wooo/ewoooc
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
dev
ewoooc/docker/nginx/sites-available/monitor
ogt 1b4f3a7bbe
Some checks failed
CD Pipeline / deploy (push) Failing after 59s
Details
feat: EwoooC 初始化 — 完整專案推版至 Gitea 
- 建立 Gitea Actions CD pipeline (.gitea/workflows/cd.yaml)
- 部署模式: rsync Python 檔案至 188 → docker restart (volume mount)
- Dockerfile/requirements 變動時自動重建 Docker image
- 部署通知: Telegram (開始/成功/失敗)
- 健康檢查: https://mo.wooo.work/health (最多 5 次重試)
- 同步最新 CLAUDE.md / ADR-008 / memory (2026-04-19)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 01:21:13 +08:00

450 lines
15 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# =============================================================================
# WOOO TECH - Monitor Dashboard
# Nginx 配置 - UAT Server (192.168.0.110)
# 所有監控工具統一入口
# 2026-02-08 整理版本 - 移除 Harbor其他服務保留
# =============================================================================
# 上游服務定義
upstream grafana_backend {
server 127.0.0.1:3000;
}
upstream prometheus_backend {
# K8s Prometheus ClusterIP
server 10.43.25.78:9090;
}
upstream alertmanager_backend {
# K8s Alertmanager ClusterIP
server 10.43.79.187:9093;
}
upstream portainer_backend {
server 127.0.0.1:9000;
}
upstream n8n_backend {
server 10.43.193.218:5678;
}
upstream superset_backend {
server 127.0.0.1:8088;
}
upstream gitlab_backend {
server 127.0.0.1:8929;
}
upstream nextcloud_backend {
server 127.0.0.1:8081;
}
upstream loki_backend {
server 127.0.0.1:3100;
}
upstream metabase_backend {
server 127.0.0.1:3001;
}
upstream grist_backend {
server 127.0.0.1:8484;
}
upstream cadvisor_backend {
server 127.0.0.1:8080;
}
upstream blackbox_backend {
server 127.0.0.1:9115;
}
upstream node_exporter_backend {
server 127.0.0.1:9100;
}
upstream postgres_exporter_backend {
server 127.0.0.1:9187;
}
# K8s Grafana (NodePort)
upstream k8s_grafana_backend {
server 127.0.0.1:30030;
}
# Docker Registry (HTTPS 通過 Nginx 代理)
upstream registry_backend {
server 127.0.0.1:5002;
}
# =============================================================================
# monitor.wooo.work - 監控入口 (HTTP -> HTTPS 重定向)
# =============================================================================
server {
listen 80;
server_name monitor.wooo.work;
# HSTS - 強制 HTTPS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
return 301 https://$server_name$request_uri;
}
# =============================================================================
# monitor.wooo.work - 監控入口 (HTTPS)
# =============================================================================
server {
listen 443 ssl http2;
server_name monitor.wooo.work;
# HSTS - 強制 HTTPS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
# SSL 證書
ssl_certificate /etc/letsencrypt/live/monitor.wooo.work/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/monitor.wooo.work/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# 監控首頁 (靜態頁面)
root /var/www/monitor;
index index.html;
# 首頁
# API 代理 - 轉發到 MOMO App
# API 代理 - 轉發到 MOMO App
location /api/ {
proxy_pass https://mo.wooo.work/api/;
proxy_set_header Host mo.wooo.work;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_verify off;
}
location = / {
try_files /index.html =404;
}
# =========================================================================
# Docker Grafana (Port 3000)
# =========================================================================
location /grafana/ {
proxy_pass http://grafana_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支援
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# =========================================================================
# K8s Grafana (NodePort 30030)
# =========================================================================
location /k8s-grafana/ {
proxy_pass http://k8s_grafana_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect / /k8s-grafana/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
sub_filter_once off;
sub_filter_types text/html application/javascript;
sub_filter 'src="/' 'src="/k8s-grafana/';
sub_filter '"/api/' '"/k8s-grafana/api/';
}
# =========================================================================
# Prometheus (Port 9090)
# =========================================================================
location /prometheus/ {
proxy_pass http://prometheus_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect / /prometheus/;
}
# =========================================================================
# Alertmanager (Port 9093)
# =========================================================================
location /alertmanager/ {
proxy_pass http://alertmanager_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect / /alertmanager/;
}
# =========================================================================
# Portainer (Port 9000)
# =========================================================================
location /portainer/ {
proxy_pass http://portainer_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /portainer/api/ {
proxy_pass http://portainer_backend/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# =========================================================================
# n8n (Port 5678)
# =========================================================================
location /n8n/ {
proxy_pass http://n8n_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
# =========================================================================
# Apache Superset BI (Port 8088)
# =========================================================================
# 認證相關路徑重定向
location = /login/ {
return 302 /superset/login/;
}
location = /logout/ {
return 302 /superset/logout/;
}
location ^~ /lang/ {
return 302 /superset$request_uri;
}
location ^~ /users/ {
return 302 /superset$request_uri;
}
location ^~ /static/ {
return 302 /superset$request_uri;
}
# Superset 首頁特殊處理
# Superset 登入頁面特殊處理
location = /superset/login/ {
proxy_pass http://superset_backend/login/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /superset/ {
# 根路徑重定向到 welcome
if ($request_uri = /superset/) {
return 302 /superset/welcome/;
}
proxy_pass http://superset_backend;
proxy_redirect ~^(/superset/.*)$ $1;
proxy_redirect ~^/(?!superset)(.*)$ /superset/$1;
gzip off;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
sub_filter '"/static/' '"/superset/static/';
sub_filter "'/static/" "'/superset/static/";
sub_filter_once off;
sub_filter_types text/html application/javascript text/css;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
}
# =========================================================================
# Loki (Port 3100)
# =========================================================================
location /loki/ {
proxy_pass http://loki_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# =========================================================================
# Metabase (Port 3001)
# =========================================================================
location /metabase/ {
proxy_pass http://metabase_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect / /metabase/;
}
# =========================================================================
# cAdvisor (Port 8080)
# =========================================================================
location /cadvisor/ {
proxy_pass http://cadvisor_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect / /cadvisor/;
}
# =========================================================================
# Blackbox Exporter (Port 9115)
# =========================================================================
location /blackbox/ {
proxy_pass http://blackbox_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# =========================================================================
# Node Exporter (Port 9100)
# =========================================================================
location /node-exporter/ {
proxy_pass http://node_exporter_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# =========================================================================
# PostgreSQL Exporter (Port 9187)
# =========================================================================
location /postgres-exporter/ {
proxy_pass http://postgres_exporter_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# =========================================================================
# Docker Registry (Port 5002)
# =========================================================================
location /registry/ {
proxy_pass http://registry_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Registry 需要大檔案上傳
client_max_body_size 0;
proxy_read_timeout 900;
proxy_send_timeout 900;
}
}
# =============================================================================
# gitlab.wooo.work - GitLab (僅內網)
# =============================================================================
server {
listen 80;
server_name gitlab.wooo.work;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
proxy_pass http://gitlab_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
client_max_body_size 0;
proxy_read_timeout 600s;
}
}
# =============================================================================
# cloud.wooo.work - Nextcloud (僅內網)
# =============================================================================
server {
listen 80;
server_name cloud.wooo.work;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
proxy_pass http://nextcloud_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10G;
proxy_read_timeout 600s;
}
}
# =============================================================================
# grist.wooo.work - Grist (僅內網)
# =============================================================================
server {
listen 80;
server_name grist.wooo.work;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
}
Reference in New Issue View Git Blame Copy Permalink