Sfoglia il codice sorgente

Make monit status page public

Thomas Buck 5 anni fa
parent
commit
5d08a68c93

+ 1
- 0
README.md Vedi File

@@ -119,6 +119,7 @@ Create `A` or `CNAME` records which point to your server's IP address:
119 119
 * `news.example.com` (for Selfoss)
120 120
 * `cloud.example.com` (for NextCloud)
121 121
 * `git.example.com` (for gitea)
122
+* `status.example.com` (for monit)
122 123
 * `matrix.example.com` (for riot)
123 124
 
124 125
 ### 6. Run the Ansible Playbooks

+ 10
- 0
roles/monitoring/defaults/main.yml Vedi File

@@ -0,0 +1,10 @@
1
+secret_root: '{{ inventory_dir | realpath }}'
2
+secret_name: 'secret'
3
+secret: '{{ secret_root + "/" + secret_name }}'
4
+
5
+# must match values in roles/common
6
+monit_admin_username: "{{ main_user_name }}"
7
+monit_admin_password: "{{ lookup('password', secret + '/' + 'monit_admin_password length=16') }}"
8
+
9
+monit_page_public: 1
10
+monit_subdomain: status

+ 15
- 0
roles/monitoring/tasks/monit.yml Vedi File

@@ -89,3 +89,18 @@
89 89
     - sshd
90 90
     - tomcat
91 91
   notify: restart monit
92
+
93
+- name: Create the Apache monit sites config files
94
+  template:
95
+    src=etc_apache2_sites-available_monit.j2
96
+    dest=/etc/apache2/sites-available/monit_{{ item.name }}.conf
97
+    owner=root
98
+    group=root
99
+  with_items: "{{ virtual_domains }}"
100
+  when: monit_page_public == 1
101
+
102
+- name: Enable Apache sites (creates new sites-enabled symlinks)
103
+  command: a2ensite monit_{{ item }}.conf creates=/etc/apache2/sites-enabled/monit_{{ item }}.conf
104
+  notify: restart apache
105
+  with_items: "{{ virtual_domains | json_query('[*].name') }}"
106
+  when: monit_page_public == 1

+ 20
- 0
roles/monitoring/templates/etc_apache2_sites-available_monit.j2 Vedi File

@@ -0,0 +1,20 @@
1
+<VirtualHost *:80>
2
+    ServerName {{ monit_subdomain }}.{{ item.name }}
3
+
4
+    Redirect permanent / https://{{ item.name }}/
5
+</VirtualHost>
6
+
7
+<VirtualHost *:443>
8
+    ServerName {{ monit_subdomain }}.{{ item.name }}
9
+
10
+    SSLEngine               On
11
+    DocumentRoot            "{{ item.doc_root }}"
12
+    DirectoryIndex          index.html
13
+    Options                 -Indexes
14
+    HostnameLookups         Off
15
+
16
+    ProxyRequests           Off
17
+    ProxyPreserveHost       On
18
+    ProxyPass               / http://localhost:2812/
19
+    ProxyPassReverse        / http://localhost:2812/
20
+</VirtualHost>

+ 1
- 1
roles/monitoring/templates/etc_monit_monitrc.j2 Vedi File

@@ -139,7 +139,7 @@ set alert {{ admin_email }}
139 139
 set httpd port 2812 and
140 140
     use address localhost  # only accept connection from localhost
141 141
     allow localhost        # allow localhost to connect to the server and
142
-    allow admin:monit      # require user 'admin' with password 'monit'
142
+    allow {{ monit_admin_username }}:{{ monit_admin_password }}
143 143
 
144 144
 #    allow @monit           # allow users of group 'monit' to connect (rw)
145 145
 #    allow @users readonly  # allow users of group 'users' to connect readonly

Loading…
Annulla
Salva