about summary refs log tree commit diff
diff options
context:
space:
mode:
authorGriffin Smith <grfn@gws.fyi>2020-10-13T03·27-0400
committerglittershark <grfn@gws.fyi>2020-10-13T03·35+0000
commitc83b7e7da3db0af5ef01e308e47c422e774bf3da (patch)
treeb1b0da0a36d78cf7627bf64a2bd1e95a7771d996
parent8cb7118f7d2c905cb47bea98c8da5bd7a3f2edd6 (diff)
fix(gs/mugwump): Make nginx scraper play well with SSL r/1845
Having SSL on all the vhosts in nginx breaks the prometheus scraper with
the default config, since because it's targeting a different domain the
cert validation fails. It's pointing at localhost, so it's fine to just
have it not validate.

Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
-rw-r--r--users/glittershark/system/system/machines/mugwump.nix9
1 files changed, 9 insertions, 0 deletions
diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix
index 96bc1cca3f02..267098a74fc1 100644
--- a/users/glittershark/system/system/machines/mugwump.nix
+++ b/users/glittershark/system/system/machines/mugwump.nix
@@ -96,6 +96,7 @@ with lib;
 
   services.nginx = {
     enable = true;
+    statusPage = true;
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedTlsSettings = true;
@@ -146,6 +147,8 @@ with lib;
       nginx = {
         enable = true;
         openFirewall = true;
+        sslVerify = false;
+        constLabels = [ "host=mugwump" ];
       };
     };
 
@@ -155,6 +158,12 @@ with lib;
       static_configs = [{
         targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];
       }];
+    } {
+      job_name = "nginx";
+      scrape_interval = "5s";
+      static_configs = [{
+        targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"];
+      }];
     }];
   };