fureunoir/schon
fureunoir/schon
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Features: Prometheus password protection

Browse source
This commit is contained in:
Egor Pavlovich Gorbunov 2025-06-05 15:34:59 +03:00
parent a2d38cbdfb
commit 30ac2ce0e5
4 changed files with 69 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

116
docker-compose.yml
View file

@ -14,9 +14,18 @@ services:
command: > command: >
sh -c "poetry run python manage.py await_services && sh -c "poetry run python manage.py await_services &&
if [ \"$DEBUG\" = \"1\" ]; then if [ \"$DEBUG\" = \"1\" ]; then
poetry run gunicorn evibes.wsgi:application --bind 0.0.0.0:8000 --workers 2 --reload --log-level debug --access-logfile - --error-logfile -; poetry run gunicorn evibes.wsgi:application \
--bind 0.0.0.0:8000 \
--workers 2 \
--reload \
--log-level debug \
--access-logfile - \
--error-logfile -;
else else
poetry run gunicorn evibes.wsgi:application --bind 0.0.0.0:8000 --workers 12 --timeout 120; poetry run gunicorn evibes.wsgi:application \
--bind 0.0.0.0:8000 \
--workers 12 \
--timeout 120;
fi" fi"
volumes: volumes:
- .:/app - .:/app
@ -42,45 +51,6 @@ services:
- .env - .env
logging: *default-logging logging: *default-logging
worker:
container_name: worker
build:
context: .
dockerfile: Dockerfile.app
restart: always
command: >
sh -c "poetry run celery -A evibes worker --loglevel=info --concurrency=4 --autoscale=4,2 --max-tasks-per-child=100 --max-memory-per-child=512000 --soft-time-limit=10800 --time-limit=21600"
volumes:
- .:/app
env_file:
- .env
depends_on:
- app
- redis
- elasticsearch
logging: *default-logging
healthcheck:
test: [ "CMD", "celery", "-A", "evibes", "status" ]
interval: 30s
timeout: 10s
retries: 5
mem_limit: 2g
beat:
container_name: beat
build:
context: .
dockerfile: Dockerfile.app
restart: always
command: sh -c "poetry run celery -A evibes beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler"
volumes:
- .:/app
env_file:
- .env
depends_on:
- worker
logging: *default-logging
redis: redis:
container_name: redis container_name: redis
image: redis:7.4 image: redis:7.4
@ -110,6 +80,51 @@ services:
- es-data:/usr/share/elasticsearch/data - es-data:/usr/share/elasticsearch/data
logging: *default-logging logging: *default-logging
worker:
container_name: worker
build:
context: .
dockerfile: Dockerfile.app
restart: always
command: >
sh -c "poetry run celery -A evibes worker --loglevel=info \
--concurrency=4 --autoscale=4,2 \
--max-tasks-per-child=100 \
--max-memory-per-child=512000 \
--soft-time-limit=10800 \
--time-limit=21600"
volumes:
- .:/app
env_file:
- .env
depends_on:
- app
- redis
- elasticsearch
logging: *default-logging
healthcheck:
test: [ "CMD", "celery", "-A", "evibes", "status" ]
interval: 30s
timeout: 10s
retries: 5
beat:
container_name: beat
build:
context: .
dockerfile: Dockerfile.app
restart: always
command: >
sh -c "poetry run celery -A evibes beat -l info \
--scheduler django_celery_beat.schedulers:DatabaseScheduler"
volumes:
- .:/app
env_file:
- .env
depends_on:
- worker
logging: *default-logging
prometheus: prometheus:
container_name: prometheus container_name: prometheus
image: prom/prometheus:v3.4.1 image: prom/prometheus:v3.4.1
@ -117,30 +132,17 @@ services:
user: "root" user: "root"
volumes: volumes:
- ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
- ./monitoring/web.yml:/etc/prometheus/web.yml:ro
- prometheus-data:/prometheus - prometheus-data:/prometheus
ports: ports:
- "9090:9090" - "9090:9090"
logging: *default-logging
depends_on: depends_on:
- app - app
- worker - worker
- redis - redis
- elasticsearch - elasticsearch
logging: *default-logging
# nginx: # TODO complete the service after storefront is present
# container_name: nginx
# image: nginx
# restart: always
# ports:
# - "80:80"
# logging: *default-logging
# storefront: # TODO complete the service for future "storefront" Vite-Vue3 base storefront app
# container_name: storefront
# build:
# - dockerfile: Dockerfile.storefront
# - context: ./storefront
# logging: *default-logging
volumes: volumes:
es-data: es-data:
prometheus-data:

2
monitoring/web.yml Normal file
View file

@ -0,0 +1,2 @@
basic_auth_users:
admin: $2b$12$0HraDYmrZnJ089LcH9Vsn.Wv5V5a8oDlucTNm0.5obhULjPyLiYoy

6
nginx
View file

@ -106,10 +106,10 @@ server {
} }
# ------------------------------------------------------------ # ------------------------------------------------------------
# Server block for flower.evibes.com # Server block for prometheus.evibes.com
# ------------------------------------------------------------ # ------------------------------------------------------------
server { server {
server_name flower.evibes.com; server_name prometheus.evibes.com;
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/evibes.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/evibes.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/evibes.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/evibes.com/privkey.pem;
@ -119,7 +119,7 @@ server {
client_max_body_size 100M; client_max_body_size 100M;
location / { location / {
proxy_pass http://localhost:5555; proxy_pass http://localhost:9090;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

5
scripts/generate_prometheus_password.py Normal file
View file

@ -0,0 +1,5 @@
import getpass
import bcrypt
print(bcrypt.hashpw(getpass.getpass("Password: ").encode("utf-8"), bcrypt.gensalt()).decode())