GARAGENUM
/
loki
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TLS testing

Browse Source
main
Grégory Lebreton 8 months ago
parent b2112a1efd
commit 28a2c97512
2 changed files with 54 additions and 18 deletions
Show Stats Download Patch File Download Diff File

38
README.md
Unescape Escape View File

@ -4,6 +4,8 @@ Simple stack pour monitorer les logs des conteneurs ou applications d'un serveur
## CONFIGURATION ## CONFIGURATION
### LOKI AGENT HOST
Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml: Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au docker-compose.yml:
```yml ```yml
labels: labels:
@ -11,6 +13,37 @@ Pour que LOKI récupère les logs des conteneurs il faut ajouter les labels au d
logging_jobname: "containerlogs" logging_jobname: "containerlogs"
``` ```
#### TLS
- Create certs:
```bash
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"
```
> remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...)
- TLS config:
```yaml
server:
http_listen_port: 3100
grpc_listen_port: 9443
http_tls_config:
client_auth_type: RequireAndVerifyClientCert
client_ca_file: /opt/loki/certs/loki_CA_.cer
cert_file: /etc/loki/server.crt
key_file: /etc/loki/server.key
grpc_tls_config:
client_auth_type: RequireAndVerifyClientCert
client_ca_file: /opt/loki/certs/loki_CA_.cer
cert_file: /etc/loki/server.crt
key_file: /etc/loki/server.key
```
### GRAFANA HOST
## UTILISATION ## UTILISATION
```bash ```bash
@ -26,4 +59,7 @@ docker-compose up -d
- [ ] provisionner dashboard - [ ] provisionner dashboard
- [ ] Pormtail config - [ ] Pormtail config
- [ ] TLS config (https) - [ ] TLS config (https)
- [ ] SSH logs - [ ] SSH logs
> le scraping des metrics du serveur distant se font désormais via TLS

34
docker-compose.yml
Unescape Escape View File

@ -2,24 +2,24 @@ version: '3.8'
services: services:
# APP EXEMPLE # APP EXEMPLE
nginx-app: # nginx-app:
container_name: nginx-app # container_name: nginx-app
image: nginx # image: nginx
# NECESSARY FOR LOKI # # NECESSARY FOR LOKI
labels: # labels:
logging: "promtail" # logging: "promtail"
logging_jobname: "containerlogs" # logging_jobname: "containerlogs"
ports: # ports:
- 8080:80 # - 8080:80
grafana: # grafana:
image: grafana/grafana:latest # image: grafana/grafana:latest
container_name: grafana # container_name: grafana
ports: # ports:
- 3000:3000 # - 3000:3000
volumes: # volumes:
- ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources # - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
- ./grafana/dashboards:/var/lib/grafana/dashboards # - ./grafana/dashboards:/var/lib/grafana/dashboards
loki: loki:
image: grafana/loki:latest image: grafana/loki:latest

Write Preview
Loading…
Cancel
Save