{"id":16982335,"url":"https://github.com/sebastianwachter/trapralgra","last_synced_at":"2025-03-21T23:42:00.290Z","repository":{"id":124749604,"uuid":"234657344","full_name":"sebastianwachter/TraPrAlGra","owner":"sebastianwachter","description":"An easy to deploy router and monitoring stack.","archived":false,"fork":false,"pushed_at":"2020-01-21T14:21:05.000Z","size":25,"stargazers_count":2,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-20T15:52:59.590Z","etag":null,"topics":["alertmanager","cadvisor","docker","grafana","node-exporter","prometheus","pushgateway","traefik-v2"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sebastianwachter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-18T00:03:35.000Z","updated_at":"2020-06-06T14:18:56.000Z","dependencies_parsed_at":null,"dependency_job_id":"95eb9b31-6de9-4833-8e88-3350c4c07dc4","html_url":"https://github.com/sebastianwachter/TraPrAlGra","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebastianwachter%2FTraPrAlGra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebastianwachter%2FTraPrAlGra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebastianwachter%2FTraPrAlGra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebastianwachter%2FTraPrAlGra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sebastianwachter","download_url":"https://codeload.github.com/sebastianwachter/TraPrAlGra/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244885514,"owners_count":20526293,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alertmanager","cadvisor","docker","grafana","node-exporter","prometheus","pushgateway","traefik-v2"],"created_at":"2024-10-14T02:08:00.401Z","updated_at":"2025-03-21T23:42:00.256Z","avatar_url":"https://github.com/sebastianwachter.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# TraPrAlGra\n\nA **Tra**efik, **Pr**ometheus, node-exporter, cAdvisor, pushgateway, **Al**ertmanager and **Gra**fana edge router and monitoring stack. The goal of this project is to provide people an easy to set up and deploy stack using modern technologies. It will auto generate A+ rated (according to [SSL-Labs](https://www.ssllabs.com/)) SSL certificates issued by Let's Encrypt. TraPrAlGra also redirects users, trying to access pages using http, to their https counterparts automatically.\n\n## The main components:\n\n### Traefik\n\n\u003e Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them. - [Traefik](https://docs.traefik.io/)\n\nTraefik makes registering new services (including their respective subdomains) a breeze and keeps the configuration lean and readable.\n\n### Prometheus\n\n\u003e Prometheus is a free software application used for event monitoring and alerting. It records real-time metrics in a time series database (allowing for high dimensionality) built using a HTTP pull model, with flexible queries and real-time alerting. - [Wikipedia](https://en.wikipedia.org/wiki/Prometheus_(software))\n\nPrometheus is the center point of the monitoring stack which collets all kinds of metric data generated by its sub-party (node-exporter, cAdvisor, push-gateway and traefik itself). In case of a definable alert it (Alertmanager) will send out a message to configurable receivers.\nSince not all services support the Prometheus pull model the push-gateway is included in this stack to allow collecting metrics from these services as well.\n\n### Grafana\n\n\u003e Grafana is an open-source, general purpose dashboard and graph composer, which runs as a web application. - [Arch Wiki](https://wiki.archlinux.org/index.php/Grafana)\n\nGrafana takes the metrics provided by Prometheus and displays them in beautiful graph dashboards. TraPrAlGra includes 4 preconfigured dashboards to serve different use cases:\n\n- **Docker Containers**: Displays graphs about metrics collected from Docker containers that are not part of the monitoring stack.\n- **Docker Host**: Displays graphs of the server's hardware usage, and general machine stats such as uptime .\n- **Monitor Services**: Displays graphs about the monitoring containers and Prometheus' own generated metrics.\n- **Traefik**: Displays graphs generated out of Traefik's metrics such as HTTP status codes and average response times.\n\n## Prerequisites\n\nTo use TraPrAlGra you need the following:\n\n- A domain\n- A server with installed `docker` and `docker-compose`\n- An Alertmanager compatible receiver (this repo already includes a template for Slack)\n\n## Configuration guide\n\n1. Clone this repository to your machine: `git clone git@github.com:sebastianwachter/TraPrAlGra.git`\n2. Create a Docker network called \"proxy\": `docker network create proxy`. This is the network your services use to get proxied by Traefik.