1
# <your project path>/docker-compose.yml
2
version: "3"
3
services:
4
  prometheus:
5
    image: prom/prometheus:latest
6
    container_name: prometheus
7
    restart: unless-stopped
8
    network_mode: "host"
9
    volumes:
10
      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
11
      - ./prometheus/prometheus:/prometheus
12
      - ./prometheus/blackbox:/etc/prometheus/blackbox
13
    command:
14
      - "--config.file=/etc/prometheus/prometheus.yml"
15
      - "--storage.tsdb.path=/prometheus"
16
      - "--web.console.libraries=/etc/prometheus/console_libraries"
17
      - "--web.console.templates=/etc/prometheus/consoles"
18
      - "--web.enable-lifecycle"
19
      - "--web.enable-admin-api"
20
  grafana:
21
    image: grafana/grafana:latest
22
    container_name: grafana
23
    network_mode: "host"
24
    volumes:
25
      - ./grafana/grafana:/var/lib/grafana
26
      - ./grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards
27
      - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
28
      - ./grafana/conf/grafana.ini:/etc/grafana/grafana.ini
29
      - /path/to;:/etc/ssl/beocean.net
30
    environment:
31
      - GF_USERS_ALLOW_SIGN_UP=false
32
    restart: unless-stopped

1
# <your project path>/prometheus/prometheus.yml
2
# Alertmanager configuration
3
alerting:
4
  alertmanagers:
5
    - static_configs:
6
        - targets:
7
          # - alertmanager:9093
8

9
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
10
rule_files:
11
  # - "first_rules.yml"
12
  # - "second_rules.yml"
13

14
# A scrape configuration containing exactly one endpoint to scrape:
15
# Here it's Prometheus itself.
16
scrape_configs:
17
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
18
  - job_name: "prometheus"
19

20
    # metrics_path defaults to '/metrics'
21
    # scheme defaults to 'http'.
22

23
    static_configs:
24
      - targets: ["localhost:<prometheus 端口>"]
25
  # node exporter
26
  - job_name: "node_exporter"
27
    scrape_interval: 30s
28
    static_configs:
29
      - targets: ["<监控节点IP>:<监控节点 node_exporter端口>"]
30
        labels:
31
          instance: '<监控节点名称>'
32
      # 可继续添加其他监控节点
33

34
  # blackbox exporter
35
  - job_name: "<监控节点名称>"
36
    metrics_path: '/probe'
37
    params:
38
      module: [tcp]
39
    file_sd_configs:
40
      - files:
41
        - '/etc/prometheus/blackbox/*.yml'
42
    relabel_configs:
43
        - source_labels: [__address__]
44
          target_label: __param_target
45
        - source_labels: [__param_target]
46
          target_label: instance
47
        - target_label: __address__
48
          replacement: <监控节点IP>:<监控节点 blackbox_exporter端口>"
49
        # 无ipv6可添加一下配置
50
        - source_labels: [ip]
51
          regex: 'IPv6'
52
          action: drop
53
  # 可继续添加其他监控节点

1
# <your project path>/prometheus/blackbox/ISP.yml
2
 # 北京
3
    - targets:
4
        - bj-cm-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
5
      labels:
6
        name: 'PEK | China Mobile'
7
        code: 'PEK'
8
        city: 'Beijing'
9
        isp: 'China Mobile'
10
        ip: 'IPv4'
11
        domestic: 'true'
12

13
    - targets:
14
        - bj-ct-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
15
      labels:
16
        name: 'PEK | China Telecom'
17
        code: 'PEK'
18
        city: 'Beijing'
19
        isp: 'China Telecom'
20
        ip: 'IPv4'
21
        domestic: 'true'
22

23
    - targets:
24
        - bj-cu-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
25
      labels:
26
        name: 'PEK | China Unicom'
27
        code: 'PEK'
28
        city: 'Beijing'
29
        isp: 'China Unicom'
30
        ip: 'IPv4'
31
        domestic: 'true'
32

