matrix-docker-ansible-deploy/docs/configuring-playbook-prometheus-nginxlog.md

<!--
SPDX-FileCopyrightText: 2022 ikkemaniac
SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara

SPDX-License-Identifier: AGPL-3.0-or-later
-->

# Enabling metrics and graphs for nginx logs (optional)

## Prerequisite

To make use of this, you need to install [Prometheus](./configuring-playbook-prometheus-grafana.md) either via the playbook or externally. When using an external Prometheus, configuration adjustments are necessary — see [Save metrics on an external Prometheus server](#save-metrics-on-an-external-prometheus-server).

## Adjusting the playbook configuration

### Save metrics on an external Prometheus server (optional)

> [!WARNING]
> Metrics and resulting graphs can contain a lot of information. nginx logs contain information like IP address, URLs, UserAgents and more. This information can reveal usage patterns and could be considered Personally Identifiable Information (PII). Think about this before enabling (anonymous) access. And you should really not forget to change your Grafana password.

The playbook will automatically integrate the metrics into the [Prometheus](./configuring-playbook-prometheus-grafana.md) server provided with this playbook (if enabled). In such cases, the metrics endpoint is not exposed publicly — it's only available on the container network.

When using an external Prometheus server, you'll need to expose metrics publicly. See [Collecting metrics to an external Prometheus server](./configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server).

For password-protection, use or (`matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled` and `matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users`).

### Extending the configuration

There are some additional things you may wish to configure about the component.

Take a look at:

- `roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file

## Installing

After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:

<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```

The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`

`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.

## Troubleshooting

As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-prometheus-nginxlog-exporter`.
Update docs/configuring-playbook-prometheus-nginxlog.md: add the copyright header Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-02-09 22:52:19 +09:00			`<!--`
			`SPDX-FileCopyrightText: 2022 ikkemaniac`
			`SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev`
			`SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara`

			`SPDX-License-Identifier: AGPL-3.0-or-later`
			`-->`

Fix capitalization: nginx It should be either NGINX or nginx, and this commit converts the string in uppercase to lowercase. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-30 14:07:01 +09:00			`# Enabling metrics and graphs for nginx logs (optional)`
add prometheus-nginxlog-exporter role (#2315) * add prometheus-nginxlog-exporter role * Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname * avoid referencing variables from other roles, handover info using group_vars/matrix_servers * fix: stop service when uninstalling fix: typo move available arch's into a var fix: text * fix: prometheus enabled condition Co-authored-by: ikkemaniac <ikkemaniac@localhost> 2022-12-07 15:58:36 +01:00
Update docs/configuring-playbook-prometheus-nginxlog.md: adopt the common format for the introduction Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-30 13:48:47 +09:00			`## Prerequisite`

