mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
fix: tracing on caddy services (#104)
This commit is contained in:
parent
06552c5b75
commit
e502a92451
3 changed files with 142 additions and 49 deletions
|
|
@ -16,6 +16,9 @@
|
||||||
|
|
||||||
# Proxmox
|
# Proxmox
|
||||||
london-a.pez.sh {
|
london-a.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span proxmox
|
||||||
|
}
|
||||||
reverse_proxy 100.122.180.98:8006 {
|
reverse_proxy 100.122.180.98:8006 {
|
||||||
transport http {
|
transport http {
|
||||||
tls_insecure_skip_verify
|
tls_insecure_skip_verify
|
||||||
|
|
@ -27,89 +30,125 @@ london-a.pez.sh {
|
||||||
|
|
||||||
# Jellyfin
|
# Jellyfin
|
||||||
jellyfin.pez.solutions, jellyfin.pez.sh {
|
jellyfin.pez.solutions, jellyfin.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span jellyfin
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:8096
|
reverse_proxy 100.84.65.101:8096
|
||||||
}
|
}
|
||||||
|
|
||||||
# Plex
|
# Plex
|
||||||
plex.pez.solutions, plex.pez.sh {
|
plex.pez.solutions, plex.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span plex
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:32400
|
reverse_proxy 100.84.65.101:32400
|
||||||
}
|
}
|
||||||
|
|
||||||
# Radarr
|
# Radarr
|
||||||
radarr.pez.solutions, radarr.pez.sh {
|
radarr.pez.solutions, radarr.pez.sh {
|
||||||
forward_auth localhost:9091 {
|
tracing {
|
||||||
uri /api/authz/forward-auth
|
span radarr
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
}
|
||||||
}
|
forward_auth localhost:9091 {
|
||||||
|
uri /api/authz/forward-auth
|
||||||
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:7878
|
reverse_proxy 100.84.65.101:7878
|
||||||
}
|
}
|
||||||
|
|
||||||
# Sonarr
|
# Sonarr
|
||||||
sonarr.pez.solutions, sonarr.pez.sh {
|
sonarr.pez.solutions, sonarr.pez.sh {
|
||||||
forward_auth localhost:9091 {
|
tracing {
|
||||||
uri /api/authz/forward-auth
|
span sonarr
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
}
|
||||||
}
|
forward_auth localhost:9091 {
|
||||||
|
uri /api/authz/forward-auth
|
||||||
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:8989
|
reverse_proxy 100.84.65.101:8989
|
||||||
}
|
}
|
||||||
|
|
||||||
# Lidarr
|
# Lidarr
|
||||||
lidarr.pez.solutions, lidarr.pez.sh {
|
lidarr.pez.solutions, lidarr.pez.sh {
|
||||||
forward_auth localhost:9091 {
|
tracing {
|
||||||
uri /api/authz/forward-auth
|
span lidarr
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
}
|
||||||
}
|
forward_auth localhost:9091 {
|
||||||
|
uri /api/authz/forward-auth
|
||||||
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:8686
|
reverse_proxy 100.84.65.101:8686
|
||||||
}
|
}
|
||||||
|
|
||||||
# Readarr
|
# Readarr
|
||||||
readarr.pez.solutions, readarr.pez.sh {
|
readarr.pez.solutions, readarr.pez.sh {
|
||||||
forward_auth localhost:9091 {
|
tracing {
|
||||||
uri /api/authz/forward-auth
|
span readarr
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
}
|
||||||
}
|
forward_auth localhost:9091 {
|
||||||
|
uri /api/authz/forward-auth
|
||||||
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:8787
|
reverse_proxy 100.84.65.101:8787
|
||||||
}
|
}
|
||||||
|
|
||||||
# slskd
|
# slskd
|
||||||
soulseek.pez.solutions, soulseek.pez.sh {
|
soulseek.pez.solutions, soulseek.pez.sh {
|
||||||
forward_auth localhost:9091 {
|
tracing {
|
||||||
uri /api/authz/forward-auth
|
span soulseek
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
}
|
||||||
}
|
forward_auth localhost:9091 {
|
||||||
|
uri /api/authz/forward-auth
|
||||||
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:5030
|
reverse_proxy 100.84.65.101:5030
|
||||||
}
|
}
|
||||||
|
|
||||||
# Prowlarr
|
# Prowlarr
|
||||||
prowlarr.pez.solutions, prowlarr.pez.sh {
|
