From 506b71dc35ca4e4bfd42254b07c6769dc000ad60 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 03:37:23 +0300 Subject: [PATCH 01/18] fix --- prepare/run-production.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/prepare/run-production.sh b/prepare/run-production.sh index c28854d..7e58718 100644 --- a/prepare/run-production.sh +++ b/prepare/run-production.sh @@ -5,6 +5,7 @@ docker network create -d overlay --attachable common-infra-nginx-development || docker network create -d overlay --attachable queues || true docker network create -d overlay --attachable queues-development || true docker network create -d overlay --attachable configurator || true +docker network create -d overlay --attachable monitoring || true docker network create -d overlay --attachable configurator-development || true docker network create -d overlay --attachable clickhouse || true docker network create -d overlay --attachable clickhouse-development || true -- 2.45.2 From 6ebd7f593027cb516e2cd73d91e3da0fa8d2be4b Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 04:43:51 +0300 Subject: [PATCH 02/18] fix --- .deploy-infra/deploy-prod.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index 249bd18..dc8bb0d 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -27,6 +27,20 @@ services: parallelism: 1 # order: start-first + grafana: + image: grafana/grafana + networks: + - common-infra-nginx + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + placement: + constraints: [node.labels.stage == production] + update_config: + parallelism: 1 + clickhouse: image: clickhouse networks: -- 2.45.2 From 3aeb01a6ca29a1f2f8fdcc18df0bbbb38cdbe2f0 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 12:42:20 +0300 Subject: [PATCH 03/18] fix --- .deploy-infra/deploy-prod.yaml | 4 ++++ prepare/run-production.sh | 2 ++ 2 files changed, 6 insertions(+) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index dc8bb0d..d50dab2 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -31,6 +31,10 @@ services: image: grafana/grafana networks: - common-infra-nginx + volumes: + - /sprint-data/grafana:/var/lib/grafana + environment: + - GF_SERVER_ROOT_URL=https://grafana.chocomarsh.com deploy: mode: replicated replicas: 1 diff --git a/prepare/run-production.sh b/prepare/run-production.sh index 7e58718..7e3d074 100644 --- a/prepare/run-production.sh +++ b/prepare/run-production.sh @@ -15,7 +15,9 @@ mkdir /sprint-data/rabbitmq || true mkdir /sprint-data/certs || true mkdir /sprint-data/gitea || true mkdir /sprint-data/clickhouse || true +mkdir /sprint-data/grafana || true chmod 777 /sprint-data/redis chmod 777 /sprint-data/rabbitmq chmod 777 /sprint-data/gitea chmod 777 /sprint-data/clickhouse +chmod 777 /sprint-data/grafana -- 2.45.2 From 16b3adc2e38023ae78674f9e2e637f59d3ac6c9e Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 13:01:20 +0300 Subject: [PATCH 04/18] fix --- .gitea/workflows/deploy-prod.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/deploy-prod.yaml b/.gitea/workflows/deploy-prod.yaml index 613ea59..5a3e0d5 100644 --- a/.gitea/workflows/deploy-prod.yaml +++ b/.gitea/workflows/deploy-prod.yaml @@ -16,7 +16,7 @@ jobs: - name: checkout uses: actions/checkout@v4 with: - ref: dev + ref: prod - name: build nginx prod run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod - name: build gitea runner @@ -40,7 +40,7 @@ jobs: - name: checkout uses: actions/checkout@v4 with: - ref: dev + ref: prod - name: prepare run: chmod 777 ./prepare/run-production.sh && ./prepare/run-production.sh deploy-prod: -- 2.45.2 From fc6f0e76946adebf001c908ef9e7c1e2877878f1 Mon Sep 17 00:00:00 2001 From: emmatveev Date: Sat, 14 Jun 2025 19:52:53 +0300 Subject: [PATCH 05/18] Update .deploy-infra/deploy-prod.yaml --- .deploy-infra/deploy-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index d50dab2..702a4b9 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -34,7 +34,7 @@ services: volumes: - /sprint-data/grafana:/var/lib/grafana environment: - - GF_SERVER_ROOT_URL=https://grafana.chocomarsh.com + - GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com deploy: mode: replicated replicas: 1 -- 