repos / pico

pico services mono repo
git clone https://github.com/picosh/pico.git
pico / caddy
Add promhttp metrics
69f2fac
Antonio Mika  ·  2025-03-07

Caddyfile.pgs

  1{
  2	on_demand_tls {
  3		ask http://web:3000/check
  4	}
  5	servers {
  6		metrics
  7		trusted_proxies static 0.0.0.0/0
  8	}
  9}
 10
 11# custom domains
 12:443 {
 13	reverse_proxy web:3000
 14	log {
 15		format append {
 16			server_id {$APP_DOMAIN}
 17		}
 18	}
 19	tls {$APP_EMAIL} {
 20		on_demand
 21	}
 22	encode zstd gzip
 23}
 24
 25# subdomains and root pgs domain
 26*.{$APP_DOMAIN}, {$APP_DOMAIN} {
 27	reverse_proxy web:3000
 28	log {
 29		format append {
 30			server_id {$APP_DOMAIN}
 31		}
 32	}
 33	tls {$APP_EMAIL} {
 34		dns cloudflare {$CF_API_TOKEN}
 35		resolvers 1.1.1.1
 36	}
 37
 38	encode zstd gzip
 39
 40	header {
 41		# disable FLoC tracking
 42		?Permissions-Policy interest-cohort=()
 43
 44		# enable HSTS
 45		?Strict-Transport-Security max-age=31536000;
 46
 47		# disable clients from sniffing the media type
 48		?X-Content-Type-Options nosniff
 49
 50		# clickjacking protection
 51		?X-Frame-Options DENY
 52
 53		# keep referrer data off of HTTP connections
 54		?Referrer-Policy no-referrer-when-downgrade
 55
 56		?X-XSS-Protection "1; mode=block"
 57	}
 58
 59	@caddymetrics {
 60		host {$APP_DOMAIN}
 61		path /_caddy/metrics
 62	}
 63
 64	metrics @caddymetrics {
 65		disable_openmetrics
 66	}
 67
 68	@sshmetrics {
 69		host {$APP_DOMAIN}
 70		path /_ssh/metrics
 71	}
 72
 73	handle @sshmetrics {
 74		rewrite * /metrics
 75		reverse_proxy ssh:9222
 76	}
 77
 78	@webmetrics {
 79		host {$APP_DOMAIN}
 80		path /_web/metrics
 81	}
 82
 83	handle @webmetrics {
 84		rewrite * /_metrics
 85		reverse_proxy web:3000
 86	}
 87}
 88
 89monitoring.{$MONITORING_APP_DOMAIN}, prometheus.{$MONITORING_APP_DOMAIN}, grafana.{$MONITORING_APP_DOMAIN} {
 90	@grafana {
 91		host grafana.{$MONITORING_APP_DOMAIN}
 92	}
 93
 94	@prometheus {
 95		host prometheus.{$MONITORING_APP_DOMAIN}
 96	}
 97
 98	tls {$MONITORING_APP_EMAIL} {
 99		dns cloudflare {$CF_API_TOKEN}
100		resolvers 1.1.1.1
101	}
102
103	encode zstd gzip
104
105	reverse_proxy @grafana grafana:3000
106
107	basicauth @prometheus {
108		eric JDJhJDE0JDdPOXhoNUdhSmNVNDl6UWpmeTE0cWVkLjRwcUNJUnc0dVQ4MTZNSmVaNjA1TlptaVZYY1hh
109		antonio JDJhJDE0JHI5dkVtMW0vcGxIb011OG4vME5HOU91c3U2VjM2QTZiWVpUeXdSbEg3VUtNZVdhN3BRazFH
110		bot JDJhJDE0JFVsRlNHSDlJbFhDeUd0NldRR2JkcGVFYUJtWGluTHZDVlc5L3QwNWNwWUMuODRlcXZNZHpT
111	}
112	reverse_proxy @prometheus prometheus:9090
113
114	@caddymetrics {
115		host monitoring.{$MONITORING_APP_DOMAIN}
116		path /_caddy/metrics
117	}
118
119	metrics @caddymetrics {
120		disable_openmetrics
121	}
122}