├── .env ├── .github ├── ISSUE_TEMPLATE.md └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── LICENSE ├── README.md ├── docker-compose.yml ├── influxdb └── init-influx.sh ├── kong ├── certificates │ ├── example-external.crt │ ├── example-external.key │ ├── example-internal.crt │ ├── example-internal.key │ └── root-ca-internal.crt ├── kong.config.sh └── konga.config.js ├── letsencrypt-nginx ├── docker-compose-challenge.yml ├── docker-compose-dojot-https.yml ├── nginx-challenge.conf └── nginx-dojot-https.conf ├── monitoring ├── README.md ├── alertmanager │ └── alertmanager.yml ├── docker-compose-monitoring.yaml ├── grafana │ ├── defaults.ini │ └── provisioning │ │ ├── dashboards │ │ ├── ContainerMetrics.json │ │ ├── InfluxDB.json │ │ ├── KafkaExporterOverview.json │ │ ├── KongOfficial.json │ │ ├── Overview.json │ │ ├── RabbitMQOverview.json │ │ ├── SystemMetrics.json │ │ ├── VerneMQNodeMetrics.json │ │ ├── dashboards.yml │ │ └── mongodb.json │ │ └── datasources │ │ └── datasource.yml ├── loki │ └── loki.yml ├── prometheus │ ├── prometheus.rules.yml │ └── prometheus.yml └── promtail │ └── promtail.yml ├── postgres └── init-db.sh ├── secrets ├── .KONG_PASSWORD ├── .POSTGRES_PASSWORD ├── MINIO_ACCESS_KEY ├── MINIO_SECRET_KEY └── create_secrets.sh └── self-signed-certificate-nginx ├── docker-compose-dojot-https-self-signed-certificate.yml └── nginx-dojot-https-self-signed-certificate.conf /.env: -------------------------------------------------------------------------------- 1 | COMPOSE_PROJECT_NAME=dojot 2 | FLOWBROKER_NETWORK=flowbroker 3 | DATA_BROKER_SERVICE_PORT=80 4 | 5 | 6 | ###### Dojot Version settings ############## 7 | # Define the version to be used in the dojot images 8 | ## Attention, just changing the version may not be enough, 9 | ## since each dojot version has its own deployment (docker-compose.yml) 10 | DOJOT_BACKEND_VERSION=v0.8.0 11 | DOJOT_FRONTEND_VERSION=v0.8.0 12 | 13 | MINIO_BUCKET_SUFFIX=cpqd.dojot. 14 | 15 | ###### Defines the domain name for the dojot ###### 16 | DOJOT_DOMAIN_NAME=localhost -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | * **I'm submitting a ...** 2 | - [ ] bug report 3 | - [ ] feature request 4 | - [ ] support request 5 | 6 | 7 | * **Do you want to request a *feature* or report a *bug*?** 8 | 9 | 10 | 11 | * **What is the current behavior?** 12 | 13 | 14 | 15 | * **If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem** 16 | 17 | 18 | 19 | * **What is the expected behavior?** 20 | 21 | 22 | 23 | * **What is the motivation / use case for changing the behavior?** 24 | 25 | 26 | 27 | * **Please tell us about your environment:** 28 | 29 | - Version: 0.2.x 30 | - Docker version: 31 | - Operating system: [Ubuntu 16.04, Fedora 28, Ubuntu on VirtualBox (Windows 10), etc.] 32 | 33 | 34 | * **Other information** (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc) 35 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | * **Please check if the PR fulfills these requirements** 2 | - [ ] Tests for the changes have been added (for bug fixes / features) 3 | - [ ] Docs have been added / updated (for bug fixes / features) 4 | 5 | 6 | * **What kind of change does this PR introduce?** (Bug fix, feature, docs update, ...) 7 | 8 | 9 | 10 | * **What is the current behavior?** (You can also link to an open issue here) 11 | 12 | 13 | 14 | * **What is the new behavior (if this is a feature change)?** 15 | 16 | 17 | 18 | * **Does this PR introduce a breaking change?** (What changes might users need to make in their application due to this PR?) 19 | 20 | 21 | * **Is there any issue related to this PR in other repository?** (such as dojot/dojot) 22 | 23 | 24 | * **Other information**: 25 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | *.pdf 3 | *.html 4 | 5 | .idea/ 6 | node_modules 7 | build/ 8 | .vscode/ 9 | .history/ 10 | 11 | secrets/MINIO_ACCESS_KEY 12 | secrets/MINIO_SECRET_KEY -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Dojot Deploy - Docker Compose 2 | 3 | This deployment option is best suited to development and functional environments. For production environment we recommend to use [Kubernetes](https://github.com/dojot/ansible-dojot). 4 | 5 | ## Getting Started 6 | 7 | This repository contains the necessary configuration files for quick deployment of the Dojot Platform using `docker-compose`. 8 | 9 | ### Requirements 10 | 11 | * Docker Engine >= 19.03 (Installation [here](https://docs.docker.com/engine/install/)) 12 | * Docker Compose >= 1.28 (Installation [here](https://docs.docker.com/compose/install/)) 13 | > __Note__: All tests were performed with Docker CE on Ubuntu [18.04](https://releases.ubuntu.com/18.04/) and [20.04](https://releases.ubuntu.com/20.04/). 14 | 15 | 16 | ## Usage 17 | 18 | Before running this deployment it's necessary to define your domain name or IP in [.env](./.env) file, in the `DOJOT_DOMAIN_NAME` variable. 19 | 20 | To start the containers, the following profiles are available: 21 | 22 | - basic (minimum services) 23 | - mongodb-pesistence 24 | - data-processing 25 | - cron-job 26 | - x509-certificates 27 | - front-end 28 | - lwm2m-iot-agent 29 | - device-management 30 | - api-gateway 31 | - user-management 32 | - data-processing-context 33 | - websocket-real-time 34 | - iot-agent-mqtt 35 | - iot-agent-http 36 | - import-export-configuration 37 | - influxdb-persistence 38 | - file-management 39 | - complete (all services) 40 | 41 | Start the containers with the minimum services using the command below: 42 | ```bash 43 | docker-compose --profile basic up --detach 44 | ``` 45 | Or start all services with below command: 46 | ``` 47 | docker-compose --profile complete up --detach 48 | ``` 49 | 50 | > __Note__: To get completely ready, **healthy** :green_heart:, all services in this `docker-compose` take an average of at least `12 minutes`. 51 | 52 | For instructions on how to get it up and running, please check [Installation Guide](https://dojotdocs.readthedocs.io/en/latest/installation-guide.html#docker-compose). **Always change the ``admin`` user password to a suitable password and keep it safe.** 53 | 54 | Both are available in the [Docker Official Site](https://docs.docker.com/install/). 55 | 56 | ### How to run dojot with HTTPS 57 | 58 | #### Secure dojot with Let's Encrypt (recommended) 59 | 60 | To get dojot running with https, at least for the purposes of this guide, you **MUST** ensure 61 | you have set up a static public IP address for your server and registered a domain for it. Then 62 | just follow the next steps. 63 | 64 | Firstly, configure a temporary [Nginx](https://www.nginx.com/) server that only runs 65 | on HTTP and gives the [Certbot](https://certbot.eff.org/) tool write access for the following 66 | endpoint: http:///.well-known/acme-challenge/{token}. This endpoint will be used 67 | to answer Let's Encrypt CA's challenge, which is part of the process of getting a certificate 68 | for your server. 