mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-01-25 17:34:54 +01:00
Enable exposure of Prometheus metrics.
This commit is contained in:
parent
f55a29a4d0
commit
87e3deebfd
@ -181,6 +181,10 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_mxisd_enabled }
|
|||||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
||||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090"
|
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
||||||
|
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
||||||
|
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "localhost:{{ matrix_synapse_metrics_port }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_mxisd_enabled }}"
|
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_mxisd_enabled }}"
|
||||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
|
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
|
||||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
|
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
|
||||||
@ -272,6 +276,8 @@ matrix_synapse_trusted_third_party_id_servers: "{{ [hostname_matrix] if matrix_m
|
|||||||
# the Client/Server API's port to the local host (`127.0.0.1:8008`).
|
# the Client/Server API's port to the local host (`127.0.0.1:8008`).
|
||||||
matrix_synapse_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
|
matrix_synapse_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
|
||||||
|
|
||||||
|
matrix_synapse_container_expose_metrics_port: "{{ not matrix_nginx_proxy_enabled }}"
|
||||||
|
|
||||||
matrix_synapse_database_host: "{{ matrix_postgres_connection_hostname }}"
|
matrix_synapse_database_host: "{{ matrix_postgres_connection_hostname }}"
|
||||||
matrix_synapse_database_user: "{{ matrix_postgres_connection_username }}"
|
matrix_synapse_database_user: "{{ matrix_postgres_connection_username }}"
|
||||||
matrix_synapse_database_password: "{{ matrix_postgres_connection_password }}"
|
matrix_synapse_database_password: "{{ matrix_postgres_connection_password }}"
|
||||||
|
@ -39,6 +39,11 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
|
|||||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
||||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090"
|
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090"
|
||||||
|
|
||||||
|
# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain)
|
||||||
|
matrix_nginx_proxy_proxy_synapse_metrics: false
|
||||||
|
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false
|
||||||
|
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: ""
|
||||||
|
|
||||||
# The addresses where the Matrix Client API is.
|
# The addresses where the Matrix Client API is.
|
||||||
# Certain extensions (like matrix-corporal) may override this in order to capture all traffic.
|
# Certain extensions (like matrix-corporal) may override this in order to capture all traffic.
|
||||||
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-synapse:8008"
|
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-synapse:8008"
|
||||||
|
@ -28,6 +28,15 @@
|
|||||||
mode: 0644
|
mode: 0644
|
||||||
when: "matrix_nginx_proxy_enabled"
|
when: "matrix_nginx_proxy_enabled"
|
||||||
|
|
||||||
|
- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI)
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2"
|
||||||
|
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
mode: 0400
|
||||||
|
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
|
||||||
|
|
||||||
- name: Ensure Matrix nginx-proxy configured (generic)
|
- name: Ensure Matrix nginx-proxy configured (generic)
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
||||||
@ -116,3 +125,9 @@
|
|||||||
path: "{{ matrix_nginx_proxy_data_path }}/nginx.conf"
|
path: "{{ matrix_nginx_proxy_data_path }}/nginx.conf"
|
||||||
state: absent
|
state: absent
|
||||||
when: "not matrix_nginx_proxy_enabled"
|
when: "not matrix_nginx_proxy_enabled"
|
||||||
|
|
||||||
|
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled or not matrix_nginx_proxy_proxy_synapse_metrics"
|
||||||
|
@ -120,6 +120,28 @@ server {
|
|||||||
proxy_max_temp_file_size 0;
|
proxy_max_temp_file_size 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_proxy_synapse_metrics %}
|
||||||
|
location /_synapse/metrics {
|
||||||
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container }}";
|
||||||
|
proxy_pass http://$backend;
|
||||||
|
{% else %}
|
||||||
|
{# Generic configuration for use outside of our container setup #}
|
||||||
|
proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
|
||||||
|
auth_basic "protected";
|
||||||
|
auth_basic_user_file .matrix-synapse-metrics-htpasswd;
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
rewrite ^/$ /_matrix/static/ last;
|
rewrite ^/$ /_matrix/static/ last;
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,2 @@
|
|||||||
|
# User and password for protecting /_synapse/metrics URI
|
||||||
|
prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }}
|
@ -26,6 +26,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
|||||||
-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
|
-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
|
||||||
-v {{ matrix_ssl_config_dir_path }}:{{ matrix_ssl_config_dir_path }}:ro \
|
-v {{ matrix_ssl_config_dir_path }}:{{ matrix_ssl_config_dir_path }}:ro \
|
||||||
-v {{ matrix_static_files_base_path }}:{{ matrix_static_files_base_path }}:ro \
|
-v {{ matrix_static_files_base_path }}:{{ matrix_static_files_base_path }}:ro \
|
||||||
|
{% if (matrix_nginx_proxy_proxy_synapse_metrics and matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled) %}
|
||||||
|
-v {{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd:/etc/nginx/.matrix-synapse-metrics-htpasswd:ro \
|
||||||
|
{% endif %}
|
||||||
{{ matrix_nginx_proxy_docker_image }}
|
{{ matrix_nginx_proxy_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
|
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
|
||||||
|
@ -13,6 +13,9 @@ matrix_synapse_container_expose_client_server_api_port: false
|
|||||||
# Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999).
