wooo/ewoooc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev
ewoooc/k8s/nginx/monitor.conf
ogt 1b4f3a7bbe
Some checks failed
CD Pipeline / deploy (push) Failing after 59s
Details
feat: EwoooC 初始化 — 完整專案推版至 Gitea 
- 建立 Gitea Actions CD pipeline (.gitea/workflows/cd.yaml)
- 部署模式: rsync Python 檔案至 188 → docker restart (volume mount)
- Dockerfile/requirements 變動時自動重建 Docker image
- 部署通知: Telegram (開始/成功/失敗)
- 健康檢查: https://mo.wooo.work/health (最多 5 次重試)
- 同步最新 CLAUDE.md / ADR-008 / memory (2026-04-19)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 01:21:13 +08:00

298 lines
9.9 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# =============================================================================
# WOOO TECH - Monitor Dashboard
# Nginx 配置 - UAT Server (192.168.0.110)
# 所有監控工具統一入口
# =============================================================================
# 上游服務定義
upstream grafana_backend {
server 127.0.0.1:3000;
}
upstream prometheus_backend {
server 127.0.0.1:9090;
}
upstream alertmanager_backend {
server 127.0.0.1:9093;
}
upstream portainer_backend {
server 127.0.0.1:9000;
}
upstream n8n_backend {
server 127.0.0.1:5678;
}
upstream pgadmin_backend {
server 127.0.0.1:8088;
}
upstream gitlab_backend {
server 127.0.0.1:8929;
}
upstream nextcloud_backend {
server 127.0.0.1:8081;
}
upstream loki_backend {
server 127.0.0.1:3100;
}
# K8s Grafana (NodePort)
upstream k8s_grafana_backend {
server 127.0.0.1:30030;
}
# Rancher (K8s 管理平台)
upstream rancher_backend {
server 127.0.0.1:8443;
}
# =============================================================================
# monitor.wooo.work - 監控入口 (HTTP -> HTTPS 重定向)
# =============================================================================
server {
listen 80;
server_name monitor.wooo.work;
return 301 https://$server_name$request_uri;
}
# =============================================================================
# monitor.wooo.work - 監控入口 (HTTPS)
# =============================================================================
server {
listen 443 ssl http2;
server_name monitor.wooo.work;
# SSL 證書
ssl_certificate /etc/letsencrypt/live/monitor.wooo.work/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/monitor.wooo.work/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# 監控首頁 (靜態頁面)
root /var/www/monitor;
index index.html;
# 首頁
location = / {
try_files /index.html =404;
}
# =========================================================================
# Docker Grafana (Port 3000)
# Grafana 配置了 GF_SERVER_SERVE_FROM_SUB_PATH=true
# 必須保留 /grafana/ 路徑傳給 Grafana
# =========================================================================
location /grafana/ {
proxy_pass http://grafana_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支援
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# =========================================================================
# K8s Grafana (NodePort 30030)
# 需要 rewrite 因為 K8s Grafana 沒有配置子路徑
# 建議直接訪問 http://192.168.0.110:30030
# =========================================================================
location /k8s-grafana/ {
proxy_pass http://k8s_grafana_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 重寫 Location header 中的重定向路徑
proxy_redirect / /k8s-grafana/;
# WebSocket 支援
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 替換回應中的路徑
sub_filter_once off;
sub_filter_types text/html application/javascript;
sub_filter 'href="/' 'href="/k8s-grafana/';
sub_filter 'src="/' 'src="/k8s-grafana/';
sub_filter '"/api/' '"/k8s-grafana/api/';
}
# =========================================================================
# Prometheus (Port 9090)
# 需要配置 --web.external-url 才能完美支援子路徑
# =========================================================================
location /prometheus/ {
proxy_pass http://prometheus_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 重寫重定向
proxy_redirect / /prometheus/;
}
# =========================================================================
# Alertmanager (Port 9093)
# =========================================================================
location /alertmanager/ {
proxy_pass http://alertmanager_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect / /alertmanager/;
}
# =========================================================================
# Portainer (Port 9000)
# =========================================================================
location /portainer/ {
proxy_pass http://portainer_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支援
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# Portainer API
location /portainer/api/ {
proxy_pass http://portainer_backend/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# =========================================================================
# n8n (Port 5678)
# 需要設置 N8N_PATH_PREFIX 環境變數
# =========================================================================
location /n8n/ {
proxy_pass http://n8n_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支援 (n8n 需要)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 較長的超時時間 (n8n 工作流可能需要)
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
# =========================================================================
# pgAdmin (Port 8088)
# 需要設置 SCRIPT_NAME 環境變數
# =========================================================================
location /pgadmin/ {
proxy_pass http://pgadmin_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Script-Name /pgadmin;
proxy_redirect off;
}
# =========================================================================
# Loki (Port 3100) - 僅 API
# =========================================================================
location /loki/ {
proxy_pass http://loki_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# =========================================================================
# Rancher (Port 8443) - K8s 管理平台
# 注意Rancher 不支援子路徑,建議直接訪問 https://192.168.0.110:8443
# =========================================================================
location /rancher/ {
proxy_pass https://rancher_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# SSL 後端
proxy_ssl_verify off;
# WebSocket 支援
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 較長的超時時間
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
}
# =============================================================================
# gitlab.wooo.work - GitLab (僅 HTTP無公網 DNS)
# =============================================================================
server {
listen 80;
server_name gitlab.wooo.work;
location / {
proxy_pass http://gitlab_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# GitLab 需要較大的緩衝區
proxy_buffers 8 32k;
proxy_buffer_size 64k;
client_max_body_size 0;
proxy_read_timeout 600s;
}
}
# =============================================================================
# cloud.wooo.work - Nextcloud (僅 HTTP無公網 DNS)
# =============================================================================
server {
listen 80;
server_name cloud.wooo.work;
location / {
proxy_pass http://nextcloud_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10G;
proxy_read_timeout 600s;
}
}
Reference in New Issue View Git Blame Copy Permalink