grafana/promtail:latest restart: unless-stopped command: -config.file=/etc/promtail/config.yml volumes: - {{ server.work_dir }}/promtail/config:/etc/promtail - /var/log:/var/log networks: - metrics grafana: image: grafana/grafana:latest restart: unless-stopped container_name: grafana volumes: - {{ server.work_dir }}/grafana/base:/var/lib/grafana - {{ server.work_dir }}/grafana/provisioning:/etc/grafana/provisioning - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: GF_AUTH_ANONYMOUS_ENABLED: "true" GF_AUTH_BASIC_ENABLED: "false" GF_AUTH_PROXY_ENABLED: "false" GF_USERS_ALLOW_SIGN_UP: "false" GF_INSTALL_PLUGINS: grafana-piechart-panel GF_SERVER_ROOT_URL: "%(protocol)s://%(domain)s:%(http_port)s/" depends_on: - prometheus networks: - proxy - metrics labels: - traefik.enable=true - traefik.http.routers.grafana-secure.entrypoints=https - traefik.http.routers.grafana-secure.rule=Host(`grafana.{{ server.domain }}`) - traefik.http.routers.grafana-secure.middlewares=private-network@file - traefik.http.routers.grafana-secure.tls=true - traefik.http.routers.grafana-secure.tls.certresolver=sslResolver - traefik.http.routers.grafana-secure.service=grafana - traefik.http.services.grafana.loadbalancer.server.port=3000 - traefik.docker.network=proxy networks: metrics: external: true proxy: external: true