|
# Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999).
|
||||||
matrix_appservice_irc_container_expose_client_server_api_port: false
|
matrix_appservice_irc_container_expose_client_server_api_port: false
|
||||||
|
|
||||||
|
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100).
|
||||||
|
matrix_synapse_container_expose_metrics_port: false
|
||||||
|
|
||||||
# List of systemd services that matrix-synapse.service depends on
|
# List of systemd services that matrix-synapse.service depends on
|
||||||
matrix_synapse_systemd_required_services_list: ['docker.service']
|
matrix_synapse_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
@ -118,6 +121,11 @@ matrix_synapse_app_service_config_files: []
|
|||||||
# any password providers have been enabled or not.
|
# any password providers have been enabled or not.
|
||||||
matrix_synapse_password_providers_enabled: false
|
matrix_synapse_password_providers_enabled: false
|
||||||
|
|
||||||
|
# Enable exposure of metrics to Prometheus
|
||||||
|
# See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.rst
|
||||||
|
matrix_synapse_metrics_enabled: false
|
||||||
|
matrix_synapse_metrics_port: 9100
|
||||||
|
|
||||||
# Postgres database information
|
# Postgres database information
|
||||||
matrix_synapse_database_host: ""
|
matrix_synapse_database_host: ""
|
||||||
matrix_synapse_database_user: ""
|
matrix_synapse_database_user: ""
|
||||||
|
@ -127,6 +127,12 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js
|
|||||||
# List of ports that Synapse should listen on, their purpose and their
|
# List of ports that Synapse should listen on, their purpose and their
|
||||||
# configuration.
|
# configuration.
|
||||||
listeners:
|
listeners:
|
||||||
|
{% if matrix_synapse_metrics_enabled %}
|
||||||
|
- type: metrics
|
||||||
|
port: {{ matrix_synapse_metrics_port }}
|
||||||
|
bind_addresses:
|
||||||
|
- '0.0.0.0'
|
||||||
|
{% endif %}
|
||||||
{% if matrix_synapse_federation_enabled %}
|
{% if matrix_synapse_federation_enabled %}
|
||||||
# Main HTTPS listener
|
# Main HTTPS listener
|
||||||
# For when matrix traffic is sent directly to synapse.
|
# For when matrix traffic is sent directly to synapse.
|
||||||
@ -496,7 +502,7 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms }}
|
|||||||
## Metrics ###
|
## Metrics ###
|
||||||
|
|
||||||
# Enable collection and rendering of performance metrics
|
# Enable collection and rendering of performance metrics
|
||||||
enable_metrics: False
|
enable_metrics: {{ matrix_synapse_metrics_enabled }}
|
||||||
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
||||||
|
|
||||||
|
|
||||||
|
@ -34,6 +34,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
|||||||
{% if matrix_synapse_container_expose_client_server_api_port %}
|
{% if matrix_synapse_container_expose_client_server_api_port %}
|
||||||
-p 127.0.0.1:8008:8008 \
|
-p 127.0.0.1:8008:8008 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if matrix_synapse_container_expose_metrics_port %}
|
||||||
|
-p 127.0.0.1:{{ matrix_synapse_metrics_port }}:{{ matrix_synapse_metrics_port }} \
|
||||||
|
{% endif %}
|
||||||
-v {{ matrix_synapse_config_dir_path }}:/data:ro \
|
-v {{ matrix_synapse_config_dir_path }}:/data:ro \
|
||||||
-v {{ matrix_synapse_run_path }}:/matrix-run:rw \
|
-v {{ matrix_synapse_run_path }}:/matrix-run:rw \
|
||||||
-v {{ matrix_synapse_base_path }}/storage:/matrix-media-store-parent:slave \
|
-v {{ matrix_synapse_base_path }}/storage:/matrix-media-store-parent:slave \
|
||||||
|
Loading…
x
Reference in New Issue
Block a user