mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-18 14:11:48 +02:00
aurweb/prometheus: Put aurweb metrics endpoint behind authentication
We do not usually expose metrics publicly and there is no good reason
for handling aurweb differently.
Fixes: 74757d6b
("Scape aurweb metrics")
This commit is contained in:
parent
95a1476d17
commit
25855deb67
8
group_vars/all/vault_aurweb.yml
Normal file
8
group_vars/all/vault_aurweb.yml
Normal file
@ -0,0 +1,8 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
38383639393932666334353834613134353965333939343530636234353536366138346137613636
|
||||
3439373136366635623339626236663338623237313135630a333939303839303738653835316430
|
||||
37363337386331323263623837373032646438326334623436313034353032386535656139353264
|
||||
3834613539356336310a383230373736346434656361333134353136366430393130396466643561
|
||||
61356162353661633736356431646538643138383766333763626335393135343363316166656461
|
||||
30663961336136356134333231316232653664343839616235396562376436363837356563616136
|
||||
656332343163376332636131333166623362
|
@ -138,13 +138,23 @@ server {
|
||||
}
|
||||
|
||||
location / {
|
||||
{% block asgi_proxy %}
|
||||
# Proxy over to aurweb's ASGI application.
|
||||
proxy_pass http://{{ aurweb_asgi_bind }};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
{% endblock %}
|
||||
|
||||
limit_req zone=aurweblimit burst=10 nodelay;
|
||||
}
|
||||
|
||||
location = /metrics {
|
||||
if ($http_authorization != "Bearer {{ vault_aurweb_metrics_token }}") {
|
||||
return 403;
|
||||
}
|
||||
|
||||
{{ self.asgi_proxy() }}
|
||||
}
|
||||
}
|
||||
|
@ -134,6 +134,8 @@ scrape_configs:
|
||||
|
||||
- job_name: aurweb
|
||||
scheme: https
|
||||
authorization:
|
||||
credentials: {{ vault_aurweb_metrics_token }}
|
||||
static_configs:
|
||||
- targets: ['aur.archlinux.org:443']
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user