69 | 70 | To make the things easier, there is a docker-compose configuration file in 71 | letsencrypt-nginx/docker-compose-challenge.yml. **But, before starting it, change the 72 | file letsencrypt-nginx/nginx-challenge.conf, replacing **** tag by your registered domain**. 73 | Then spin up Nginx: 74 | 75 | ```bash 76 | # Go to the repository letsencrypt-nginx 77 | cd letsencrypt-nginx 78 | # Start the Nginx container 79 | sudo docker-compose --file docker-compose-challenge.yml up --detach 80 | ``` 81 | 82 | The next step is to run Certbot tool. **Change the command bellow to use your 83 | email address and your domain, and just run it**. 84 | 85 | ```bash 86 | sudo docker container run -it --rm \ 87 | -v /dojot/etc/letsencrypt:/etc/letsencrypt \ 88 | -v /dojot/var/lib/letsencrypt:/var/lib/letsencrypt \ 89 | -v /dojot/letsencrypt-site:/data/letsencrypt \ 90 | -v /dojot/var/log/letsencrypt:/var/log/letsencrypt \ 91 | certbot/certbot \ 92 | certonly --webroot \ 93 | --email --agree-tos --no-eff-email \ 94 | --webroot-path=/data/letsencrypt \ 95 | -d 96 | ``` 97 | 98 | If everything ran successfully, stop the temporary Nginx server because it is no more necessary: 99 | 100 | ```bash 101 | sudo docker-compose --file docker-compose-challenge.yml down 102 | ``` 103 | 104 | Now you have a certificate for your domain. The next step, is to configure a 105 | Nginx to receive the https requests and redirect the traffic to dojot's api gateway. 106 | 107 | This Nginx service is specified in the docker-compose file 108 | letsencrypt-nginx/docker-compose-dojot-https.yml. It MUST run in the same network of 109 | other dojot's services. So before starting it, change the network in the configuration 110 | if necessary and replace the tag **** by the your registered domain 111 | in the files: letsencrypt-nginx/docker-compose-dojot-https.yml and letsencrypt-nginx/nginx-dojot-https.conf. 112 | Then spin up Nginx: 113 | 114 | ```bash 115 | sudo docker-compose --file docker-compose-dojot-https.yml up --detach 116 | ``` 117 | 118 | Now, open up a browser and visit https://. You should see the dojot's graphical interface. 119 | 120 | Periodically, you need to renew the certificate. The process is very simple, run a Certbot command 121 | and restart the Nginx. To automate it with a cron job, run: 122 | 123 | ```bash 124 | # open crontab editor 125 | sudo crontab -e 126 | ``` 127 | 128 | Place the following at the end of the file, then close and save it. 129 | 130 | ```bash 131 | 0 23 * * * docker container run --rm --name certbot \ 132 | -v "/dojot/etc/letsencrypt:/etc/letsencrypt" \ 133 | -v "/dojot/var/lib/letsencrypt:/var/lib/letsencrypt" \ 134 | -v "/dojot/data/letsencrypt:/data/letsencrypt" \ 135 | -v "/dojot/var/log/letsencrypt:/var/log/letsencrypt" \ 136 | certbot/certbot renew --webroot -w /data/letsencrypt --quiet && docker restart https-nginx 137 | ``` 138 | 139 | The above command will run every night at 23:00, renewing the certificate and forcing Nginx to restart 140 | if the certificate is due for renewal. 141 | 142 | #### Secure dojot with self-signed certificate 143 | 144 | To get dojot running with https with self-signed certificate, the domain/ip must be accessible where dojot is running and inside the docker network. 145 | 146 | As prerequisites this uses [OpenSSL](https://www.openssl.org/). 147 | 148 | On Debian-based Linux distributions, you can install these prerequisites by running: 149 | 150 | ``` sh 151 | sudo apt install openssl 152 | ``` 153 | 154 | After installing the prerequisites if necessary, generate certificates 155 | 156 | ```sh 157 | cd self-signed-certificate-nginx 158 | openssl req -x509 -nodes -newkey rsa:2048 -days 365 \ 159 | -keyout dojot-nginx-certificate.key -out dojot-nginx-certificate.crt -subj '/CN=**,**' \ 160 | -addext 'subjectAltName=DNS:**,IP:**' 161 | 162 | Example: 163 | openssl req -x509 -nodes -newkey rsa:2048 -days 365 \ 164 | -keyout dojot-nginx-certificate.key -out dojot-nginx-certificate.crt -subj '/CN=dojot_CPQD' \ 165 | -addext 'subjectAltName=DNS:gcp-eun-doc,IP:10.233.48.15' 166 | ``` 167 | 168 | Now you have a certificate. The next step, is to configure a 169 | Nginx to receive the https requests and redirect the traffic to dojot's api gateway. 170 | 171 | This Nginx service is specified in the docker-compose file 172 | self-signed-certificate-nginx/docker-compose-dojot-https-self-signed-certificate.yml. It MUST run in the same network of 173 | other dojot's services. 174 | 175 | ```bash 176 | sudo docker-compose --file docker-compose-dojot-https-self-signed-certificate.yml up --detach 177 | ``` 178 | 179 | Open up a browser and visit https://. 180 | 181 | You should see an error message telling the connection is not safe. 182 | 183 | Now you need to click on the warning botton next to your IP address. 184 | 185 | Then click in the option telling the certificate is not valid. 186 | 187 | Enter in details tab and export the certificate adding extension ".crt" . 188 | 189 | The next step, it is upload the certificate (that you exported) in your browser. 190 | 191 | ```bash 192 | *Chrome* 193 | 194 | Settings -> Privacy and Security -> Security -> Manage certificates -> Autorities -> Import 195 | 196 | Choose the saved file (example: dojot_CPQD.crt) 197 | 198 | Check all the options in the box and click OK 199 | 200 | Reload the connection in the browser and now your connection is safe and the certificate is recognized by the browser. 201 | 202 | ``` 203 | 204 | ```bash 205 | *Firefox* 206 | The certificate is recognized by the browser automatically 207 | ``` 208 | 209 | If you will use http-agent to send message with self-signed certificate, it is necessary configure the `http-agent-cert-sidecar` environment variable `CERT_SC_CERTS_HOSTNAMES` including the `server IP` and `server name` 210 | 211 | ```sh 212 | Example: 213 | CERT_SC_CERTS_HOSTNAMES: '["http-agent", "${DOJOT_DOMAIN_NAME:-localhost}", "", ""]' 214 | ``` 215 | 216 | > __Note__: *It is very important to include the quotes in the server IP and server name* 217 | 218 | Now, apply the changes running: 219 | 220 | ```sh 221 | docker-compose --profile complete up -d 222 | ``` 223 | 224 | If you will use iotagent-mqtt to send message with self-signed certificate, it is necessary configure the `iotagent-mqtt-cert-sidecar` environment variable `CERT_SC_CERTS_HOSTNAMES` including the `server IP` and `server name` 225 | 226 | ```sh 227 | Example: 228 | CERT_SC_CERTS_HOSTNAMES: '["iotagent-mqtt", "${DOJOT_DOMAIN_NAME:-localhost}", "", ""]' 229 | ``` 230 | 231 | > __Note__: *It is very important to include the quotes in the server IP and server name* 232 | 233 | Now, apply the changes running: 234 | 235 | ```sh 236 | docker-compose --profile complete up -d 237 | ``` 238 | -------------------------------------------------------------------------------- /influxdb/init-influx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu -o pipefail 4 | 5 | HOST=${HOST:-"http://influxdb:8086"} 6 | DEFAULT_USER=${DEFAULT_USER:-"dojot"} 7 | DEFAULT_PASSWORD=${DEFAULT_PASSWORD:-"dojot@password"} 8 | DEFAULT_TOKEN=${DEFAULT_TOKEN:-"dojot@token_default"} 9 | DEFAULT_ORGANIZATION=${DEFAULT_ORGANIZATION:-"admin"} 10 | DEFAULT_BUCKET=${DEFAULT_BUCKET:-"devices"} 11 | # This retention is only for the organization `DEFAULT_ORGANIZATION` created when starting influxdb. For other retentions it is necessary to use an environment variable in the influxdb-storer. 