Replace hyphen as dash with "Em Dash" unicode character (U+2014) This commit replaces hyphen characters used as dash with the actual unicode character for dash. It avoids using HTML character entity reference (—), because IMHO it would make it a bit harder to read documents as plain markdown files on your local text editor. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-26 12:18:31 +09:00			`To make use of this, you need to install [Prometheus](./configuring-playbook-prometheus-grafana.md) either via the playbook or externally. When using an external Prometheus, configuration adjustments are necessary — see [Save metrics on an external Prometheus server](#save-metrics-on-an-external-prometheus-server).`
Rework prometheus-nginxlog-exporter docs page 2024-01-13 16:56:40 +02:00
Update docs: misc edits for consistency (#3911) * Add a warning sign to "Warning" labels Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-matrix-registration.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/maintenance-and-troubleshooting.md: remove a section for ma1sd As the project has not updated since several years, it does not seem to be reasonable to pick it up specially on the document. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Common header for sections about adjusting the playbook configuration Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-dendrite.md: fix links to dendrite.yaml.j2 Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-bridge-mautrix-signal.md: remove a note added by a commit to remove signalgo The note has been added with 2f6525ccb3666e0ec8f295e8eeffd78bac15a23e, apparently copied from docs/configuring-playbook-bridge-mautrix-signalgo.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-bridge-mautrix-wsproxy.md: fix the anchor link text to mautrix-imessage documentation Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-etherpad.md: add a note about the component being managed externally Refer docs/configuring-playbook-backup-borg.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-jitsi.md: use the common label for warning messages Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-ldap-auth.md: unrecommend using ma1sd for authentication Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-appservice-double-puppet.md: remove a duplicate anchor link Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs for old mautrix bridges for Facebook and Instagram: remove anchor links to the deleted files Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-bridge-wechat.md: use common descriptions Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-bridge-matrix-bridge-sms.md: create a section for the prerequisite Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/maintenance-and-troubleshooting.md: use the common header text Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Use common descriptions for adding the configuration Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-bridge-mautrix-telegram.md: small edits - Add a section for a Telegram API key - Add a section for instruction about Appservice Double Puppet or Shared Secret Auth Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs for Draupnir and Mjolnir: replace colons with periods Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-rageshake.md: adopt the common instruction Based on docs/configuring-playbook-sygnal.md regarding the notification about necessity of the service. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Add a note about the components managed externally Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> --------- Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-04 07:52:58 -05:00			`## Adjusting the playbook configuration`
add prometheus-nginxlog-exporter role (#2315) * add prometheus-nginxlog-exporter role * Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname * avoid referencing variables from other roles, handover info using group_vars/matrix_servers * fix: stop service when uninstalling fix: typo move available arch's into a var fix: text * fix: prometheus enabled condition Co-authored-by: ikkemaniac <ikkemaniac@localhost> 2022-12-07 15:58:36 +01:00
Update docs/configuring-playbook-prometheus-nginxlog.md: move sections related to configuration to the dedicated one Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-30 13:50:40 +09:00			`### Save metrics on an external Prometheus server (optional)`
add prometheus-nginxlog-exporter role (#2315) * add prometheus-nginxlog-exporter role * Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname * avoid referencing variables from other roles, handover info using group_vars/matrix_servers * fix: stop service when uninstalling fix: typo move available arch's into a var fix: text * fix: prometheus enabled condition Co-authored-by: ikkemaniac <ikkemaniac@localhost> 2022-12-07 15:58:36 +01:00
Update docs/configuring-playbook-prometheus-nginxlog.md: change the section "Security and privacy" into the warning blockquote Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-30 14:05:12 +09:00			`> [!WARNING]`
Update docs for Prometheus: adopt the common warning message Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-02-09 16:09:08 +09:00			`> Metrics and resulting graphs can contain a lot of information. nginx logs contain information like IP address, URLs, UserAgents and more. This information can reveal usage patterns and could be considered Personally Identifiable Information (PII). Think about this before enabling (anonymous) access. And you should really not forget to change your Grafana password.`
Update docs/configuring-playbook-prometheus-nginxlog.md: change the section "Security and privacy" into the warning blockquote Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-30 14:05:12 +09:00
Replace hyphen as dash with "Em Dash" unicode character (U+2014) This commit replaces hyphen characters used as dash with the actual unicode character for dash. It avoids using HTML character entity reference (—), because IMHO it would make it a bit harder to read documents as plain markdown files on your local text editor. Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-26 12:18:31 +09:00			`The playbook will automatically integrate the metrics into the [Prometheus](./configuring-playbook-prometheus-grafana.md) server provided with this playbook (if enabled). In such cases, the metrics endpoint is not exposed publicly — it's only available on the container network.`
Add native Traefik support to matrix-prometheus-nginxlog-exporter 2024-01-13 16:50:44 +02:00
			`When using an external Prometheus server, you'll need to expose metrics publicly. See [Collecting metrics to an external Prometheus server](./configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server).`

Partially merge docs for prometheus-nginx-log-exporter to docs/configuring-playbook-prometheus-grafana.md Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-02-09 22:18:06 +09:00			For password-protection, use or (`matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled` and `matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users`).
Update docs/configuring-playbook-prometheus-nginxlog.md: add the common section "Troubleshooting" Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-30 13:40:56 +09:00
Update docs/configuring-playbook-prometheus-nginxlog.md: move sections related to configuration to the dedicated one Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-30 13:50:40 +09:00			`### Extending the configuration`

			`There are some additional things you may wish to configure about the component.`

			`Take a look at:`

			- `roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file

			`## Installing`

			`After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:`

			`<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->`
			```sh
			`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
			```

			The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`

			`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.

Update docs/configuring-playbook-prometheus-nginxlog.md: add the common section "Troubleshooting" Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> 2025-01-30 13:40:56 +09:00			`## Troubleshooting`

			As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-prometheus-nginxlog-exporter`.