2.45.2 From 8890a24d568692d5fb0617f8e4d5cb8cb755ed5c Mon Sep 17 00:00:00 2001 From: emmatveev Date: Sat, 14 Jun 2025 19:55:35 +0300 Subject: [PATCH 06/18] Update .deploy-infra/deploy-prod.yaml --- .deploy-infra/deploy-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index 702a4b9..8813000 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -34,7 +34,7 @@ services: volumes: - /sprint-data/grafana:/var/lib/grafana environment: - - GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com + GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com deploy: mode: replicated replicas: 1 -- 2.45.2 From 3f32593755d1843845bde64c767d51e015d3f111 Mon Sep 17 00:00:00 2001 From: emmatveev Date: Sat, 14 Jun 2025 20:06:30 +0300 Subject: [PATCH 07/18] Update .deploy-infra/deploy-prod.yaml --- .deploy-infra/deploy-prod.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index 8813000..e3f069c 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -34,7 +34,11 @@ services: volumes: - /sprint-data/grafana:/var/lib/grafana environment: - GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com + GF_SERVER_ROOT_URL: https://nocomarsh.com + GF_SECURITY_ALLOW_EMBEDDING: true + GF_AUTH_COOKIE_SAMESITE: none + GF_CORS_ENABLED: true + GF_CORS_ALLOW_ORIGINS: https://nocomarsh.com deploy: mode: replicated replicas: 1 -- 2.45.2 From 13b4fbbd69e517aa66774b0239555dba8b341934 Mon Sep 17 00:00:00 2001 From: emmatveev Date: Sat, 14 Jun 2025 20:10:11 +0300 Subject: [PATCH 08/18] Update .deploy-infra/deploy-prod.yaml --- .deploy-infra/deploy-prod.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index e3f069c..506f99e 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -34,11 +34,11 @@ services: volumes: - /sprint-data/grafana:/var/lib/grafana environment: - GF_SERVER_ROOT_URL: https://nocomarsh.com + GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com GF_SECURITY_ALLOW_EMBEDDING: true - GF_AUTH_COOKIE_SAMESITE: none + GF_AUTH_COOKIE_SAMESITE: null GF_CORS_ENABLED: true - GF_CORS_ALLOW_ORIGINS: https://nocomarsh.com + GF_CORS_ALLOW_ORIGINS: https://grafana.chocomarsh.com deploy: mode: replicated replicas: 1 -- 2.45.2 From 5efa8a98da7cba35fd45f02e59542b051fb6972e Mon Sep 17 00:00:00 2001 From: emmatveev Date: Sat, 14 Jun 2025 20:12:21 +0300 Subject: [PATCH 09/18] Update .deploy-infra/deploy-prod.yaml --- .deploy-infra/deploy-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index 506f99e..5695aef 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -36,7 +36,7 @@ services: environment: GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com GF_SECURITY_ALLOW_EMBEDDING: true - GF_AUTH_COOKIE_SAMESITE: null + GF_AUTH_COOKIE_SAMESITE: "none" GF_CORS_ENABLED: true GF_CORS_ALLOW_ORIGINS: https://grafana.chocomarsh.com deploy: -- 2.45.2 From 150337c17dd30a104be47bf184a1061bf94508bc Mon Sep 17 00:00:00 2001 From: emmatveev Date: Sat, 14 Jun 2025 20:21:34 +0300 Subject: [PATCH 10/18] Update .deploy-infra/deploy-prod.yaml --- .deploy-infra/deploy-prod.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index 5695aef..fd76404 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -35,9 +35,7 @@ services: - /sprint-data/grafana:/var/lib/grafana environment: GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com - GF_SECURITY_ALLOW_EMBEDDING: true - GF_AUTH_COOKIE_SAMESITE: "none" - GF_CORS_ENABLED: true + GF_CORS_ENABLED: "true" GF_CORS_ALLOW_ORIGINS: https://grafana.chocomarsh.com deploy: mode: replicated -- 2.45.2 From c25c56b27b2051aa764aa51ddcc8954f1b2b70df Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 22:29:39 +0300 Subject: [PATCH 11/18] fix --- .deploy-infra/deploy-prod.yaml | 1 + 1 file changed, 1 insertion(+) mode change 100644 => 100755 .deploy-infra/deploy-prod.yaml diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml old mode 100644 new mode 100755 index fd76404..f6c45cf --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -31,6 +31,7 @@ services: image: grafana/grafana networks: - common-infra-nginx + - clickhouse volumes: - /sprint-data/grafana:/var/lib/grafana environment: -- 2.45.2 From 41be37ca6654c3b573bd53b8f689d0f3ba4f3932 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 22:34:58 +0300 Subject: [PATCH 12/18] fix --- .deploy-infra/deploy-prod.