12 | # It is considered only the first time that InfluxDB is started. 13 | DEFAULT_RETENTION=${DEFAULT_RETENTION:-"7d"} 14 | # Valid units are nanoseconds (ns), microseconds (us or µs), milliseconds (ms), seconds (s), minutes (m), hours (h), days (d), weeks (w) and 0 is infinite retention 15 | 16 | influx setup \ 17 | --force \ 18 | --host "$HOST" \ 19 | --username "$DEFAULT_USER" \ 20 | --password "$DEFAULT_PASSWORD" \ 21 | --org "$DEFAULT_ORGANIZATION" \ 22 | --bucket "$DEFAULT_BUCKET" \ 23 | --token "$DEFAULT_TOKEN" \ 24 | --retention "$DEFAULT_RETENTION" 25 | 26 | echo "Successfully initialized InfluxDB..." 27 | 28 | HOST=${HOST:-"http://influxdb:8086"} 29 | DEFAULT_USER="admin_dojot" 30 | DEFAULT_PASSWORD="admin@dojot" 31 | 32 | 33 | influx user create \ 34 | --host "$HOST" \ 35 | --name "$DEFAULT_USER" \ 36 | --password "$DEFAULT_PASSWORD" \ 37 | # --skip-verify 38 | # --org "$DEFAULT_ORGANIZATION" \ 39 | # --bucket "$DEFAULT_BUCKET" 40 | 41 | echo "User admin_dojot created..." 42 | 43 | exit 0 44 | -------------------------------------------------------------------------------- /kong/certificates/example-external.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFWzCCBEOgAwIBAgISAzJ/3huPMq/alLnnMAALB/7uMA0GCSqGSIb3DQEBCwUA 3 | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD 4 | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA1MDgyMjQ5MzlaFw0y 5 | MDA4MDYyMjQ5MzlaMBwxGjAYBgNVBAMTEWVudjIuZG9qb3QuY29tLmJyMIIBIjAN 6 | BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvK9K1Skrp586zSjIdkZvOsT8Vod5 7 | UpywRpYOb37xgd4nZHtD0LJOn1qTn0EA/l+ROqlkFAY1G4EdXS624aKVWiHy1wuK 8 | 67joRjEwA9Vl1CvpcHVGHKZSxjS35pl4j5yaKbJNVyUGpLh4/gMNOyc5arlZ6EOT 9 | YHITWO69+xiQ+4qYdUIb512reqmvvfspdks6m57vb90eo9L5syApcATFKo794xwu 10 | hcmo9vDQoX7lU5rMedBN0KLDp8JxEhEVYdsdzpoZRIq2CVQd3FYXB0IV0zFMPlpC 11 | 5ueoTu0tOsZL8vR8SPXNqdbBV7ZNNvfMlDg8i7AxHeaGlJ2vCQOffCLsuwIDAQAB 12 | o4ICZzCCAmMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr 13 | BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSBxoHzx66xz4NLJOYdPl5W 14 | wZf/RDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB 15 | AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw 16 | dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw 17 | dC5vcmcvMBwGA1UdEQQVMBOCEWVudjIuZG9qb3QuY29tLmJyMEwGA1UdIARFMEMw 18 | CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j 19 | cHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA8JWk 20 | WfIA0YJAEC0vk4iOrUv+HUfjmeHQNKawqKqOsnMAAAFx9rHMGgAABAMASDBGAiEA 21 | 53l5yLculYOPBcaHUXZJDSkcWtB0z2TU/UGdbiXxC/4CIQCAjrX6TfDE/OFSUjL9 22 | qxZA4Cv0Pc/08QBO/+pNJYDbJAB2AAe3XBvlfWj/8bDGHSMVx7rmV3xXlLdq7rxh 23 | Ohpp06IcAAABcfaxzGsAAAQDAEcwRQIhAMqenC8N0enlYUPJM2ZTr8uKGs3IY4zv 24 | 1WysFTB8PiYcAiA8ctdUvEfGObY9ccSPEuzie9B8OsxDkxhxuvJM9L4QbjANBgkq 25 | hkiG9w0BAQsFAAOCAQEAJOBW+5sAQSpfOgMTuqljXHcPxZz4UCEnL1r9tMktUNnN 26 | PM0xtjqX6hdNfXe5kzucmw/3JQ0MLfRB8bgKtPLvKqy79RUrqpNcqztCWNqJ8V/D 27 | 18eJO8AJsU/rw27jtdy0qn9erWM+PPz/M+r8wD6s1axr9R/DIjwTRQ1I+X92SURF 28 | /VRBPuTvrXgit2zrmZ1UAeTOru//nYIPXPrKZN1OkPw/jlO7QB80NeaP5PcklYCY 29 | 6K+WoyHBhNPTxyvW7iy5eoPcpdQ72h162OfX6f/qLOpX7GOKOsDqmdfT2EcJlKvb 30 | 0T31H8o1sNiy6HHZ5gmh7lG33R9yPQDmHs3YUGmmyw== 31 | -----END CERTIFICATE----- 32 | -----BEGIN CERTIFICATE----- 33 | MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ 34 | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT 35 | DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow 36 | SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT 37 | GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC 38 | AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF 39 | q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 40 | SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 41 | Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA 42 | a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj 43 | /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T 44 | AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG 45 | CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv 46 | bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k 47 | c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw 48 | VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC 49 | ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz 50 | MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu 51 | Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF 52 | AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo 53 | uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ 54 | wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu 55 | X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG 56 | PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 57 | KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== 58 | -----END CERTIFICATE----- 59 | -------------------------------------------------------------------------------- /kong/certificates/example-external.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC8r0rVKSunnzrN 3 | KMh2Rm86xPxWh3lSnLBGlg5vfvGB3idke0PQsk6fWpOfQQD+X5E6qWQUBjUbgR1d 4 | LrbhopVaIfLXC4rruOhGMTAD1WXUK+lwdUYcplLGNLfmmXiPnJopsk1XJQakuHj+ 5 | Aw07JzlquVnoQ5NgchNY7r37GJD7iph1QhvnXat6qa+9+yl2Szqbnu9v3R6j0vmz 6 | IClwBMUqjv3jHC6Fyaj28NChfuVTmsx50E3QosOnwnESERVh2x3OmhlEirYJVB3c 7 | VhcHQhXTMUw+WkLm56hO7S06xkvy9HxI9c2p1sFXtk0298yUODyLsDEd5oaUna8J 8 | A598Iuy7AgMBAAECggEBAJY0CSNVie3/QOUPIT2eZm9nXuVXJUqRd3ZJgCZb7M+Q 9 | VNWVlu+s8g/DIB83tR3KYCdNr2CNbHt/tit2w5ktPy2oNtPf2XA7G5S9FVcH6u8T 10 | IdsnUHAAK4ajcv48kA/q/4JP8Wd9DyPTwmWbck3ztK5z7NGL8edmCGbUbyJTdR73 11 | 3zbR/5SFhSOVZNs6OKSbHH8OkmpqVzhem8rBsRTdnXkBzYk9QB1ptozWMRGy5g/i 12 | gUT/61Ro68Q0RM7JhcPJYgjKCWyOANhHFHblKt6SO2pohxJJi9Bh93rKdCgBekKs 13 | 1N3YypVYqkryZsyVUYl2DeRQoQNVl5ikNNm+JReIMJkCgYEA8oC+BNS6+20SPsBu 14 | UVs9PhDpXbOdHIS/Zet6TTKgryp8zVdCK2lWd6a/D8DUdT7ambSKq64vGBorFprH 15 | kZppalcI4v6EFLEUF3ttUbjnaQoW9DAM328IhbPpGwqmJ5lVrS9bWQ4qhnlw12cn 16 | CUF/wRAZ3yPw1Q/ukkzvClNFSecCgYEAxy+7XWbDtoyjs5+mjB9fuxATHOVwqZJ5 17 | TWDSEVcJPzrxc+iYBZnBI7poBk+0gMzRMLeOYcxN6k6t3cpG0XHSfIXwdujmXryN 18 | oSOALjF2LaxLZrV6jnLQStf4YgqR0x6tf2myM/agaTERUL1rNVZD9JvZB0m9HKF5 19 | WXGQSZWi9A0CgYEA0Eln7HpTR9T9EMzzdAlr5r1b09GMJoyWYJIK7/eGMC3MGArU 20 | mLjXPdoIzR0Q3stnsxFw8digNpFzZOz4cMUxudabmWyGQcd+vFSVJtYsXPn/kSkc 21 | RWT26vAGTeWtpOF8x02fpjQWrn3sP/cnfjm14ztTHWefWUFf5mUSA8pV/w0CgYEA 22 | r2EvsAWTvWAHo1im5CmbuLFmosLCeAwoEiF11R61XZ8gidX6RLQkgrjWbvgvDllI 23 | t4RnMWUaFXxBSk+YG0IE+u9T0t8uN6v9aCxB6GpUi9JwcXbI+jPNgpi2clysGR+h 24 | 09XUujwk8XnqrRSbGNNj8jRm2yvp/xOOLVr4mFHQsOECgYEAqa5Jok5ssCyYjsbS 25 | upagI1hXUmB/2efiksIDcD3uH7W8h8geKNnl/IHem2Hw01xDAXUwKd/t5vHE3tQA 26 | +E+I7O/iOFXjlk99tJPntmL8NoNQnNwzRqU2QQzbXBaet+xsg8nMvVsEqsxD9Pq+ 27 | wtfUUB5+nTn3D1fq+u0BL3SuEQA= 28 | -----END PRIVATE KEY----- -------------------------------------------------------------------------------- /kong/certificates/example-internal.