diff --git a/config/traefik/.htpasswd b/config/traefik/.htpasswd new file mode 100644 index 0000000..dc557ff --- /dev/null +++ b/config/traefik/.htpasswd @@ -0,0 +1,5 @@ +# basic auth for traefik middleware. +# format here is : +# to generate bcrypt password one can use +# curl --verbose --request POST --data "password=XlokiAuth101&cost=10" https://www.toptal.com/developers/bcrypt/api/generate-hash.json +loki-auth:$2b$10$U8Cui8cO9ZXehYV.7atv8uPuA6rBVrA.Mxzvt8EsdheztkyXZagv6 diff --git a/config/traefik/traefik.yaml b/config/traefik/traefik.yaml index 95f766e..aac9716 100644 --- a/config/traefik/traefik.yaml +++ b/config/traefik/traefik.yaml @@ -10,6 +10,9 @@ entryPoints: ssh: address: ":${RC_SSH_PORT:?must-specify-ssh-port}" + loki: + address: ":3100" + traefik: address: ":7000" diff --git a/config/traefik/traefik_dynamic.yaml b/config/traefik/traefik_dynamic.yaml index 36a09de..1697f69 100644 --- a/config/traefik/traefik_dynamic.yaml +++ b/config/traefik/traefik_dynamic.yaml @@ -14,6 +14,10 @@ http: average: 100 burst: 50 + basic-auth: + basicAuth: + usersfile: /etc/traefik/.htpasswd + # Dynamic configuration for standard file based SSL cert # create a custom copy of the traefik into .custom/ and remount this # to enable custom certificates diff --git a/docker-compose-apps.yaml b/docker-compose-apps.yaml index a270fa1..873e8d5 100644 --- a/docker-compose-apps.yaml +++ b/docker-compose-apps.yaml @@ -5,8 +5,8 @@ x-logging: &custom-logging # NOTE: loki logging driver ONLY works for host type networks... driver: loki options: - #loki-url: "http://loki:3100/loki/api/v1/push" - loki-url: "http://127.0.0.1:3100/loki/api/v1/push" + #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push" + loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push" loki-retries: "5" loki-timeout: "1s" loki-max-backoff: "800ms" diff --git a/docker-compose-base.yaml b/docker-compose-base.yaml index caaff4e..1df38e5 100644 --- a/docker-compose-base.yaml +++ b/docker-compose-base.yaml @@ -11,8 +11,8 @@ x-logging: &custom-logging # debug: sudo journalctl -u docker.service | grep loki driver: loki options: - #loki-url: "http://loki:3100/loki/api/v1/push" - loki-url: "http://127.0.0.1:3100/loki/api/v1/push" + #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push" + loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push" loki-retries: "5" loki-timeout: "1s" loki-max-backoff: "800ms" diff --git a/docker-compose-metrics.yaml b/docker-compose-metrics.yaml index 052860b..57ee912 100644 --- a/docker-compose-metrics.yaml +++ b/docker-compose-metrics.yaml @@ -103,10 +103,8 @@ services: loki: image: grafana/loki:2.7.1 restart: always - ports: - # Loki port is the only one that needs explicitly - # be exposed because of logging driver host-only woking mode - - "3100:3100" +# ports: +# - "3100:3100" # - "9095:9095" command: [ "-config.file=/etc/loki/loki-config.yaml" @@ -115,6 +113,17 @@ services: - rhodecode_network volumes: - ./config/loki:/etc/loki + # optionally mount host container to scrape docker logs... + # - /var/lib/docker/containers:/var/lib/docker/containers:ro + labels: + # Loki port is the only one that needs explicitly + # be exposed because of logging driver host-only working mode + - "traefik.enable=true" + - "traefik.http.routers.loki.entrypoints=loki" + - "traefik.http.routers.loki.rule=PathPrefix(`/`)" + - "traefik.http.routers.loki.middlewares=basic-auth@file" + - "traefik.http.routers.loki.service=loki-http" + - "traefik.http.services.loki-http.loadbalancer.server.port=3100" promtail: image: grafana/promtail:2.7.1 @@ -127,5 +136,3 @@ services: - /var/log:/var/log - logvolume:/var/log_volume - ./config/promtail:/etc/promtail - labels: - - "traefik.enable=false" diff --git a/docker-compose-router.yaml b/docker-compose-router.yaml index 0df0f53..aace637 100644 --- a/docker-compose-router.yaml +++ b/docker-compose-router.yaml @@ -5,8 +5,8 @@ x-logging: &custom-logging # NOTE: loki logging driver ONLY works for host type networks... driver: loki options: - #loki-url: "http://loki:3100/loki/api/v1/push" - loki-url: "http://127.0.0.1:3100/loki/api/v1/push" + #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push" + loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push" loki-retries: "5" loki-timeout: "1s" loki-max-backoff: "800ms" @@ -23,6 +23,8 @@ services: - "80:80" # The HTTPS port, exposed as https entrypoint - "443:443" + # The loki port, exposed as http entrypoint behind auth + - "3100:3100" # The SSH port - "${RC_SSH_PORT}:${RC_SSH_PORT}" volumes: diff --git a/docker-compose-services.yaml b/docker-compose-services.yaml index 400ac83..5d9f3a3 100644 --- a/docker-compose-services.yaml +++ b/docker-compose-services.yaml @@ -5,8 +5,8 @@ x-logging: &custom-logging # NOTE: loki logging driver ONLY works for host type networks... driver: loki options: - #loki-url: "http://loki:3100/loki/api/v1/push" - loki-url: "http://127.0.0.1:3100/loki/api/v1/push" + #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push" + loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push" loki-retries: "5" loki-timeout: "1s" loki-max-backoff: "800ms" diff --git a/templates/docker-compose-apps.override.yaml b/templates/docker-compose-apps.override.yaml index d33131e..303b8f9 100644 --- a/templates/docker-compose-apps.override.yaml +++ b/templates/docker-compose-apps.override.yaml @@ -3,12 +3,17 @@ version: '3.9' services: rhodecode: - ports: - - "10020:10020" + #ports: + # # expose port for optional direct port connection + # - "10020:10020" environment: DB_UPGRADE: 0 # run the DB upgrade SETUP_APP: 0 # run the application default settings setup, can be turned off after initial run + #healthcheck: + # # disable the healthcheck + # test: ['CMD','true'] + deploy: replicas: 1 @@ -20,6 +25,10 @@ services: deploy: replicas: 1 + #healthcheck: + # # disable the healthcheck + # test: ['CMD','true'] + sshd: {}