43 lines
887 B
Text
43 lines
887 B
Text
|
{{ ansible_managed | comment }}
|
||
|
|
|
||
|
|
{{ monitoring_prometheus_domain }} {
|
||
|
|
encode gzip
|
||
|
|
|
||
|
|
header {
|
||
|
|
# enable HSTS
|
||
|
|
Strict-Transport-Security "max-age=31536000; preload;"
|
||
|
|
|
||
|
|
# disable clients from sniffing the media type
|
||
|
|
X-Content-Type-Options nosniff
|
||
|
|
|
||
|
|
# clickjacking protection
|
||
|
|
X-Frame-Options DENY
|
||
|
|
|
||
|
|
# keep referrer data off of HTTP connections
|
||
|
|
Referrer-Policy no-referrer-when-downgrade
|
||
|
|
|
||
|
|
# Server name removing
|
||
|
|
-Server
|
||
|
|
}
|
||
|
|
|
||
|
|
@validPrometheus {
|
||
|
|
method POST
|
||
|
|
path /api/v1/write
|
||
|
|
}
|
||
|
|
|
||
|
|
handle @validPrometheus {
|
||
|
|
reverse_proxy prometheus:9090
|
||
|
|
{% if monitoring_prometheus_basic_auth is defined and monitoring_prometheus_basic_auth is iterable %}
|
||
|
|
basicauth {
|
||
|
|
{% for item in monitoring_prometheus_basic_auth %}
|
||
|
|
{{ item.username }} {{ item.hashed_password }}
|
||
|
|
{% endfor%}
|
||
|
|
}
|
||
|
|
{% endif %}
|
||
|
|
}
|
||
|
|
|
||
|
|
handle {
|
||
|
|
respond "Not Found" 404
|
||
|
|
}
|
||
|
|
}
|