\n3. Restrict the `acme.json`'s permissions to 600: `chmod 600 acme.json`\n4. In the `traefik.yml` file fill in your E-Mail address where it's required (this must be the same address in both cases).\n5. Generate a http basic auth user + password pair by using: `htpasswd -nb \u003cuser\u003e \u003cpassword\u003e` and copy the output.\n6. Open the `.env` file and replace the placeholders (`TRAEFIK_DASHBOARD_USER` and `TRAEFIK_DASHBOARD_PASSWORD`) with the data generated in step 5.\n7. Still in `.env` replace `TRAEFIK_DOMAIN` with your domain like: `example.com`\n8. Also in the `.env` file decide (`TRAEFIK_LE_RESOLVER`) whether you want to use the `staging` or the usual Let's Encrypt resolver (`leresolver`). The `staging` server generates invalid self-signed certificates used for development purposes while the `leresolver` generates A+ rated SSL certificates but doing this too often in a short period of time will get this domain rate limited ([further read on rate limits here](https://letsencrypt.org/de/docs/rate-limits/)).\n9. As a final step in the `.env`: Replace the `GF_SECURITY_ADMIN_PASSWORD` placeholder with a password in plain text. This will be used to log in to Grafana.\n10. Create an incoming webhook for your slack workspace using [this guide](https://slack.com/intl/en-de/help/articles/115005265063-Incoming-WebHooks-for-Slack) and paste the generated URL in the `api_url` field in `./alertmanager/config.yml`. If you don't want to use slack as a receiver for monitoring alerts [here](https://github.com/prometheus/alertmanager/blob/master/doc/examples/simple.yml) are some alternative examples.\n11. Run `docker-compose up -d`\n12. Profit!\n\n## Running a service inside TraPrAlGra\n\nIf you want to run any dockerized service inside of TraPrAlGra all you need to do is to set up some labels in your `docker-compose.yml` for that service. For example running a NGINX container that serves static HTML might look like this:\n\n```yaml\nversion: '3.3'\n\nservices:\n  my-container:\n    image: my-container:latest\n    restart: unless-stopped\n    container_name: my-container\n    security_opt:\n      - no-new-privileges:true\n    networks:\n      - proxy\n    labels:\n      - \"traefik.enable=true\"\n      - \"traefik.http.routers.my-container.rule=Host(`sub.domain.tld`)\"\n      - \"traefik.http.routers.my-container.tls.certresolver=leresolver\"\n      - \"traefik.http.routers.my-container.entrypoints=websecure\"\n      - \"traefik.http.routers.my-container.middlewares=secure-compress@file\"\n      - \"traefik.http.services.my-container.loadbalancer.server.port=80\"\n      - \"traefik.docker.network=proxy\"\n\nnetworks:\n  proxy:\n    external: true\n```\n\nLet's break it down:\n\n- The network block at end end enables the container to connect to the external **proxy** network\n- `\"traefik.enable=true\"`: explicitly tell Traefik to be the router for this container\n- `\"traefik.http.routers.my-container.rule=Host(```sub.domain.tld```)\"`: sets the route to which this container should be available on the internet\n- `\"traefik.http.routers.my-container.tls.certresolver=leresolver\"`: define the Let's Encrypt resolver of this container's SSL certificates (can be either `staging` or `leresolver`)\n- `\"traefik.http.routers.my-container.entrypoints=websecure\"`: set the entrypoint used by the container. Always set this to `websecure` since this is the https entrypoint and all http traffic gets redirect to https anyways\n- `\"traefik.http.routers.my-container.middlewares=secure-compress@file\"`: set some basic http headers and compress the response. You can always use this line whenever you want this behaviour (also check the headers in the `config.yml` file)\n- `\"traefik.http.services.my-container.loadbalancer.server.port=80\"`: set the port that this container uses for its communication. Replace the `80` in this example with the port number.\n\n## Future features\n\nIn the future TraPrAlGra should also support multiple domains using wildcard certificates since Traefik basically supports those but I still have to try out how to configure it. Further read [here](https://docs.traefik.io/https/acme/#wildcard-domains).\n\n## Special thanks\n\n- @stefanprodan for [dockprom](https://github.com/stefanprodan/dockprom)\n- @containous for [Traefik](https://github.com/containous/traefik)\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsebastianwachter%2Ftrapralgra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsebastianwachter%2Ftrapralgra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsebastianwachter%2Ftrapralgra/lists"}