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFTTCCAzWgAwIBAgIITICUuUC2IeUwDQYJKoZIhvcNAQELBQAwNDERMA8GA1UE 3 | AwwISU9UbWlkQ0ExEjAQBgNVBAoMCUVKQkNBIElPVDELMAkGA1UEBhMCU0UwHhcN 4 | MjAwMjIxMTc1MDQ5WhcNMjExMjAyMTc1MDQ5WjA0MREwDwYDVQQDDAhJT1RtaWRD 5 | QTESMBAGA1UECgwJRUpCQ0EgSU9UMQswCQYDVQQGEwJTRTCCAiIwDQYJKoZIhvcN 6 | AQEBBQADggIPADCCAgoCggIBALH8V6I/dJeQddZlcZ+g2IM38NnOdafRqFLZ3SBo 7 | FAygTljZexamgmPscIQEN3qQolejBb1XW9kUeMkHxfOWd92fwT3AtIhvZn/gu6GS 8 | 0sTQyS8fyvwX+ZmNhN8VIZrNdVdvEvmpu4YbXAWF0a00maEfmA+4gsb6zKhKKA16 9 | 1QODUPLIEu+8BLASL5nGdVDNVOvcHz5Birbcb4ITf7PNmfRf1t+bTWpulxuFuGEL 10 | fm4egu/y9vxdayWnuJL5UrdqRd+NWqiEIWJDgNNj4u7zyLNpvqFhqOklBERNf6sR 11 | ntIvkoGSsNlKQOSj8Ablt1sZYMh5w8aD3jgR9KcovAkWB2L0EIMzcD/4zcaL/gs/ 12 | 46b0BH/O1dfRz/5Mjp4YMCfDK4LSgYGmiaYR3CUs10e+YuZ4oquHNhaKFvaKnOeI 13 | a+ocNzmriSKC6uxyGEhHmFwFmMaX/eFXUVPQJUwSBRF12oQxlLScKgzC+KDZcciq 14 | 94de78VTVtCL0peuNIXhMHO/Edn63uwgvoz3EdcPCBIjLI96/Fm3Ku9/YOHh8ONf 15 | aLZ6RMN5F1Q/xRGuPAo0xvlbJ28YwsPSYqJOq7t9ipIIzgp7e77kmgAx5ZitjS5C 16 | tIKMPs76owUASFrH6XKp8TFqLmxff0c8y7Nlp2egNVfnTSBZZsOfLd2OeTj5QFdZ 17 | UOKdAgMBAAGjYzBhMB0GA1UdDgQWBBTAMre+6zaCUzYnx55r2+sjk2lr9jAPBgNV 18 | HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFMAyt77rNoJTNifHnmvb6yOTaWv2MA4G 19 | A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAKomIzaK3TKd9ohW50X1B 20 | iUlpV5SgDcvRb2Qj0MwUCxLgEHXbj5YlsPA+lZVC3zw27zOghPENxG02MlLUxYs4 21 | kHoFhMIv3wt+uBT/ccx9Es5eVH7D1v2P5qxdsPK/tjqwMEgXhlXtIS6YcbLRtvdI 22 | PwFGVjapDx2Fk+Hj8PsK8K7JCycE32kcOuXxHBbqH1RvptL02BS+oJgFlrxwd5YT 23 | TNuw4UAWvANXC6D6H05cpnKD5kHXFRhslhfRPJ5kVDrAwIUPghFz3TRiKvcTZBJb 24 | Gxz7KIV7/4Tf0im9X2/ew+qEz4apsuzW0KG37Zed0zrAnUB+2zk8F05FGY8z/88b 25 | 4tvKz8njgtEbuU7cTXNzfpXrhdgJynkTM1Qwukvon3PZX75Z+Ywd/Aq0+dTzmxhY 26 | Fj+rE/R6RGSCyFUK2KTM0AZ2lx32HO/RvTz+vAty5pexviIvdQR/p6R6KkGG5xMu 27 | tU9LQzw5V/l/QQA5xuBoJ8hFsvOqaZdgmrJtHEI4UCPiwnt9t2YLxsCwVkFcjYCC 28 | T6ZVJADbTGTr8jQOUDJfJYebiC5auPlpBDQDGaNfaK7aB1dLaBv0c0V70GbHzDOf 29 | 4QRLdKK1beQPr7Wj9HSV0fX+pIP2V4MmmBrQxXdEJmPFiUrqmjD4kv3cOMCEiNBl 30 | 3SGNL5ghBRnUL3M6z1ksam4= 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /kong/certificates/example-internal.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA02CwUzlEHEdIIOuPTUPoTIjx2x2iiKZGGrPkKL0sh8N9G8IC 3 | c7mL/VmJp134NgJBZHqQhdiSVBm4+aLXQgsVZp93dqBXa5B8MlR3NeqRS8PywZ+C 4 | CNbj2PYB4hu2BiCXjgAGVA0muaYmwTMK0HBI+0B8KGfJ62uw5iDgBKzycntR+Toh 5 | XWsh4n/NEeq0VzGDDPxVicdr2gzDH1jZdl+y/l8JDVH2G3pUni24wf5ASu5Kyhek 6 | js3zelCoSFjr7wKi/0AOkXmUU8fvtm/taPIrbtymr9ryTLmMh8mVUOrxhWvZQTOO 7 | zswI/VMvD16fMul/ZVF8hX754lfYIofzMiDrpQIDAQABAoIBACJlEUv5fYO8dZgl 8 | vGOuMRaDEhe9cr0ZkT63FuEqJxzQSoNBxnReNNE8yJFbURA4vbtD1lBxNR5KMTct 9 | sCkm9IyGVkIPRSpTkGIALIWxbYMOl2m6MsaNcPXU0emg6LWGiCKrDlyO50Y+KwA0 10 | 9gWEv9tiWtGYUdrk4xwPLWSVX74Q1ywLFVKYXge6AclGy9AW2dRXlONwB/X6PK8F 11 | iwwZ1VW4ahMg4+5XAy1xpnniLDnSS/JJ/EFm/KpNA1iHWV9tzDS2f08wFcIfCph+ 12 | prTLARJqOpF8r3HolpeCQi7ReZhGqzx8qqom8U7lyGq9cuyFMK8fYGVOn3JW+Mto 13 | OaW7LAECgYEA9dRO6selpa9/8a6CIz4RyfMcvlluIdggk2BSDn8b9k6gdlGFEdwd 14 | l2lKuXglF8L0u33eCARTF5EAXqtJPcNFE+VVIo0K9NgkP3NhK5ej1ZhdexI8V2Td 15 | m7jNhWdGbGq6B27cxgLfSdLym2qaVMynAVNRgws3S8jToKMHRzTqWeECgYEA3B98 16 | wLkp6Ue9Xz8Y7834HXcsw6vo3AMFqj4b3lLBHCUjyZMD1wPBuExkiRgXnot3mMpC 17 | GLb1DEbM+7N3VzPTjqgpDIdsZEd6q0ejCY+Vouk8/HmITh7IuU3obsIvXFkal/B+ 18 | LLCdijZOWT+b0xciGnxknobJY/IvQZ6XBSYA8kUCgYEAtvdgDWqvJZRr++vQvH5U 19 | KyUhPaO+Tr5X8Jj+Of/tRfPbhnTCQDq+Y5Vgoo6DvR3DnVDfUsQ1PBMWXV/LUYbn 20 | ARnttZuYjgfZYshziEiDDlUrLpCyDLHsJxzzCtmFFuiQsTuYYmB85Kt3GqnLWFZB 21 | 7sCeqJROgb9lk+gDYMJHssECgYBQtt8I0By1JJAk/78GF7F2JH/uk/fDzPvjy/hu 22 | EkwrJNc1j8nlqsP671AiEQqAIUXOacPIyjWatc9uMAV/nUpi0fiTVokBUFCDw7Xd 23 | yJ+m5/1r2qiHdLRHdnDXRC8XnriopA+wFWb/CiC6ix95TM89hQVkN6pbErAPULax 24 | tZi9PQKBgQCAUw2+rSSfidxw8BlC91nAdE0dd0APSISAsD4I2Sgvk+CC17ONytZb 25 | Q9n7qbgnxEkG5RrNCu5L1VVsdGnKGCGGsmHYDsSpiZhw+zV43ZIHJSfxDZi5bdrE 26 | PK0nz/HlYfd45xy1/+GwA21+mXrwLJmpWoXMEJmDtVnpCR4+eKwjow== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kong/certificates/root-ca-internal.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFTTCCAzWgAwIBAgIITICUuUC2IeUwDQYJKoZIhvcNAQELBQAwNDERMA8GA1UE 3 | AwwISU9UbWlkQ0ExEjAQBgNVBAoMCUVKQkNBIElPVDELMAkGA1UEBhMCU0UwHhcN 4 | MjAwMjIxMTc1MDQ5WhcNMjExMjAyMTc1MDQ5WjA0MREwDwYDVQQDDAhJT1RtaWRD 5 | QTESMBAGA1UECgwJRUpCQ0EgSU9UMQswCQYDVQQGEwJTRTCCAiIwDQYJKoZIhvcN 6 | AQEBBQADggIPADCCAgoCggIBALH8V6I/dJeQddZlcZ+g2IM38NnOdafRqFLZ3SBo 7 | FAygTljZexamgmPscIQEN3qQolejBb1XW9kUeMkHxfOWd92fwT3AtIhvZn/gu6GS 8 | 0sTQyS8fyvwX+ZmNhN8VIZrNdVdvEvmpu4YbXAWF0a00maEfmA+4gsb6zKhKKA16 9 | 1QODUPLIEu+8BLASL5nGdVDNVOvcHz5Birbcb4ITf7PNmfRf1t+bTWpulxuFuGEL 10 | fm4egu/y9vxdayWnuJL5UrdqRd+NWqiEIWJDgNNj4u7zyLNpvqFhqOklBERNf6sR 11 | ntIvkoGSsNlKQOSj8Ablt1sZYMh5w8aD3jgR9KcovAkWB2L0EIMzcD/4zcaL/gs/ 12 | 46b0BH/O1dfRz/5Mjp4YMCfDK4LSgYGmiaYR3CUs10e+YuZ4oquHNhaKFvaKnOeI 13 | a+ocNzmriSKC6uxyGEhHmFwFmMaX/eFXUVPQJUwSBRF12oQxlLScKgzC+KDZcciq 14 | 94de78VTVtCL0peuNIXhMHO/Edn63uwgvoz3EdcPCBIjLI96/Fm3Ku9/YOHh8ONf 15 | aLZ6RMN5F1Q/xRGuPAo0xvlbJ28YwsPSYqJOq7t9ipIIzgp7e77kmgAx5ZitjS5C 16 | tIKMPs76owUASFrH6XKp8TFqLmxff0c8y7Nlp2egNVfnTSBZZsOfLd2OeTj5QFdZ 17 | UOKdAgMBAAGjYzBhMB0GA1UdDgQWBBTAMre+6zaCUzYnx55r2+sjk2lr9jAPBgNV 18 | HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFMAyt77rNoJTNifHnmvb6yOTaWv2MA4G 19 | A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAKomIzaK3TKd9ohW50X1B 20 | iUlpV5SgDcvRb2Qj0MwUCxLgEHXbj5YlsPA+lZVC3zw27zOghPENxG02MlLUxYs4 21 | kHoFhMIv3wt+uBT/ccx9Es5eVH7D1v2P5qxdsPK/tjqwMEgXhlXtIS6YcbLRtvdI 22 | PwFGVjapDx2Fk+Hj8PsK8K7JCycE32kcOuXxHBbqH1RvptL02BS+oJgFlrxwd5YT 23 | TNuw4UAWvANXC6D6H05cpnKD5kHXFRhslhfRPJ5kVDrAwIUPghFz3TRiKvcTZBJb 24 | Gxz7KIV7/4Tf0im9X2/ew+qEz4apsuzW0KG37Zed0zrAnUB+2zk8F05FGY8z/88b 25 | 4tvKz8njgtEbuU7cTXNzfpXrhdgJynkTM1Qwukvon3PZX75Z+Ywd/Aq0+dTzmxhY 26 | Fj+rE/R6RGSCyFUK2KTM0AZ2lx32HO/RvTz+vAty5pexviIvdQR/p6R6KkGG5xMu 27 | tU9LQzw5V/l/QQA5xuBoJ8hFsvOqaZdgmrJtHEI4UCPiwnt9t2YLxsCwVkFcjYCC 28 | T6ZVJADbTGTr8jQOUDJfJYebiC5auPlpBDQDGaNfaK7aB1dLaBv0c0V70GbHzDOf 29 | 4QRLdKK1beQPr7Wj9HSV0fX+pIP2V4MmmBrQxXdEJmPFiUrqmjD4kv3cOMCEiNBl 30 | 3SGNL5ghBRnUL3M6z1ksam4= 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /kong/kong.config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | kong="http://apigw:8001" 4 | 5 | # check if kong is started 6 | if curl --output /dev/null --silent --head --fail "$kong"; then 7 | echo "Kong is started." 8 | else 9 | echo "Kong isn't started." 