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index f6c45cf..f564857 100755 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -37,7 +37,8 @@ services: environment: GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com GF_CORS_ENABLED: "true" - GF_CORS_ALLOW_ORIGINS: https://grafana.chocomarsh.com + GF_AUTH_DISABLE_LOGIN_FORM: "false" + GF_CORS_ALLOW_ORIGINS: "*" deploy: mode: replicated replicas: 1 -- 2.45.2 From 1da6bf7cb8ea550e47003587bba615853fc047e3 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 22:40:36 +0300 Subject: [PATCH 13/18] fix --- .deploy-infra/deploy-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index f564857..65f15fc 100755 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -36,7 +36,7 @@ services: - /sprint-data/grafana:/var/lib/grafana environment: GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com - GF_CORS_ENABLED: "true" + GF_CORS_ENABLED: "false" GF_AUTH_DISABLE_LOGIN_FORM: "false" GF_CORS_ALLOW_ORIGINS: "*" deploy: -- 2.45.2 From c9ab3ab4426fa973b530c80edd0382fd453d0e35 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 22:45:10 +0300 Subject: [PATCH 14/18] fix --- nginx/nginx-prod/prepare.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx/nginx-prod/prepare.py b/nginx/nginx-prod/prepare.py index d4ea956..d719cbc 100644 --- a/nginx/nginx-prod/prepare.py +++ b/nginx/nginx-prod/prepare.py @@ -44,6 +44,10 @@ for host, params in hosts.items(): add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-refferer-when-downgrade" always; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; location / {{ resolver 127.0.0.11; -- 2.45.2 From 76c072e36a28aef44168a4d91c885815220da1dd Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 22:45:29 +0300 Subject: [PATCH 15/18] fix --- nginx/nginx-dev/prepare.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 1f4671b..caf012c 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -44,6 +44,10 @@ for host, params in hosts.items(): add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-refferer-when-downgrade" always; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; location / {{ resolver 127.0.0.11; -- 2.45.2 From 3b5541e98aac6f771fc548289a4c9c3900cf0d0e Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 22:55:04 +0300 Subject: [PATCH 16/18] fix --- .deploy-infra/deploy-prod.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index 65f15fc..887f027 100755 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -39,6 +39,7 @@ services: GF_CORS_ENABLED: "false" GF_AUTH_DISABLE_LOGIN_FORM: "false" GF_CORS_ALLOW_ORIGINS: "*" + GF_SECURITY_CONTENT_SECURITY_POLICY: "false" deploy: mode: replicated replicas: 1 -- 2.45.2 From f35bbf3548b5610eb135eb8c397a9309a9933fa9 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sat, 14 Jun 2025 23:01:01 +0300 Subject: [PATCH 17/18] fix --- nginx/nginx-dev/prepare.py | 1 - nginx/nginx-prod/prepare.py | 1 - 2 files changed, 2 deletions(-) diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index caf012c..c0d7946 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -43,7 +43,6 @@ for host, params in hosts.items(): add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/nginx-prod/prepare.py b/nginx/nginx-prod/prepare.py index d719cbc..10566b0 100644 --- a/nginx/nginx-prod/prepare.py +++ b/nginx/nginx-prod/prepare.py @@ -43,7 +43,6 @@ for host, params in hosts.items(): add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -- 2.45.2 From 37337a68ab109efbce9ff92c0cf61c38cc13f5ec Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 15 Jun 2025 00:44:42 +0300 Subject: [PATCH 18/18] fix --- .deploy-infra/deploy-dev.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.deploy-infra/deploy-dev.yaml b/.deploy-infra/deploy-dev.yaml index c2ec820..645b139 100644 --- a/.deploy-infra/deploy-dev.yaml +++ b/.deploy-infra/deploy-dev.yaml @@ -31,6 +31,7 @@ services: image: clickhouse networks: - clickhouse-development + - common-infra-nginx-development volumes: - /sprint-data/clickhouse:/var/lib/clickhouse environment: -- 2.45.2