prowlarr.pez.solutions, prowlarr.pez.sh {
|
||||||
forward_auth localhost:9091 {
|
tracing {
|
||||||
uri /api/authz/forward-auth
|
span prowlarr
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
}
|
||||||
}
|
forward_auth localhost:9091 {
|
||||||
|
uri /api/authz/forward-auth
|
||||||
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:9696
|
reverse_proxy 100.84.65.101:9696
|
||||||
}
|
}
|
||||||
|
|
||||||
# Transmission
|
# Transmission
|
||||||
download.pez.solutions, download.pez.sh {
|
download.pez.solutions, download.pez.sh {
|
||||||
forward_auth localhost:9091 {
|
tracing {
|
||||||
uri /api/authz/forward-auth
|
span transmission
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
}
|
||||||
}
|
forward_auth localhost:9091 {
|
||||||
|
uri /api/authz/forward-auth
|
||||||
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:9091
|
reverse_proxy 100.84.65.101:9091
|
||||||
}
|
}
|
||||||
|
|
||||||
# Overseerr
|
# Overseerr
|
||||||
request.pez.solutions, request.pez.sh {
|
request.pez.solutions, request.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span overseerr
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:5055
|
reverse_proxy 100.84.65.101:5055
|
||||||
}
|
}
|
||||||
|
|
||||||
# Jellyfin Requests
|
# Jellyfin Requests
|
||||||
jellyfin-requests.pez.solutions, jellyfin-requests.pez.sh {
|
jellyfin-requests.pez.solutions, jellyfin-requests.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span jellyfin-requests
|
||||||
|
}
|
||||||
reverse_proxy 100.84.65.101:5056
|
reverse_proxy 100.84.65.101:5056
|
||||||
}
|
}
|
||||||
|
|
||||||
music.pez.sh {
|
music.pez.sh {
|
||||||
reverse_proxy 100.84.65.101:4533
|
tracing {
|
||||||
|
span navidrome
|
||||||
|
}
|
||||||
|
reverse_proxy 100.84.65.101:4533
|
||||||
}
|
}
|
||||||
|
|
||||||
## COPENHAGEN-A SERVICES ##
|
## COPENHAGEN-A SERVICES ##
|
||||||
|
|
@ -120,6 +159,9 @@ music.pez.sh {
|
||||||
|
|
||||||
# Bitwarden (requires HTTPS tweaking)
|
# Bitwarden (requires HTTPS tweaking)
|
||||||
https://bitwarden.pez.sh {
|
https://bitwarden.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span bitwarden
|
||||||
|
}
|
||||||
reverse_proxy localhost:8443 {
|
reverse_proxy localhost:8443 {
|
||||||
transport http {
|
transport http {
|
||||||
tls_insecure_skip_verify
|
tls_insecure_skip_verify
|
||||||
|
|
@ -129,64 +171,84 @@ https://bitwarden.pez.sh {
|
||||||
|
|
||||||
# Authelia (requires HTTPS tweaking)
|
# Authelia (requires HTTPS tweaking)
|
||||||
auth.pez.solutions, auth.pez.sh {
|
auth.pez.solutions, auth.pez.sh {
|
||||||
reverse_proxy localhost:9091
|
tracing {
|
||||||
|
span authelia
|
||||||
|
}
|
||||||
|
reverse_proxy localhost:9091
|
||||||
}
|
}
|
||||||
|
|
||||||
ldap.pez.sh {
|
ldap.pez.sh {
|
||||||
reverse_proxy 127.0.0.1:17170
|
tracing {
|
||||||
|
span lldap
|
||||||
|
}
|
||||||
|
reverse_proxy 127.0.0.1:17170
|
||||||
}
|
}
|
||||||
#https://auth.pez.sh {
|
|
||||||
# reverse_proxy 127.0.0.1:9091 {
|
|
||||||
# transport http {
|
|
||||||
# tls_insecure_skip_verify
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
#}
|
|
||||||
|
|
||||||
# Apps dashboard
|
# Apps dashboard
|
||||||
apps.pez.solutions, apps.pez.sh {
|
apps.pez.solutions, apps.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span apps-dashboard
|
||||||
|
}
|
||||||
root * /srv/apps
|
root * /srv/apps
|
||||||
forward_auth localhost:9091 {
|
forward_auth localhost:9091 {
|
||||||
uri /api/authz/forward-auth
|
uri /api/authz/forward-auth
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
}
|
}
|
||||||
file_server
|
file_server
|
||||||
}
|
}
|
||||||
|
|
||||||
# Pez.solutions
|
# Pez.solutions
|
||||||
pez.solutions {
|
pez.solutions {
|
||||||
|
tracing {
|
||||||
|
span pez-solutions
|
||||||
