infrastructure/roles/monitoring/templates/loki/loki.caddy.j2

{{ ansible_managed | comment }}

{{ monitoring_loki_domain }} {
  encode gzip

  header {
    # enable HSTS
    Strict-Transport-Security "max-age=31536000; preload;"

    # disable clients from sniffing the media type
    X-Content-Type-Options nosniff

    # clickjacking protection
    X-Frame-Options DENY

    # keep referrer data off of HTTP connections
    Referrer-Policy no-referrer-when-downgrade

    # Server name removing
    -Server
  }

  @validLoki {
    method POST
    path /loki/api/v1/push
  }

  handle @validLoki {
    reverse_proxy loki:3100
{% if monitoring_loki_basic_auth is defined and monitoring_loki_basic_auth is iterable %}
    basicauth {
{% for item in monitoring_loki_basic_auth %}
      {{ item.username }} {{ item.hashed_password }}
{% endfor%}
    }
{% endif %}
  }

  handle {
    respond "Not Found" 404
  }
}
refactor!(monitoring): Replace monitoring with monitoring_ng Not much changed regarding variable names, only the role name changed. 2024-08-14 02:04:32 +02:00			`{{ ansible_managed \| comment }}`

			`{{ monitoring_loki_domain }} {`
			`encode gzip`

			`header {`
			`# enable HSTS`
			`Strict-Transport-Security "max-age=31536000; preload;"`

			`# disable clients from sniffing the media type`
			`X-Content-Type-Options nosniff`

			`# clickjacking protection`
			`X-Frame-Options DENY`

			`# keep referrer data off of HTTP connections`
			`Referrer-Policy no-referrer-when-downgrade`

			`# Server name removing`
			`-Server`
			`}`

			`@validLoki {`
			`method POST`
			`path /loki/api/v1/push`
			`}`

			`handle @validLoki {`
			`reverse_proxy loki:3100`
			`{% if monitoring_loki_basic_auth is defined and monitoring_loki_basic_auth is iterable %}`
			`basicauth {`
			`{% for item in monitoring_loki_basic_auth %}`
			`{{ item.username }} {{ item.hashed_password }}`
			`{% endfor%}`
			`}`
			`{% endif %}`
			`}`

			`handle {`
			`respond "Not Found" 404`
			`}`
			`}`