101 lines
3.8 KiB
YAML
101 lines
3.8 KiB
YAML
version: '3'
|
|
|
|
services:
|
|
prometheus:
|
|
image: prom/prometheus:latest
|
|
restart: unless-stopped
|
|
container_name: prometheus
|
|
volumes:
|
|
- {{ server.work_dir }}/prometheus/config:/etc/prometheus
|
|
- {{ server.work_dir }}/prometheus/base:/prometheus
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
command:
|
|
- "--web.route-prefix=/"
|
|
- "--web.external-url=https://prometheus.{{ server.domain }}/"
|
|
- "--config.file=/etc/prometheus/prometheus.yml"
|
|
- "--storage.tsdb.path=/prometheus"
|
|
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
|
|
- "--web.console.templates=/usr/share/prometheus/consoles"
|
|
networks:
|
|
- metrics
|
|
- proxy
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.prometheus-secure.entrypoints=https
|
|
- traefik.http.routers.prometheus-secure.rule=Host(`prometheus.{{ server.domain }}`)
|
|
- traefik.http.routers.prometheus-secure.middlewares=private-network@file
|
|
- traefik.http.routers.prometheus-secure.tls=true
|
|
- traefik.http.routers.prometheus-secure.tls.certresolver=sslResolver
|
|
- traefik.http.routers.prometheus-secure.service=prometheus
|
|
- traefik.http.services.prometheus.loadbalancer.server.port=9090
|
|
- traefik.docker.network=proxy
|
|
|
|
loki:
|
|
image: grafana/loki:latest
|
|
restart: unless-stopped
|
|
command: -config.file=/etc/loki/config.yml
|
|
volumes:
|
|
- {{ server.work_dir }}/loki/config:/etc/loki
|
|
networks:
|
|
- metrics
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.loki-secure.entrypoints=https
|
|
- traefik.http.routers.loki-secure.rule=Host(`loki.{{ server.domain }}`)
|
|
- traefik.http.middlewares.loki-whitelist.ipWhiteList.sourceRange={{ server.ip }},192.168.1.0/24
|
|
- traefik.http.middlewares.loki-auth.basicauth.users=lokidoki:$$2y$$05$$HHJS7jsXv9g.1AsZX6f0jeFP.CrfGuvm1qoj/V8d/iXrX9oTKbDH2
|
|
- traefik.http.routers.loki-secure.middlewares=loki-whitelist,loki-auth
|
|
- traefik.http.routers.loki-secure.tls=true
|
|
- traefik.http.routers.loki-secure.tls.certresolver=sslResolver
|
|
- traefik.http.routers.loki-secure.service=loki
|
|
- traefik.http.services.loki.loadbalancer.server.port=3100
|
|
- traefik.docker.network=proxy
|
|
|
|
promtail:
|
|
image: grafana/promtail:latest
|
|
restart: unless-stopped
|
|
command: -config.file=/etc/promtail/config.yml
|
|
volumes:
|
|
- {{ server.work_dir }}/promtail/config:/etc/promtail
|
|
- /var/log:/var/log
|
|
networks:
|
|
- metrics
|
|
|
|
grafana:
|
|
image: grafana/grafana:latest
|
|
restart: unless-stopped
|
|
container_name: grafana
|
|
volumes:
|
|
- {{ server.work_dir }}/grafana/base:/var/lib/grafana
|
|
- {{ server.work_dir }}/grafana/provisioning:/etc/grafana/provisioning
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
environment:
|
|
GF_AUTH_ANONYMOUS_ENABLED: "true"
|
|
GF_AUTH_BASIC_ENABLED: "false"
|
|
GF_AUTH_PROXY_ENABLED: "false"
|
|
GF_USERS_ALLOW_SIGN_UP: "false"
|
|
GF_INSTALL_PLUGINS: grafana-piechart-panel
|
|
GF_SERVER_ROOT_URL: "%(protocol)s://%(domain)s:%(http_port)s/"
|
|
depends_on:
|
|
- prometheus
|
|
networks:
|
|
- proxy
|
|
- metrics
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.grafana-secure.entrypoints=https
|
|
- traefik.http.routers.grafana-secure.rule=Host(`grafana.{{ server.domain }}`)
|
|
- traefik.http.routers.grafana-secure.middlewares=private-network@file
|
|
- traefik.http.routers.grafana-secure.tls=true
|
|
- traefik.http.routers.grafana-secure.tls.certresolver=sslResolver
|
|
- traefik.http.routers.grafana-secure.service=grafana
|
|
- traefik.http.services.grafana.loadbalancer.server.port=3000
|
|
- traefik.docker.network=proxy
|
|
|
|
networks:
|
|
metrics:
|
|
external: true
|
|
proxy:
|
|
external: true
|