5 years ago · 5d08a68c93
--- a/README.md
+++ b/README.md
@@ -119,6 +119,7 @@ Create `A` or `CNAME` records which point to your server's IP address:
 
				
				 * `news.example.com` (for Selfoss)
			
 
				
				 * `cloud.example.com` (for NextCloud)
			
 
				
				 * `git.example.com` (for gitea)
			
 
				
				+* `status.example.com` (for monit)
			
 
				
				 * `matrix.example.com` (for riot)
			
 
				
				 
			
 
				
				 ### 6. Run the Ansible Playbooks
			
--- a/roles/monitoring/defaults/main.yml
+++ b/roles/monitoring/defaults/main.yml
@@ -0,0 +1,10 @@
 
				
				+secret_root: '{{ inventory_dir | realpath }}'
			
 
				
				+secret_name: 'secret'
			
 
				
				+secret: '{{ secret_root + "/" + secret_name }}'
			
 
				
				+
			
 
				
				+# must match values in roles/common
			
 
				
				+monit_admin_username: "{{ main_user_name }}"
			
 
				
				+monit_admin_password: "{{ lookup('password', secret + '/' + 'monit_admin_password length=16') }}"
			
 
				
				+
			
 
				
				+monit_page_public: 1
			
 
				
				+monit_subdomain: status
			
--- a/roles/monitoring/tasks/monit.yml
+++ b/roles/monitoring/tasks/monit.yml
@@ -89,3 +89,18 @@
 
				
				     - sshd
			
 
				
				     - tomcat
			
 
				
				   notify: restart monit
			
 
				
				+
			
 
				
				+- name: Create the Apache monit sites config files
			
 
				
				+  template:
			
 
				
				+    src=etc_apache2_sites-available_monit.j2
			
 
				
				+    dest=/etc/apache2/sites-available/monit_{{ item.name }}.conf
			
 
				
				+    owner=root
			
 
				
				+    group=root
			
 
				
				+  with_items: "{{ virtual_domains }}"
			
 
				
				+  when: monit_page_public == 1
			
 
				
				+
			
 
				
				+- name: Enable Apache sites (creates new sites-enabled symlinks)
			
 
				
				+  command: a2ensite monit_{{ item }}.conf creates=/etc/apache2/sites-enabled/monit_{{ item }}.conf
			
 
				
				+  notify: restart apache
			
 
				
				+  with_items: "{{ virtual_domains | json_query('[*].name') }}"
			
 
				
				+  when: monit_page_public == 1
			
--- a/roles/monitoring/templates/etc_apache2_sites-available_monit.j2
+++ b/roles/monitoring/templates/etc_apache2_sites-available_monit.j2
@@ -0,0 +1,20 @@
 
				
				+<VirtualHost *:80>
			
 
				
				+    ServerName {{ monit_subdomain }}.{{ item.name }}
			
 
				
				+
			
 
				
				+    Redirect permanent / https://{{ item.name }}/
			
 
				
				+</VirtualHost>
			
 
				
				+
			
 
				
				+<VirtualHost *:443>
			
 
				
				+    ServerName {{ monit_subdomain }}.{{ item.name }}
			
 
				
				+
			
 
				
				+    SSLEngine               On
			
 
				
				+    DocumentRoot            "{{ item.doc_root }}"
			
 
				
				+    DirectoryIndex          index.html
			
 
				
				+    Options                 -Indexes
			
 
				
				+    HostnameLookups         Off
			
 
				
				+
			
 
				
				+    ProxyRequests           Off
			
 
				
				+    ProxyPreserveHost       On
			
 
				
				+    ProxyPass               / http://localhost:2812/
			
 
				
				+    ProxyPassReverse        / http://localhost:2812/
			
 
				
				+</VirtualHost>
			
--- a/roles/monitoring/templates/etc_monit_monitrc.j2
+++ b/roles/monitoring/templates/etc_monit_monitrc.j2
@@ -139,7 +139,7 @@ set alert {{ admin_email }}
 
				
				 set httpd port 2812 and
			
 
				
				     use address localhost  # only accept connection from localhost
			
 
				
				     allow localhost        # allow localhost to connect to the server and
			
 
				
				-    allow admin:monit      # require user 'admin' with password 'monit'
			
 
				
				+    allow {{ monit_admin_username }}:{{ monit_admin_password }}
			
 
				
				 
			
 
				
				 #    allow @monit           # allow users of group 'monit' to connect (rw)
			
 
				
				 #    allow @users readonly  # allow users of group 'users' to connect readonly