33
 # 广州
34
    - targets:
35
        - gd-cm-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
36
      labels:
37
        name: 'CAN | China Mobile'
38
        code: 'CAN'
39
        city: 'Guangzhou'
40
        isp: 'China Mobile'
41
        ip: 'IPv4'
42
        domestic: 'true'
43

44
    - targets:
45
        - gd-ct-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
46
      labels:
47
        name: 'CAN | China Telecom'
48
        code: 'CAN'
49
        city: 'Guangzhou'
50
        isp: 'China Telecom'
51
        ip: 'IPv4'
52
        domestic: 'true'
53

54
    - targets:
55
        - gd-cu-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
56
      labels:
57
        name: 'CAN | China Unicom'
58
        code: 'CAN'
59
        city: 'Guangzhou'
60
        isp: 'China Unicom'
61
        ip: 'IPv4'
62
        domestic: 'true'
63

64
 # 上海
65
    - targets:
66
        - sh-cm-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
67
      labels:
68
        name: 'SHA | China Mobile'
69
        code: 'SHA'
70
        city: 'Shanghai'
71
        isp: 'China Mobile'
72
        ip: 'IPv4'
73
        domestic: 'true'
74

75
    - targets:
76
        - sh-ct-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
77
      labels:
78
        name: 'SHA | China Telecom'
79
        code: 'SHA'
80
        city: 'Shanghai'
81
        isp: 'China Telecom'
82
        ip: 'IPv4'
83
        domestic: 'true'
84

85
    - targets:
86
        - sh-cu-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
87
      labels:
88
        name: 'SHA | China Unicom'
89
        code: 'SHA'
90
        city: 'Shanghai'
91
        isp: 'China Unicom'
92
        ip: 'IPv4'
93
        domestic: 'true'
94

95

96
 # 长沙
97
    - targets:
98
        - hn-cm-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
99
      labels:
100
        name: 'CSX | China Mobile'
101
        code: 'CSX'
102
        city: 'Changsha'
103
        isp: 'China Mobile'
104
        ip: 'IPv4'
105
        domestic: 'true'
106

107
    - targets:
108
        - hn-ct-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
109
      labels:
110
        name: 'CSX | China Telecom'
111
        code: 'CSX'
112
        city: 'Changsha'
113
        isp: 'China Telecom'
114
        ip: 'IPv4'
115
        domestic: 'true'
116

117
    - targets:
118
        - hn-cu-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
119
      labels:
120
        name: 'CSX | China Unicom'
121
        code: 'CSX'
122
        city: 'Changsha'
123
        isp: 'China Unicom'
124
        ip: 'IPv4'
125
        domestic: 'true'
126

127

128
 # 新疆乌鲁木齐
129
    - targets:
130
        - xj-cm-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
131
      labels:
132
        name: 'URC | China Mobile'
133
        code: 'URC'
134
        city: 'Urumqi'
135
        isp: 'China Mobile'
136
        ip: 'IPv4'
137
        domestic: 'true'
138

139
    - targets:
140
        - xj-ct-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
141
      labels:
142
        name: 'URC | China Telecom'
143
        code: 'URC'
144
        city: 'Urumqi'
145
        isp: 'China Telecom'
146
        ip: 'IPv4'
147
        domestic: 'true'
148

149
    - targets:
150
        - xj-cu-v4.ip.zstaticcdn.com:80 # 或 IPv4 IP
151
      labels:
152
        name: 'URC | China Unicom'
153
        code: 'URC'
154
        city: 'Urumqi'
155
        isp: 'China Unicom'
156
        ip: 'IPv4'
157
        domestic: 'true'

1
# <your project path>/grafana/conf/grafana.ini
2
#################################### Anonymous Auth ######################
3
[auth.anonymous]
4
# enable anonymous access
5
enabled = true
6

7
# specify organization name that should be used for unauthenticated users
8
org_name = Vistors
9

10
# specify role for unauthenticated users
11
org_role = Viewer
12

13
# mask the Grafana version number for unauthenticated users
14
;hide_version = false
15