10 | echo "Terminating in 20s..." 11 | sleep 20 12 | exit 1 13 | fi 14 | 15 | # add authentication to an endpoint 16 | addAuthToEndpoint() { 17 | # $1 = Service Name 18 | echo "" 19 | echo "" 20 | echo "- addAuthToEndpoint: ServiceName=${1}" 21 | curl -sS -X POST \ 22 | --url ${kong}/services/"${1}"/plugins/ \ 23 | --data "name=pepkong" \ 24 | --data "config.pdpUrl=http://auth:5000/pdp" 25 | 26 | curl -sS -X POST \ 27 | --url ${kong}/services/"${1}"/plugins/ \ 28 | --data "name=jwt" 29 | } 30 | 31 | # add a Service 32 | # that is the name Kong uses to refer to the upstream APIs 33 | # and microservices it manages. 34 | createService() { 35 | # $1 = Service Name 36 | # $2 = URL (ex.: http://gui:80) 37 | echo "" 38 | echo "-- createService: ServiceName=${1} Url=${2}" 39 | curl -sS -X PUT \ 40 | --url ${kong}/services/"${1}" \ 41 | --data "name=${1}" \ 42 | --data "url=${2}" 43 | } 44 | 45 | # add a Route 46 | # The Route represents the actual request to the Kong proxy 47 | # endpoint to reach at Kong service. 48 | createRoute() { 49 | # $1 = Service Name 50 | # $2 = Route Name 51 | # $3 = PATHS (ex.: '"/","/x"') 52 | # $4 = strip_path (true or false), When matching a Route via one of the paths, strip the matching prefix from the upstream request URL 53 | echo "" 54 | echo "-- createRoute: ServiceName=${1} Url=${2} PathS=${3} StripPath=${4}" 55 | (curl ${kong}/services/"${1}"/routes/"${2}" -sS -X PUT \ 56 | --header "Content-Type: application/json" \ 57 | -d @- ) </fullchain.pem:/etc/letsencrypt/live//fullchain.pem 15 | - /dojot/etc/letsencrypt/live//privkey.pem:/etc/letsencrypt/live//privkey.pem 16 | - /dojot/data/letsencrypt:/data/letsencrypt 17 | networks: 18 | default: 19 | external: 20 | name: dojot_default -------------------------------------------------------------------------------- /letsencrypt-nginx/nginx-challenge.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | listen [::]:80; 4 | server_name ; 5 | 6 | location ~ /.well-known/acme-challenge { 7 | allow all; 8 | root /usr/share/nginx/html; 9 | } 10 | 11 | root /usr/share/nginx/html; 12 | } -------------------------------------------------------------------------------- /letsencrypt-nginx/nginx-dojot-https.conf: -------------------------------------------------------------------------------- 1 | # http:// 2 | server { 3 | listen 80; 4 | listen [::]:80; 5 | server_name ; 6 | 7 | location / { 8 | rewrite ^ https://$host$request_uri? permanent; 9 | } 10 | 11 | #for certbot challenges (renewal process) 12 | location ~ /.well-known/acme-challenge { 13 | allow all; 14 | root /data/letsencrypt; 15 | } 16 | } 17 | 18 | # https:// 19 | upstream kong { 20 | server apigw:8000; 21 | } 22 | 23 | server { 24 | listen 443 ssl http2; 25 | listen [::]:443 ssl http2; 26 | server_name ; 27 | 28 | server_tokens off; 29 | 30 | ssl_certificate /etc/letsencrypt/live//fullchain.pem; 31 | ssl_certificate_key /etc/letsencrypt/live//privkey.pem; 32 | 33 | ssl_buffer_size 8k; 34 | 35 | ssl_protocols TLSv1.2 TLSv1.1 TLSv1; 36 | ssl_prefer_server_ciphers on; 37 | 38 | ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; 39 | 40 | ssl_ecdh_curve secp384r1; 41 | ssl_session_tickets off; 42 | 43 | # OCSP stapling 44 | ssl_stapling on; 45 | ssl_stapling_verify on; 46 | resolver 8.8.8.8; 47 | 48 | location / { 49 | proxy_pass http://kong; 50 | proxy_redirect off; 51 | } 52 | } -------------------------------------------------------------------------------- /monitoring/README.md: -------------------------------------------------------------------------------- 1 | # Observability Stack - Docker Compose 2 | 3 | ## About 4 | 5 | This readme contains the steps for deploying [`Prometheus`](https://prometheus.io/) monitoring application, [`Loki`](https://grafana.com/oss/loki/) to aggregation logs and [`Grafana`](https://grafana.com/grafana/) which is used for visualize and analyze metrics and logs generated by Prometheus and Loki. 6 | 7 | ## Disclaimer 8 | 9 | As the inclusion of services (Prometheus, Loki and Grafana) is under development, some services are currently not being monitored. The following describes the services already implemented. 10 | 11 | ## Node Exporter 12 | 13 | [`Node Exporter`](https://github.com/prometheus/node_exporter) is used for get host metrics from the host itself. In other words, the metrics obtained by Prometheus are directly related to hardware and operating system. 14 | 15 | Available metrics: 16 | 17 | * Service uptime; 18 | * Number of CPU cores; 19 | * Total amount of RAM; 20 | * Total amount of containers; 21 | * Disk usage percentage; 22 | * RAM usage percentage; 23 | * Total amount of SWAP; 24 | * Network traffic (Sent and Received); 25 | * CPU usage percentage; 26 | * Total, free and avaliable RAM; 27 | * Amount of RAM for I/O processes; 28 | * Used space of available disks. 29 | 30 | ## cAdvisor 31 | 32 | [`cAdvisor`](https://github.com/google/cadvisor) is an exporter developed by Google that provides metrics regarding resource usage and performance characteristics of running containers. 33 | 34 | Available metrics: 35 | 36 | * Current status of the container: ``Running``, ``Stopped`` and ``Paused``; 37 | * Network traffic received by container; 38 | * Network traffic sent by container; 39 | * Percentage of RAM usage per container; 40 | * Percentage of CPU usage per container; 41 | * RSS Memory Usage per Container; 42 | * RAM consumption table per container; 43 | * Available RAM for each conatainer; 44 | * RAM limit established for each container. 45 | 46 | ## VerneMQ 47 | 48 | As [`VerneMQ`](https://docs.vernemq.com/monitoring/prometheus) officially enables integration, the process becomes simpler. It is only necessary to declare the ``job`` in the Prometheus configuration file. 49 | 50 | Available metrics: 51 | 52 | * Summary; 53 | * Clients; 54 | * Queues; 55 | * Subscriptions; 56 | * Erlang VM; 57 | * Bytes IN & OUT; 58 | * Retain; 59 | * TCP Sockets; 60 | * Node to cluster communication; 61 | * MQTT Connect; 62 | * MQTT Subscribe; 63 | * MQTT Publish; 64 | * MQTT Ping; 65 | * MISC. 66 | 67 | ## Apache Kafka Exporter 68 | 69 | [`Apache Kafka Exporter`](https://github.com/danielqsj/kafka_exporter) is used to get metrics from the service ``Kafka``. In other words, the metrics obtained by Prometheus are directly related to high-performance data pipelines, streaming analytics, data integration, and mission-critical applications. 70 | 71 | Available metrics: 72 | 73 | * Message in per second; 74 | * Lag by Consumer Group; 75 | * Message in per minute; 76 | * Message consume per minute; 77 | * Partitions per Topic. 78 | 79 | ## Kong API Gateway Exporter 80 | 81 | As [`Kong`](https://docs.konghq.com/hub/kong-inc/prometheus/) officially allows the integration, the process becomes simpler. It is only necessary to declare ``job`` in the Prometheus configuration file to get metrics regarding cloud services to manage, monitor and scale application programming interfaces and microservices. 