]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/prometheus/templates/default/apache.erb
Restrict fail2ban to evasive blocks instead of all 403 errors
[chef.git] / cookbooks / prometheus / templates / default / apache.erb
index edc1647af906fcbe20de0ea7e498bb82cf6338ae..af005314002b5ba7a96bc934850241f2ebb0c973 100644 (file)
@@ -5,7 +5,7 @@
        ServerAlias prometheus.osm.org
        ServerAdmin webmaster@openstreetmap.org
 
-       CustomLog /var/log/apache2/prometheus.openstreetmap.org-access.log combined
+       CustomLog /var/log/apache2/prometheus.openstreetmap.org-access.log combined_extended
        ErrorLog /var/log/apache2/prometheus.openstreetmap.org-error.log
 
        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
@@ -16,7 +16,7 @@
        ServerName prometheus.openstreetmap.org
        ServerAdmin webmaster@openstreetmap.org
 
-       CustomLog /var/log/apache2/prometheus.openstreetmap.org-access.log combined
+       CustomLog /var/log/apache2/prometheus.openstreetmap.org-access.log combined_extended
        ErrorLog /var/log/apache2/prometheus.openstreetmap.org-error.log
 
        SSLEngine on
        SSLCertificateKeyFile /etc/ssl/private/prometheus.openstreetmap.org.key
 
        ProxyPass /prometheus http://localhost:9090/prometheus
-       Redirect 403 /alertmanager/api
        ProxyPass /alertmanager http://localhost:9093/alertmanager
+       ProxyPass /karma http://localhost:8081/karma
+       ProxyPass /api/live/ws ws://localhost:3000/api/live/ws
        ProxyPass / http://localhost:3000/
        ProxyPreserveHost on
 
+       <Location /prometheus/api/v1/admin>
+               Require all denied
+       </Location>
+
        <Location /alertmanager>
 <% @admin_hosts.each do |host| -%>
                Require ip <%= host %>
+<% end -%>
+       </Location>
+
+       <Location /karma>
+<% @admin_hosts.each do |host| -%>
+               Require ip <%= host %>
 <% end -%>
        </Location>
 </VirtualHost>