Skip to content

Commit

Permalink
feat/fix: apply NAT IP only AWS to LOKI request by Caddy (#13)
Browse files Browse the repository at this point in the history
* feat/fix: apply NAT IP only AWS to LOKI request by Caddy
1. codedang AWS에서 오는 요청만 LOKI에서 수집하기 위해 Caddy에서 특정 NAT IP만 프록시하도록 설정하였습니다.
2. github action flow 를 보완하였습니다.
- Caddy를 reload하는 과정은 static frontend file mount가 정상적으로 작동하지 않았을 때 해결하는 과정이므로 불필요하다고 생각합니다.
- 사용하지 않는 volume을 삭제하는 과정은 추후 로그 분석시 이전 log가 삭제될 가능성을 염두하였을 때 불필요하다고 생각합니다.
- container가 running인지 확인하는 과정은 log container에 국한되므로, 이를 분리합니다.

* fix(Caddy): reload caddy not running compose caddy up always
- Caddy를 reload하는 것은 필수적입니다. 매번 docker compose 실행시, Caddy에서 TLS인증서를 매번 새로 받아오므로 문제가 생길 수 있습니다. 따라서, 컨테이너는 계속 유지시키고, reload만 하는 방법으로 수정합니다.
  • Loading branch information
goathoon authored Jan 31, 2024
1 parent 3a80325 commit b0a10b8
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 15 deletions.
29 changes: 14 additions & 15 deletions .github/workflows/update-stage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,32 +21,31 @@ jobs:
GF_SMTP_FROM_ADDRESS = ${{ secrets.FROM_ADDRESS }}
EOF
- name: Check if containers are running
id: check-container
- name: Check if Caddy containers are running
id: check-caddy-container
run: |
{
echo 'stdout<<EOF'
docker compose --profile log ps -q
docker compose --profile caddy ps -q
echo EOF
} >> "$GITHUB_OUTPUT"
- name: Initialize containers
if: steps.check-container.outputs.stdout == ''
- name: when caddy container down, caddy up
if: steps.check-caddy-container.outputs.stdout == ''
run: |
docker compose --profile caddy up -d --no-recreate
docker compose --profile log up -d --no-recreate
- name: Run Docker Compose
run: |
docker compose --profile log up -d
- name: Copy Caddyfile into Caddy Container
env:
AWS_REQ_IP: ${{ secrets.AWS_NAT_IP }}
run: |
docker cp ./Caddyfile caddy:/etc/caddy/Caddyfile
- name: Gracefully reload Caddy
run: |
docker exec -w /etc/caddy caddy caddy reload
- name: Remove unused docker storages
run: docker system prune -a -f --volumes
- name: Run Docker Compose Of Log
run: |
docker compose --profile log up -d
3 changes: 3 additions & 0 deletions Caddyfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
grafana.codedang.com {
handle /lokiaws/* {
@blocked not remote_ip {$AWS_REQ_IP}
respond @blocked "Forbidden" 403

uri strip_prefix /lokiaws
reverse_proxy 127.0.0.1:3100
}
Expand Down

0 comments on commit b0a10b8

Please sign in to comment.