82 | 83 | Available metrics: 84 | 85 | * Status codes; 86 | * Latencies Histograms; 87 | * Request; 88 | * Kong; 89 | * Upstream; 90 | * Bandwidth; 91 | * DB reachability; 92 | * Connections; 93 | * Target Health; 94 | * Dataplane Status; 95 | * Enterprise License Information. 96 | 97 | ## MongoDB Exporter 98 | 99 | [`MongoDB Exporter`](https://github.com/percona/mongodb_exporter) is used to get metrics from ``MongoDB`` service. 100 | 101 | Available metrics: 102 | 103 | * Query metrics for MongoDB; 104 | * Health metrics for MongoDb; 105 | * Resource Metrics; 106 | * Dashboard Row; 107 | 108 | ## InfluxDB 109 | 110 | As [`InfluxDB`](https://docs.influxdata.com/influxdb/v1.8/administration/server_monitoring/) officially allows the integration, the process becomes simpler. It is only necessary to declare ``job`` in the Prometheus configuration file to get metrics regarding cloud services to manage, monitor and scale application programming interfaces and microservices. 111 | 112 | Available metrics: 113 | 114 | * InfluxDB Informations; 115 | * Request for InfluxDB; 116 | * GO Metrics; 117 | 118 | ## Using the service 119 | 120 | Since we are using Docker, it is natural that we will use its metrics. To set the Docker daemon as a Prometheus target, you need to specify the metrics-address in ``/etc/docker/daemon.json``. 121 | 122 | The first step is editing the file ``/etc/docker/daemon.json``. 123 | 124 | If the file does not exists, you need to create it. 125 | 126 | If the file is empty, paste the following: 127 | 128 | ```json 129 | { 130 | "metrics-addr" : "0.0.0.0:9323", 131 | "experimental" : true 132 | } 133 | ``` 134 | 135 | If the file is not empty, add these two keys, making sure the resulting file is a valid JSON. Be careful that all lines must end with a comma "," except the last line. 136 | 137 | In order for the changes to be applied it is necessary to restart the docker daemon and the docker itself. 138 | 139 | ``` 140 | sudo systemctl daemon-reload 141 | ``` 142 | 143 | ``` 144 | sudo systemctl restart docker.service 145 | ``` 146 | 147 | Since we are running Prometheus on localhost, in case we try to use the docker as localhost as well, Prometheus could understand that the metrics are inside the service itself (Prometheus) and then, could try to access port ``9323`` inside the Promethues container. To prevent this from happening we should use the default IP `172.17.0.1` of the **bridge** docker ``docker0``. 148 | 149 | Before running make sure that the `docker0` IP is really the default (172.17.0.1) with the following command: 150 | 151 | ``` 152 | ip address show dev docker0 153 | ``` 154 | 155 | The output will be similar to the one shown below, the *IP* will normally appear on the third line after the term ``inet``: 156 | ``` 157 | docker0: mtu 1500 qdisc noqueue state DOWN group default 158 | link/ether 02:42:a3:bf:97:21 brd ff:ff:ff:ff:ff:ff 159 | inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 160 | valid_lft forever preferred_lft forever 161 | inet6 fe80::42:a3ff:febf:9721/64 scope link 162 | valid_lft forever preferred_lft forever 163 | ``` 164 | 165 | If the IP is different, use the one that is on your ``docker0``. 166 | ## Changing prometheus.yml 167 | 168 | If the port is not the default one, you should edit the jobs that prometheus will analyze in the [prometheus.yml](prometheus/prometheus.yml), changing the IP of the docker service as shown below: 169 | 170 | Example job **docker**: 171 | 172 | ``` 173 | - job_name: docker 174 | static_configs: 175 | - targets: [':9323'] 176 | ``` 177 | ## Starting services 178 | 179 | As we've already done the configuration, we can start the service: 180 | 181 | ``` 182 | cd monitoring/ 183 | docker-compose --file docker-compose-monitoring.yml up --detach 184 | ``` 185 | 186 | When the process is complete, we can check whether the services have been started: 187 | 188 | * [Docker Metrics](http://localhost:9323/metrics). 189 | 190 | * [Prometheus Metrics](http://localhost:9090/metrics). 191 | 192 | Visually, it is possible to check if everything is "UP" by [Prometheus Targets](http://localhost:9090/targets). 193 | 194 | ## Viewing metrics in grafana 195 | 196 | As the service is declared in [Docker Compose Monitoring](docker-compose-monitoring.yaml), it has already been instantiated. Then just access the service at the URL http://localhost:3000. 197 | 198 | **User**: ``admin`` 199 | 200 | **Password**: ``admin`` 201 | 202 | [Grafana](http://localhost:3000) 203 | 204 | ## Grafana Configuration 205 | 206 | If you need to change or analyze the configuration files, you can find them in [Grafana Configuration Files](grafana/). 207 | 208 | In the indicated folder, there are all dashboards (in json files), configuration files of the dashboards themselves and the data source. 209 | 210 | ## Viewing data 211 | 212 | As the data and data source have already been imported automatically, you will be able to verify the data. 213 | 214 | * **System Metrics** refers to exporting Node-Exporter; 215 | * **Docker Metrics** refers to the CAdvisor exporter; 216 | * **Overview** has the main panels of each dashboard; -------------------------------------------------------------------------------- /monitoring/alertmanager/alertmanager.yml: -------------------------------------------------------------------------------- 1 | global: 2 | smtp_smarthost: 'smtp.meudominio.local:465' 3 | smtp_from: 'alert@meudominio.local' 4 | smtp_auth_username: 'alert' 5 | smtp_auth_password: '6jxDMjWvisKSXqwFh6U7dOg7J1rs8K' 6 | smtp_require_tls: false 7 | 8 | templates: 9 | #- "/etc/alertmanager/template/*.tmpl" 10 | 11 | route: 12 | repeat_interval: 5m 13 | receiver: dojot-team 14 | 15 | receivers: 16 | - name: 'dojot-team' 17 | email_configs: 18 | - to: 'dojot-team@meudominio.local' 19 | auth_username: 'alert@meudominio.local' 20 | auth_password: '6jxDMjWvisKSXqwFh6U7dOg7J1rs8K' 21 | send_resolved: true -------------------------------------------------------------------------------- /monitoring/docker-compose-monitoring.yaml: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | 3 | # https://docs.docker.com/config/containers/logging/json-file/ 4 | # https://docs.docker.com/config/containers/logging/log_tags/ 5 | x-logging: &loki-logging 6 | logging: 7 | driver: 'json-file' 8 | options: 9 | max-size: '50m' 10 | max-file: '3' 11 | tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}" 12 | 13 | x-networking: &dojot-networking 14 | networks: 15 | - default 16 | 17 | services: 18 | # https://prometheus.io/ 19 | prometheus: 20 | container_name: prometheus 21 | image: prom/prometheus:v2.31.1 22 | restart: unless-stopped 23 | ports: 24 | - target: 9090 25 | published: 9090 26 | protocol: tcp 27 | mode: host 28 | command: 29 | - --config.file=/etc/prometheus/prometheus.yml 30 | - --storage.tsdb.path=/prometheus 31 | - --storage.tsdb.retention.time=15d 32 | - --web.enable-lifecycle 33 | - --web.enable-admin-api 34 | volumes: 35 | - type: volume 36 | source: prometheus-volume 37 | target: /prometheus 38 | - type: bind 39 | source: ./prometheus 40 | target: /etc/prometheus 41 | read_only: true 42 | <<: *loki-logging 43 | <<: *dojot-networking 44 | 45 | # https://prometheus.io/docs/alerting/latest/alertmanager/ 46 | alertmanager: 47 | image: prom/alertmanager:v0.23.0 48 | container_name: alertmanager 49 | restart: unless-stopped 50 | ports: 51 | - target: 9093 52 | published: 9093 53 | protocol: tcp 54 | mode: host 55 | command: 56 | - --config.file=/etc/alertmanager/alertmanager.yml 57 | volumes: 58 | - type: bind 59 | source: ./alertmanager 60 | target: /etc/alertmanager 61 | read_only: true 62 | depends_on: 63 | - prometheus 64 | <<: *loki-logging 65 | <<: *dojot-networking 66 | 67 | # https://grafana.com/docs/grafana/latest/installation/docker/ 68 | grafana: 69 | container_name: grafana 70 | image: grafana/grafana:8.3.3 71 | ports: 72 | - target: 3000 73 | published: 3000 74 | protocol: tcp 75 | mode: host 76 | environment: 77 | GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource" 78 | volumes: 79 | - type: volume 80 | source: grafana-volume 81 | target: /var/lib/grafana 82 | - type: bind 83 | source: ./grafana/provisioning 84 | target: /etc/grafana/provisioning 85 | read_only: true 86 | <<: *loki-logging 87 | <<: *dojot-networking 88 | 89 | # https://grafana.com/docs/loki/latest/configuration/ 90 | loki: 91 | container_name: loki 92 | image: grafana/loki:2.4.1 93 | restart: unless-stopped 94 | ports: 95 | - target: 3100 96 | published: 3100 97 | protocol: tcp 98 | mode: host 99 | command: 100 | - -config.file=/etc/loki/loki.yml 101 | volumes: 102 | - type: bind 103 | source: ./loki 104 | target: /etc/loki 105 | read_only: true 106 | - type: volume 107 | source: loki-volume 108 | target: /loki 109 | <<: *loki-logging 110 | <<: *dojot-networking 111 | 112 | # https://grafana.com/docs/loki/latest/clients/promtail/ 113 | promtail: 114 | container_name: promtail 115 | image: grafana/promtail:2.4.1 116 | restart: unless-stopped 117 | command: 118 | - -config.file=/etc/promtail/promtail.yml 119 | volumes: 120 | - type: bind 121 | source: ./promtail 122 | target: /etc/promtail 123 | - type: bind 124 | source: /var/lib/docker/containers 125 | target: /var/lib/docker/containers 126 | read_only: true 127 | <<: *loki-logging 128 | <<: *dojot-networking 129 | 130 | # https://github.com/google/cadvisor 131 | cadvisor: 132 | container_name: cadvisor 133 | image: gcr.io/cadvisor/cadvisor:v0.38.8 134 | privileged: true 135 | devices: 136 | - /dev/kmsg 137 | volumes: 138 | - type: bind 139 | source: / 140 | target: /rootfs 141 | read_only: true 142 | - type: bind 143 | source: /var/run 144 | target: /var/run 145 | - type: bind 146 | source: /sys 147 | target: /sys 148 | read_only: true 149 | - type: bind 150 | source: /sys/fs/cgroup 151 | target: /sys/fs/cgroup 152 | read_only: true 153 | - type: bind 154 | source: /var/lib/docker 155 | target: /var/lib/docker 156 | read_only: true 157 | - type: bind 158 | source: /dev/disk 159 | target: /dev/disk 160 | read_only: true 161 | <<: *loki-logging 162 | <<: *dojot-networking 163 | 164 | # https://redis.io/ 165 | # redis: 166 | # image: redis:6.2.5 167 | # container_name: redis 168 | 169 | # https://github.com/prometheus/node_exporter 170 | 171 | node_exporter: 172 | image: prom/node-exporter:v1.3.0 173 | container_name: node_exporter 174 | restart: unless-stopped 175 | ports: 176 | - target: 9100 177 | published: 9100 178 | protocol: tcp 179 | mode: host 180 | command: 181 | - --path.procfs=/host/proc 182 | - --path.rootfs=/rootfs 183 | - --path.sysfs=/host/sys 184 | - --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/) 185 | volumes: 186 | - type: bind 187 | source: / 188 | target: /host 189 | read_only: true 190 | bind: 191 | propagation: rslave 192 | <<: *loki-logging 193 | 194 | # https://github.com/danielqsj/kafka_exporter 195 | kafka_exporter: 196 | container_name: kafka_exporter 197 | image: danielqsj/kafka-exporter:v1.4.1 198 | restart: unless-stopped 199 | command: --kafka.server=kafka:9092 200 | <<: *loki-logging 201 | <<: *dojot-networking 202 | 203 | # https://hub.docker.com/r/bitnami/mongodb-exporter 204 | mongodb_exporter: 205 | container_name: mongodb_exporter 206 | image: bitnami/mongodb-exporter:0.11.2 207 | restart: unless-stopped 208 | environment: 209 | MONGODB_URI: 'mongodb://mongodb:27017' 210 | <<: *loki-logging 211 | <<: *dojot-networking 212 | 213 | volumes: 214 | grafana-volume: 215 | name: grafana-volume 216 | loki-volume: 217 | name: loki-volume 218 | loki-minio-volume: 219 | name: loki-minio-volume 220 | prometheus-volume: 221 | name: prometheus-volume 222 | 223 | networks: 224 | default: 225 | name: dojot 226 | -------------------------------------------------------------------------------- /monitoring/grafana/defaults.ini: -------------------------------------------------------------------------------- 1 | ##################### Grafana Configuration Defaults ##################### 2 | # 3 | # Do not modify this file in grafana installs 4 | # 5 | 6 | # possible values : production, development 7 | app_mode = production 8 | 9 | # instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty 10 | instance_name = ${HOSTNAME} 11 | 12 | #################################### Paths ############################### 13 | [paths] 14 | # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) 15 | data = data 16 | 17 | # Temporary files in `data` directory older than given duration will be removed 18 | temp_data_lifetime = 24h 19 | 20 | # Directory where grafana can store logs 21 | logs = data/log 22 | 23 | # Directory where grafana will automatically scan and look for plugins 24 | plugins = data/plugins 25 | 26 | # folder that contains provisioning config files that grafana will apply on startup and while running. 27 | provisioning = /provisioning 28 | 29 | #################################### Server ############################## 30 | [server] 31 | # Protocol (http, https, h2, socket) 32 | protocol = http 33 | 34 | # The ip address to bind to, empty will bind to all interfaces 35 | http_addr = 36 | 37 | # The http port to use 38 | http_port = 3000 39 | 40 | # The public facing domain name used to access grafana from a browser 41 | domain = localhost 42 | 43 | # Redirect to correct domain if host header does not match domain 44 | # Prevents DNS rebinding attacks 45 | enforce_domain = false 46 | 47 | # The full public facing url 48 | root_url = %(protocol)s://%(domain)s:%(http_port)s/ 49 | 50 | # Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons. 51 | serve_from_sub_path = false 52 | 53 | # Log web requests 54 | router_logging = false 55 | 56 | # the path relative working path 57 | static_root_path = public 58 | 59 | # enable gzip 60 | enable_gzip = false 61 | 62 | # https certs & key file 63 | cert_file = 64 | cert_key = 65 | 66 | # Unix socket path 67 | socket = /tmp/grafana.sock 68 | 69 | # CDN Url 70 | cdn_url = 71 | 72 | # Sets the maximum time in minutes before timing out read of an incoming request and closing idle connections. 