TLS testing

2024-02-06 12:19:13 +01:00 · 2024-02-06 12:19:13 +01:00 · 28a2c97512
commit 28a2c97512
parent b2112a1efd
2 changed files with 54 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,8 @@ Simple stack pour monitorer les logs des conteneurs ou applications d'un serveur

 ## CONFIGURATION

+### LOKI AGENT HOST
+
 Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml:
 ```yml
    labels:
@ -11,6 +13,37 @@ Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au d
      logging_jobname: "containerlogs"
 ```

+#### TLS 
+
+- Create certs:
+
+```bash
+openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"
+```
+> remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...)
+
+- TLS config:
+```yaml
+server:
+  http_listen_port: 3100
+  grpc_listen_port: 9443
+
+  http_tls_config:
+    client_auth_type: RequireAndVerifyClientCert    
+    client_ca_file: /opt/loki/certs/loki_CA_.cer 
+    cert_file: /etc/loki/server.crt
+    key_file: /etc/loki/server.key
+  grpc_tls_config:
+    client_auth_type: RequireAndVerifyClientCert
+    client_ca_file: /opt/loki/certs/loki_CA_.cer   
+    cert_file: /etc/loki/server.crt
+    key_file: /etc/loki/server.key
+```
+
+### GRAFANA HOST
+
+
+
 ## UTILISATION

 ```bash
@ -26,4 +59,7 @@ docker-compose up -d
 - [ ] provisionner dashboard
 - [ ] Pormtail config
 - [ ] TLS config (https)
- [ ] SSH logs
+- [ ] SSH logs
+
+
+> le scraping des metrics du serveur distant se font désormais via TLS
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -2,24 +2,24 @@ version: '3.8'

 services:
 # APP EXEMPLE
-  nginx-app:
-    container_name: nginx-app
-    image: nginx
-    # NECESSARY FOR LOKI
-    labels:
-      logging: "promtail"
-      logging_jobname: "containerlogs"
-    ports:
-      - 8080:80
+  # nginx-app:
+  #   container_name: nginx-app
+  #   image: nginx
+  #   # NECESSARY FOR LOKI
+  #   labels:
+  #     logging: "promtail"
+  #     logging_jobname: "containerlogs"
+  #   ports:
+  #     - 8080:80

-  grafana:
-    image: grafana/grafana:latest
-    container_name: grafana
-    ports:
-      - 3000:3000
-    volumes:
-      - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
-      - ./grafana/dashboards:/var/lib/grafana/dashboards
+  # grafana:
+  #   image: grafana/grafana:latest
+  #   container_name: grafana
+  #   ports:
+  #     - 3000:3000
+  #   volumes:
+  #     - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
+  #     - ./grafana/dashboards:/var/lib/grafana/dashboards

  loki:
    image: grafana/loki:latest