From c83b7e7da3db0af5ef01e308e47c422e774bf3da Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Mon, 12 Oct 2020 23:27:58 -0400 Subject: fix(gs/mugwump): Make nginx scraper play well with SSL Having SSL on all the vhosts in nginx breaks the prometheus scraper with the default config, since because it's targeting a different domain the cert validation fails. It's pointing at localhost, so it's fine to just have it not validate. Change-Id: I1cbddc73335d4fa060115c253d69e27059a3113f Reviewed-on: https://cl.tvl.fyi/c/depot/+/2045 Reviewed-by: glittershark Tested-by: BuildkiteCI --- users/glittershark/system/system/machines/mugwump.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix index 96bc1cca3f02..267098a74fc1 100644 --- a/users/glittershark/system/system/machines/mugwump.nix +++ b/users/glittershark/system/system/machines/mugwump.nix @@ -96,6 +96,7 @@ with lib; services.nginx = { enable = true; + statusPage = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; @@ -146,6 +147,8 @@ with lib; nginx = { enable = true; openFirewall = true; + sslVerify = false; + constLabels = [ "host=mugwump" ]; }; }; @@ -155,6 +158,12 @@ with lib; static_configs = [{ targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; }]; + } { + job_name = "nginx"; + scrape_interval = "5s"; + static_configs = [{ + targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"]; + }]; }]; }; -- cgit 1.4.1