16
# number of devices in total
17
device_limit = 10
18

19
#################################### Server ####################################
20
[server]
21
# Protocol (http, https, h2, socket)
22
protocol = https
23

24
# Minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.2, TLS1.3. If nothing is set TLS1.2 would be taken
25
;min_tls_version = ""
26

27
# The ip address to bind to, empty will bind to all interfaces
28
;http_addr =
29

30
# The http port to use
31
;http_port = 3000
32

33
# The public facing domain name used to access grafana from a browser
34
;domain = localhost
35
domain = beocean.net
36
# Redirect to correct domain if host header does not match domain
37
# Prevents DNS rebinding attacks
38
;enforce_domain = false
39

40
# The full public facing url you use in browser, used for redirects and emails
41
# If you use reverse proxy and sub path specify full url (with sub path)
42
;root_url = %(protocol)s://%(domain)s:%(http_port)s/
43
root_url = https://<domain>:3000
44

45
# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
46
;serve_from_sub_path = false
47

48
# Log web requests
49
;router_logging = false
50

51
# the path relative working path
52
;static_root_path = public
53

54
# enable gzip
55
;enable_gzip = false
56

57
# https certs & key file
58
cert_file = /etc/ssl/beocean.net/cert.pem
59
cert_key = /etc/ssl/beocean.net/key.pem
60

61
# optional password to be used to decrypt key file
62
;cert_pass =
63

64
# Certificates file watch interval
65
;certs_watch_interval =
66

67
# Unix socket gid
68
# Changing the gid of a file without privileges requires that the target group is in the group of the process and that the process is the file owner
69
# It is recommended to set the gid as http server user gid
70
# Not set when the value is -1
71
;socket_gid =
72

73
# Unix socket mode
74
;socket_mode =
75

76
# Unix socket path
77
;socket =
78

79
# CDN Url
80
;cdn_url =
81

82
# Sets the maximum time using a duration format (5s/5m/5ms) before timing out read of an incoming request and closing idle connections.
83
# `0` means there is no timeout for reading the request.
84
;read_timeout = 0
85

86
# This setting enables you to specify additional headers that the server adds to HTTP(S) responses.
87
[server.custom_response_headers]
88
#exampleHeader1 = exampleValue1
89
#exampleHeader2 = exampleValue2
90

91
[environment]
92
# Sets whether the local file system is available for Grafana to use. Default is true for backward compatibility.
93
;local_file_system_available = true

1
upstream grafana {
2
  server localhost:3000;
3
}
4

5
server {
6
    listen 443 ssl;
7
    listen [::]:443 ssl;
8
    ssl_certificate /path/to/certificate.crt;
9
    ssl_certificate_key /path/to/private.key;
10
    ssl_session_timeout 5m;
11
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
12
    ssl_prefer_server_ciphers on;
13
    ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
14
    ssl_session_cache builtin:1000 shared:SSL:10m;
15

16
    server_name <domain>;
17

18
    location / {
19
        proxy_http_version 1.1;
20
        proxy_set_header Upgrade $http_upgrade;
21
        proxy_set_header Connection "Upgrade";
22
        proxy_redirect off;
23
        proxy_set_header Host $http_host;
24
        #proxy_set_header True-Client-IP $http_true_client_ip;
25
        proxy_set_header X-Real-IP $http_true_client_ip;
26
        #proxy_set_header X-Forwarded-For $remote_addr;
27
        #proxy_set_header X-Forwarded-For $http_true_client_ip;
28
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
29
        proxy_pass https://grafana;
30
      }
31

32
      # Proxy Grafana Live WebSocket connections.
33
      location /api/live/ {
34
        proxy_http_version 1.1;
35
        proxy_set_header Upgrade $http_upgrade;
36
        proxy_set_header Connection "Upgrade";
37
        #proxy_set_header Connection $connection_upgrade;
38
        proxy_set_header Host $host;
39
        proxy_pass https://grafana;
40
      }
41
}