TLS testing
This commit is contained in:
parent
b2112a1efd
commit
28a2c97512
38
README.md
38
README.md
@ -4,6 +4,8 @@ Simple stack pour monitorer les logs des conteneurs ou applications d'un serveur
|
|||||||
|
|
||||||
## CONFIGURATION
|
## CONFIGURATION
|
||||||
|
|
||||||
|
### LOKI AGENT HOST
|
||||||
|
|
||||||
Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml:
|
Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml:
|
||||||
```yml
|
```yml
|
||||||
labels:
|
labels:
|
||||||
@ -11,6 +13,37 @@ Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au d
|
|||||||
logging_jobname: "containerlogs"
|
logging_jobname: "containerlogs"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### TLS
|
||||||
|
|
||||||
|
- Create certs:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"
|
||||||
|
```
|
||||||
|
> remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...)
|
||||||
|
|
||||||
|
- TLS config:
|
||||||
|
```yaml
|
||||||
|
server:
|
||||||
|
http_listen_port: 3100
|
||||||
|
grpc_listen_port: 9443
|
||||||
|
|
||||||
|
http_tls_config:
|
||||||
|
client_auth_type: RequireAndVerifyClientCert
|
||||||
|
client_ca_file: /opt/loki/certs/loki_CA_.cer
|
||||||
|
cert_file: /etc/loki/server.crt
|
||||||
|
key_file: /etc/loki/server.key
|
||||||
|
grpc_tls_config:
|
||||||
|
client_auth_type: RequireAndVerifyClientCert
|
||||||
|
client_ca_file: /opt/loki/certs/loki_CA_.cer
|
||||||
|
cert_file: /etc/loki/server.crt
|
||||||
|
key_file: /etc/loki/server.key
|
||||||
|
```
|
||||||
|
|
||||||
|
### GRAFANA HOST
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## UTILISATION
|
## UTILISATION
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -26,4 +59,7 @@ docker-compose up -d
|
|||||||
- [ ] provisionner dashboard
|
- [ ] provisionner dashboard
|
||||||
- [ ] Pormtail config
|
- [ ] Pormtail config
|
||||||
- [ ] TLS config (https)
|
- [ ] TLS config (https)
|
||||||
- [ ] SSH logs
|
- [ ] SSH logs
|
||||||
|
|
||||||
|
|
||||||
|
> le scraping des metrics du serveur distant se font désormais via TLS
|
||||||
@ -2,24 +2,24 @@ version: '3.8'
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
# APP EXEMPLE
|
# APP EXEMPLE
|
||||||
nginx-app:
|
# nginx-app:
|
||||||
container_name: nginx-app
|
# container_name: nginx-app
|
||||||
image: nginx
|
# image: nginx
|
||||||
# NECESSARY FOR LOKI
|
# # NECESSARY FOR LOKI
|
||||||
labels:
|
# labels:
|
||||||
logging: "promtail"
|
# logging: "promtail"
|
||||||
logging_jobname: "containerlogs"
|
# logging_jobname: "containerlogs"
|
||||||
ports:
|
# ports:
|
||||||
- 8080:80
|
# - 8080:80
|
||||||
|
|
||||||
grafana:
|
# grafana:
|
||||||
image: grafana/grafana:latest
|
# image: grafana/grafana:latest
|
||||||
container_name: grafana
|
# container_name: grafana
|
||||||
ports:
|
# ports:
|
||||||
- 3000:3000
|
# - 3000:3000
|
||||||
volumes:
|
# volumes:
|
||||||
- ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
|
# - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
|
||||||
- ./grafana/dashboards:/var/lib/grafana/dashboards
|
# - ./grafana/dashboards:/var/lib/grafana/dashboards
|
||||||
|
|
||||||
loki:
|
loki:
|
||||||
image: grafana/loki:latest
|
image: grafana/loki:latest
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user