73 | # `0` means there is no timeout for reading the request. 74 | read_timeout = 0 75 | 76 | #################################### Database ############################ 77 | [database] 78 | # You can configure the database connection by specifying type, host, name, user and password 79 | # as separate properties or as on string using the url property. 80 | 81 | # Either "mysql", "postgres" or "sqlite3", it's your choice 82 | type = sqlite3 83 | host = 127.0.0.1:3306 84 | name = grafana 85 | user = root 86 | # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" 87 | password = 88 | # Use either URL or the previous fields to configure the database 89 | # Example: mysql://user:secret@host:port/database 90 | url = 91 | 92 | # Max idle conn setting default is 2 93 | max_idle_conn = 2 94 | 95 | # Max conn setting default is 0 (mean not set) 96 | max_open_conn = 97 | 98 | # Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) 99 | conn_max_lifetime = 14400 100 | 101 | # Set to true to log the sql calls and execution times. 102 | log_queries = 103 | 104 | # For "postgres", use either "disable", "require" or "verify-full" 105 | # For "mysql", use either "true", "false", or "skip-verify". 106 | ssl_mode = disable 107 | 108 | # Database drivers may support different transaction isolation levels. 109 | # Currently, only "mysql" driver supports isolation levels. 110 | # If the value is empty - driver's default isolation level is applied. 111 | # For "mysql" use "READ-UNCOMMITTED", "READ-COMMITTED", "REPEATABLE-READ" or "SERIALIZABLE". 112 | isolation_level = 113 | 114 | ca_cert_path = 115 | client_key_path = 116 | client_cert_path = 117 | server_cert_name = 118 | 119 | # For "sqlite3" only, path relative to data_path setting 120 | path = grafana.db 121 | 122 | # For "sqlite3" only. cache mode setting used for connecting to the database 123 | cache_mode = private 124 | 125 | #################################### Cache server ############################# 126 | [remote_cache] 127 | # Either "redis", "memcached" or "database" default is "database" 128 | type = database 129 | 130 | # cache connectionstring options 131 | # database: will use Grafana primary database. 132 | # redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'. 133 | # memcache: 127.0.0.1:11211 134 | connstr = 135 | 136 | #################################### Data proxy ########################### 137 | [dataproxy] 138 | 139 | # This enables data proxy logging, default is false 140 | logging = false 141 | 142 | # How long the data proxy waits to read the headers of the response before timing out, default is 30 seconds. 143 | # This setting also applies to core backend HTTP data sources where query requests use an HTTP client with timeout set. 144 | timeout = 30 145 | 146 | # How long the data proxy waits to establish a TCP connection before timing out, default is 10 seconds. 147 | dialTimeout = 10 148 | 149 | # How many seconds the data proxy waits before sending a keepalive request. 150 | keep_alive_seconds = 30 151 | 152 | # How many seconds the data proxy waits for a successful TLS Handshake before timing out. 153 | tls_handshake_timeout_seconds = 10 154 | 155 | # How many seconds the data proxy will wait for a server's first response headers after 156 | # fully writing the request headers if the request has an "Expect: 100-continue" 157 | # header. A value of 0 will result in the body being sent immediately, without 158 | # waiting for the server to approve. 159 | expect_continue_timeout_seconds = 1 160 | 161 | # Optionally limits the total number of connections per host, including connections in the dialing, 162 | # active, and idle states. On limit violation, dials will block. 163 | # A value of zero (0) means no limit. 164 | max_conns_per_host = 0 165 | 166 | # The maximum number of idle connections that Grafana will keep alive. 167 | max_idle_connections = 100 168 | 169 | # How many seconds the data proxy keeps an idle connection open before timing out. 170 | idle_conn_timeout_seconds = 90 171 | 172 | # If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request. 173 | send_user_header = false 174 | 175 | #################################### Analytics ########################### 176 | [analytics] 177 | # Server reporting, sends usage counters to stats.grafana.org every 24 hours. 178 | # No ip addresses are being tracked, only simple counters to track 179 | # running instances, dashboard and error counts. It is very helpful to us. 180 | # Change this option to false to disable reporting. 181 | reporting_enabled = true 182 | 183 | # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs 184 | reporting_distributor = grafana-labs 185 | 186 | # Set to false to disable all checks to https://grafana.com 187 | # for new versions (grafana itself and plugins), check is used 188 | # in some UI views to notify that grafana or plugin update exists 189 | # This option does not cause any auto updates, nor send any information 190 | # only a GET request to https://grafana.com to get latest versions 191 | check_for_updates = true 192 | 193 | # Google Analytics universal tracking code, only enabled if you specify an id here 194 | google_analytics_ua_id = 195 | 196 | # Google Tag Manager ID, only enabled if you specify an id here 197 | google_tag_manager_id = 198 | 199 | # Rudderstack write key, enabled only if rudderstack_data_plane_url is also set 200 | rudderstack_write_key = 201 | 202 | # Rudderstack data plane url, enabled only if rudderstack_write_key is also set 203 | rudderstack_data_plane_url = 204 | 205 | #################################### Security ############################ 206 | [security] 207 | # disable creation of admin user on first start of grafana 208 | disable_initial_admin_creation = false 209 | 210 | # default admin user, created on startup 211 | admin_user = admin 212 | 213 | # default admin password, can be changed before first start of grafana, or in profile settings 214 | admin_password = admin 215 | 216 | # used for signing 217 | secret_key = SW2YcwTIb9zpOOhoPsMm 218 | 219 | # disable gravatar profile images 220 | disable_gravatar = false 221 | 222 | # data source proxy whitelist (ip_or_domain:port separated by spaces) 223 | data_source_proxy_whitelist = 224 | 225 | # disable protection against brute force login attempts 226 | disable_brute_force_login_protection = false 227 | 228 | # set to true if you host Grafana behind HTTPS. default is false. 229 | cookie_secure = false 230 | 231 | # set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled" 232 | cookie_samesite = lax 233 | 234 | # set to true if you want to allow browsers to render Grafana in a ,