]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/prometheus/templates/default/apache.erb
Restrict fail2ban to evasive blocks instead of all 403 errors
[chef.git] / cookbooks / prometheus / templates / default / apache.erb
index 1dead4474328dd5ffcdf57e03c8af18ae9327aa4..af005314002b5ba7a96bc934850241f2ebb0c973 100644 (file)
@@ -5,7 +5,7 @@
        ServerAlias prometheus.osm.org
        ServerAdmin webmaster@openstreetmap.org
 
-       CustomLog /var/log/apache2/prometheus.openstreetmap.org-access.log combined
+       CustomLog /var/log/apache2/prometheus.openstreetmap.org-access.log combined_extended
        ErrorLog /var/log/apache2/prometheus.openstreetmap.org-error.log
 
        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
@@ -16,7 +16,7 @@
        ServerName prometheus.openstreetmap.org
        ServerAdmin webmaster@openstreetmap.org
 
-       CustomLog /var/log/apache2/prometheus.openstreetmap.org-access.log combined
+       CustomLog /var/log/apache2/prometheus.openstreetmap.org-access.log combined_extended
        ErrorLog /var/log/apache2/prometheus.openstreetmap.org-error.log
 
        SSLEngine on
        SSLCertificateKeyFile /etc/ssl/private/prometheus.openstreetmap.org.key
 
        ProxyPass /prometheus http://localhost:9090/prometheus
-       Redirect 403 /alertmanager/api
        ProxyPass /alertmanager http://localhost:9093/alertmanager
        ProxyPass /karma http://localhost:8081/karma
        ProxyPass /api/live/ws ws://localhost:3000/api/live/ws
        ProxyPass / http://localhost:3000/
        ProxyPreserveHost on
 
+       <Location /prometheus/api/v1/admin>
+               Require all denied
+       </Location>
+
        <Location /alertmanager>
 <% @admin_hosts.each do |host| -%>
                Require ip <%= host %>