av/pet-project-server
1
0
Fork 0
Code Pull Requests Actions Activity

GoAccess: add for caddy logs monitoring
Linting / YAML Lint (push) Successful in 10s
Details
Linting / Ansible Lint (push) Failing after 33s
Details

Browse Source
This commit is contained in:
Anton Vakhrushev
2026-04-29 20:10:08 +03:00
parent 27834c6711
commit 4d92b3bd3e
9 changed files with 215 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
files/authelia/configuration.template.yml
+4
View File
@@ -731,6 +731,10 @@ access_control:
subject: 'group:admins'
policy: 'two_factor'
- domain: 'goaccess.vakhrushev.me'
subject: 'group:admins'
policy: 'two_factor'
- domain: 'wanderbase.vakhrushev.me'
subject: 'group:admins'
policy: 'two_factor'
files/caddyproxy/Caddyfile.j2
+53
View File
@@ -12,12 +12,32 @@
}
# -------------------------------------------------------------------
# Snippets
# -------------------------------------------------------------------
# Shared access log for all sites; consumed by GoAccess.
# Mode 644 lets read-only consumers (goaccess and ad-hoc host-side tail)
# read the file; lumberjack would otherwise default to 0600.
(access_log) {
log {
output file /var/log/caddy/access.log {
mode 644
roll_size 100mib
roll_keep 10
roll_keep_for 720h
}
format json
}
}
# -------------------------------------------------------------------
# Applications
# -------------------------------------------------------------------
vakhrushev.me {
tls anwinged@ya.ru
import access_log
# Matrix federation delegation: tells other servers/clients that the
# homeserver for vakhrushev.me lives at matrix.vakhrushev.me.
# https://spec.matrix.org/latest/server-server-api/#server-discovery
@@ -43,6 +63,7 @@ vakhrushev.me {
matrix.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to tuwunel_app:6167
}
@@ -51,12 +72,14 @@ matrix.vakhrushev.me {
auth.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy authelia_app:9091
}
status.vakhrushev.me, :29999 {
tls anwinged@ya.ru
import access_log
forward_auth authelia_app:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
@@ -68,6 +91,7 @@ status.vakhrushev.me, :29999 {
git.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to gitea_app:3000
}
@@ -76,6 +100,7 @@ git.vakhrushev.me {
outline.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to outline_app:3000
}
@@ -84,6 +109,7 @@ outline.vakhrushev.me {
gramps.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to gramps_app:5000
}
@@ -92,6 +118,7 @@ gramps.vakhrushev.me {
miniflux.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to miniflux_app:8080
}
@@ -100,6 +127,7 @@ miniflux.vakhrushev.me {
wakapi.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to wakapi_app:3000
}
@@ -108,6 +136,7 @@ wakapi.vakhrushev.me {
wanderer.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to wanderer_web:3000
}
@@ -116,6 +145,7 @@ wanderer.vakhrushev.me {
memos.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to memos_app:5230
}
@@ -124,6 +154,7 @@ memos.vakhrushev.me {
remembos.vakhrushev.me {
tls anwinged@ya.ru
import access_log
forward_auth authelia_app:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
@@ -137,6 +168,7 @@ remembos.vakhrushev.me {
calibre.vakhrushev.me {
tls anwinged@ya.ru
import access_log
reverse_proxy {
to calibre_web_app:8083
}
@@ -145,6 +177,7 @@ calibre.vakhrushev.me {
wanderbase.vakhrushev.me {
tls anwinged@ya.ru
import access_log
forward_auth authelia_app:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
@@ -158,6 +191,7 @@ wanderbase.vakhrushev.me {
rssbridge.vakhrushev.me {
tls anwinged@ya.ru
import access_log
forward_auth authelia_app:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
@@ -171,6 +205,7 @@ rssbridge.vakhrushev.me {
dozzle.vakhrushev.me {
tls anwinged@ya.ru
import access_log
forward_auth authelia_app:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name Remote-Filter
@@ -180,3 +215,21 @@ dozzle.vakhrushev.me {
}
goaccess.vakhrushev.me {
tls anwinged@ya.ru
import access_log
forward_auth authelia_app:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
@websocket {
header Connection *Upgrade*
header Upgrade websocket
}
reverse_proxy @websocket goaccess_processor:7890
reverse_proxy goaccess_app:8080
}
files/caddyproxy/docker-compose.yml.j2
+1
View File
@@ -14,6 +14,7 @@ services:
- {{ caddy_file_dir }}:/etc/caddy
- {{ data_dir }}:/data
- {{ config_dir }}:/config
- {{ caddy_logs_dir }}:/var/log/caddy
networks:
- "web_proxy_network"
files/goaccess/docker-compose.template.yml
+40
View File
@@ -0,0 +1,40 @@
services:
goaccess_processor:
image: allinurl/goaccess:1.10.2
container_name: goaccess_processor
restart: unless-stopped
user: "{{ app_owner_uid }}:{{ app_owner_gid }}"
command: >
--log-format=CADDY
--enable-panel=VIRTUAL_HOSTS
--real-time-html
--port=7890
--ws-url=wss://goaccess.vakhrushev.me:443
--output=/srv/report/index.html
--persist
--restore
--db-path=/srv/db
--no-global-config
/srv/logs/access.log
volumes:
- "{{ caddy_logs_dir }}:/srv/logs:ro"
- "{{ db_dir }}:/srv/db"
- "{{ report_dir }}:/srv/report"
networks:
- "web_proxy_network"
goaccess_app:
image: caddy:2.11.2
container_name: goaccess_app
restart: unless-stopped
user: "{{ app_owner_uid }}:{{ app_owner_gid }}"
command: caddy file-server --listen :8080 --root /srv --browse
volumes:
- "{{ report_dir }}:/srv:ro"
networks:
- "web_proxy_network"
networks:
web_proxy_network:
external: true