|
}
|
||||||
root * /srv/pez.solutions
|
root * /srv/pez.solutions
|
||||||
file_server
|
file_server
|
||||||
}
|
}
|
||||||
|
|
||||||
# Pez.sh
|
# Pez.sh
|
||||||
pez.sh {
|
pez.sh {
|
||||||
|
tracing {
|
||||||
|
span pez-sh
|
||||||
|
}
|
||||||
root * /srv/pez.sh
|
root * /srv/pez.sh
|
||||||
file_server
|
file_server
|
||||||
}
|
}
|
||||||
|
|
||||||
# Pez-signup
|
# Pez-signup
|
||||||
signup.pez.solutions {
|
signup.pez.solutions {
|
||||||
|
tracing {
|
||||||
|
span pez-signup
|
||||||
|
}
|
||||||
root * /srv/pez-signup
|
root * /srv/pez-signup
|
||||||
file_server
|
file_server
|
||||||
}
|
}
|
||||||
|
|
||||||
# Naveen
|
# Naveen
|
||||||
naveen.pez.sh {
|
naveen.pez.sh {
|
||||||
root * /srv/naveen
|
tracing {
|
||||||
file_server
|
span naveen
|
||||||
|
}
|
||||||
|
root * /srv/naveen
|
||||||
|
file_server
|
||||||
}
|
}
|
||||||
|
|
||||||
## HELSINKI-A SERVICES ##
|
## HELSINKI-A SERVICES ##
|
||||||
|
|
||||||
# Status page
|
# Status page
|
||||||
status.pez.sh {
|
status.pez.sh {
|
||||||
root * /srv/status
|
tracing {
|
||||||
file_server
|
span status
|
||||||
|
}
|
||||||
|
root * /srv/status
|
||||||
|
file_server
|
||||||
}
|
}
|
||||||
|
|
||||||
# Miniflux RSS
|
# Miniflux RSS
|
||||||
rss.pez.sh {
|
rss.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span miniflux
|
||||||
|
}
|
||||||
forward_auth localhost:9091 {
|
forward_auth localhost:9091 {
|
||||||
uri /api/authz/forward-auth
|
uri /api/authz/forward-auth
|
||||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||||
|
|
@ -194,9 +256,10 @@ rss.pez.sh {
|
||||||
reverse_proxy 100.84.65.101:8181
|
reverse_proxy 100.84.65.101:8181
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# Forgejo Git Server (auth handled by Forgejo itself)
|
# Forgejo Git Server (auth handled by Forgejo itself)
|
||||||
git.pez.sh {
|
git.pez.sh {
|
||||||
|
tracing {
|
||||||
|
span forgejo
|
||||||
|
}
|
||||||
reverse_proxy localhost:3000
|
reverse_proxy localhost:3000
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,8 @@
|
||||||
locals {
|
locals {
|
||||||
fleet_pipelines = {
|
fleet_pipelines = {
|
||||||
|
caddy_tracing = {
|
||||||
|
matchers = ["collector.ID=\"helsinki-a\""]
|
||||||
|
}
|
||||||
linux_node_linux = {
|
linux_node_linux = {
|
||||||
matchers = ["collector.os=\"linux\""]
|
matchers = ["collector.os=\"linux\""]
|
||||||
}
|
}
|
||||||
|
|
@ -24,4 +27,5 @@ resource "grafana_fleet_management_pipeline" "this" {
|
||||||
name = each.key
|
name = each.key
|
||||||
matchers = each.value.matchers
|
matchers = each.value.matchers
|
||||||
contents = file("${path.module}/fleet_pipelines/${each.key}.alloy")
|
contents = file("${path.module}/fleet_pipelines/${each.key}.alloy")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
26
terraform/grafana/fleet_pipelines/caddy_tracing.alloy
Normal file
26
terraform/grafana/fleet_pipelines/caddy_tracing.alloy
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
// Receive OTLP traces from Caddy
|
||||||
|
otelcol.receiver.otlp "otlp_receiver" {
|
||||||
|
grpc {
|
||||||
|
endpoint = "0.0.0.0:4317"
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
endpoint = "0.0.0.0:4318"
|
||||||
|
}
|
||||||
|
|
||||||
|
output {
|
||||||
|
traces = [otelcol.exporter.otlp.tempo_exporter.input]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
otelcol.exporter.otlp "tempo_exporter" {
|
||||||
|
client {
|
||||||
|
endpoint = "tempo-prod-25-prod-gb-south-1.grafana.net:443"
|
||||||
|
auth = otelcol.auth.basic.gcloud_auth.handler
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
otelcol.auth.basic "gcloud_auth" {
|
||||||
|
username = "1573173"
|
||||||
|
password = sys.env("GCLOUD_RW_API_KEY")
|
||||||
|
}
|
||||||
Loading…
Add table
Reference in a new issue