Enable exposure of Prometheus metrics.
This commit is contained in:
parent
f55a29a4d0
commit
87e3deebfd
@ -181,6 +181,10 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: "{{ matrix_mxisd_enabled }
|
||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090"
|
||||
|
||||
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "localhost:{{ matrix_synapse_metrics_port }}"
|
||||
|
||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_mxisd_enabled }}"
|
||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
|
||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"
|
||||
@ -272,6 +276,8 @@ matrix_synapse_trusted_third_party_id_servers: "{{ [hostname_matrix] if matrix_m
|
||||
# the Client/Server API's port to the local host (`127.0.0.1:8008`).
|
||||
matrix_synapse_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
|
||||
|
||||
matrix_synapse_container_expose_metrics_port: "{{ not matrix_nginx_proxy_enabled }}"
|
||||
|
||||
matrix_synapse_database_host: "{{ matrix_postgres_connection_hostname }}"
|
||||
matrix_synapse_database_user: "{{ matrix_postgres_connection_username }}"
|
||||
matrix_synapse_database_password: "{{ matrix_postgres_connection_password }}"
|
||||
|
@ -39,6 +39,11 @@ matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
|
||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "localhost:8090"
|
||||
|
||||
# Controls whether proxying for metrics (`/_synapse/metrics`) should be done (on the matrix domain)
|
||||
matrix_nginx_proxy_proxy_synapse_metrics: false
|
||||
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false
|
||||
matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: ""
|
||||
|
||||
# The addresses where the Matrix Client API is.
|
||||
# Certain extensions (like matrix-corporal) may override this in order to capture all traffic.
|
||||
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "matrix-synapse:8008"
|
||||
|
@ -28,6 +28,15 @@
|
||||
mode: 0644
|
||||
when: "matrix_nginx_proxy_enabled"
|
||||
|
||||
- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI)
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2"
|
||||
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
mode: 0400
|
||||
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configured (generic)
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
||||
@ -116,3 +125,9 @@
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/nginx.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_enabled"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled or not matrix_nginx_proxy_proxy_synapse_metrics"
|
||||
|
@ -120,6 +120,28 @@ server {
|
||||
proxy_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
{% if matrix_nginx_proxy_proxy_synapse_metrics %}
|
||||
location /_synapse/metrics {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container }}";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://{{ matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container }};
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
|
||||
auth_basic "protected";
|
||||
auth_basic_user_file .matrix-synapse-metrics-htpasswd;
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
location / {
|
||||
rewrite ^/$ /_matrix/static/ last;
|
||||
}
|
||||
|
@ -0,0 +1,2 @@
|
||||
# User and password for protecting /_synapse/metrics URI
|
||||
prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }}
|
@ -26,6 +26,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
||||
-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
|
||||
-v {{ matrix_ssl_config_dir_path }}:{{ matrix_ssl_config_dir_path }}:ro \
|
||||
-v {{ matrix_static_files_base_path }}:{{ matrix_static_files_base_path }}:ro \
|
||||
{% if (matrix_nginx_proxy_proxy_synapse_metrics and matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled) %}
|
||||
-v {{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd:/etc/nginx/.matrix-synapse-metrics-htpasswd:ro \
|
||||
{% endif %}
|
||||
{{ matrix_nginx_proxy_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
|
||||
|
@ -13,6 +13,9 @@ matrix_synapse_container_expose_client_server_api_port: false
|
||||
# Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999).
|
||||
matrix_appservice_irc_container_expose_client_server_api_port: false
|
||||
|
||||
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100).
|
||||
matrix_synapse_container_expose_metrics_port: false
|
||||
|
||||
# List of systemd services that matrix-synapse.service depends on
|
||||
matrix_synapse_systemd_required_services_list: ['docker.service']
|
||||
|
||||
@ -118,6 +121,11 @@ matrix_synapse_app_service_config_files: []
|
||||
# any password providers have been enabled or not.
|
||||
matrix_synapse_password_providers_enabled: false
|
||||
|
||||
# Enable exposure of metrics to Prometheus
|
||||
# See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.rst
|
||||
matrix_synapse_metrics_enabled: false
|
||||
matrix_synapse_metrics_port: 9100
|
||||
|
||||
# Postgres database information
|
||||
matrix_synapse_database_host: ""
|
||||
matrix_synapse_database_user: ""
|
||||
|
@ -127,6 +127,12 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js
|
||||
# List of ports that Synapse should listen on, their purpose and their
|
||||
# configuration.
|
||||
listeners:
|
||||
{% if matrix_synapse_metrics_enabled %}
|
||||
- type: metrics
|
||||
port: {{ matrix_synapse_metrics_port }}
|
||||
bind_addresses:
|
||||
- '0.0.0.0'
|
||||
{% endif %}
|
||||
{% if matrix_synapse_federation_enabled %}
|
||||
# Main HTTPS listener
|
||||
# For when matrix traffic is sent directly to synapse.
|
||||
@ -496,7 +502,7 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms }}
|
||||
## Metrics ###
|
||||
|
||||
# Enable collection and rendering of performance metrics
|
||||
enable_metrics: False
|
||||
enable_metrics: {{ matrix_synapse_metrics_enabled }}
|
||||
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
||||
|
||||
|
||||
|
@ -34,6 +34,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
||||
{% if matrix_synapse_container_expose_client_server_api_port %}
|
||||
-p 127.0.0.1:8008:8008 \
|
||||
{% endif %}
|
||||
{% if matrix_synapse_container_expose_metrics_port %}
|
||||
-p 127.0.0.1:{{ matrix_synapse_metrics_port }}:{{ matrix_synapse_metrics_port }} \
|
||||
{% endif %}
|
||||
-v {{ matrix_synapse_config_dir_path }}:/data:ro \
|
||||
-v {{ matrix_synapse_run_path }}:/matrix-run:rw \
|
||||
-v {{ matrix_synapse_base_path }}/storage:/matrix-media-store-parent:slave \
|
||||
|
Loading…
Reference in New Issue
Block a user