diff --git a/swarm.yml b/swarm.yml index f32afc3..8f653a3 100644 --- a/swarm.yml +++ b/swarm.yml @@ -297,13 +297,12 @@ - "traefik.http.routers.auth.rule=Host(`auth.jingoh.private`)" - "traefik.http.routers.auth.entrypoints=websecure" - "traefik.http.routers.auth.tls=true" - - "traefik.http.routers.auth.middlewares=privatevpn" + - "traefik.http.routers.auth.middlewares=privatevpn,forward-auth" - "traefik.http.routers.auth.service=auth@swarm" - "traefik.http.services.auth.loadbalancer.server.port=4181" - "traefik.http.middlewares.forward-auth.forwardauth.address=http://forward-auth:4181" - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User" - - "traefik.http.routers.auth.middlewares=forward-auth" placement: constraints: - node.role == manager @@ -327,6 +326,28 @@ - "traefik.enable=false" networks: - public + grafana: + image: grafana/grafana:latest + container_name: grafana + security_opt: + - no-new-privileges:true + restart: unless-stopped + networks: + - public + volumes: + - grafana-lib:/var/lib/grafana + environment: + GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-worldmap-panel,grafana-piechart-panel" + labels: + - "traefik.enable=true" + # HTTP Routers + - "traefik.http.routers.grafana-rtr.entrypoints=websecure" + - "traefik.http.routers.grafana-rtr.rule=Host(`grafana2.jingoh.private`)" + # Middlewares + - "traefik.http.routers.grafana-rtr.middlewares=privatevpn,forward-auth" + # HTTP Services + - "traefik.http.routers.grafana-rtr.service=grafana-svc" + - "traefik.http.services.grafana-svc.loadbalancer.server.port=3000" networks: public: external: true @@ -334,13 +355,10 @@ external: true attachable: true volumes: - db-data: - influx-data: + grafana-lib: configs: traefik-dynamic-configuration: external: true - traefik-forward-auth: - external: true secrets: wildcard-jingoh-private.crt: external: true