diff --git a/infra/docker-compose.monitoring.yml b/infra/docker-compose.monitoring.yml index 8f80053..095772b 100644 --- a/infra/docker-compose.monitoring.yml +++ b/infra/docker-compose.monitoring.yml @@ -141,8 +141,8 @@ services: image: grafana/grafana:10.4.2 container_name: grafana restart: unless-stopped - ports: - - "127.0.0.1:3001:3000" + expose: + - "3000" environment: - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD} @@ -169,6 +169,13 @@ services: max-size: "10m" max-file: "3" + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/api/health"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 30s + node-exporter: image: prom/node-exporter:v1.8.1 container_name: node-exporter diff --git a/infra/nginx/api.conf b/infra/nginx/api.conf index 3f1e525..df8aa21 100644 --- a/infra/nginx/api.conf +++ b/infra/nginx/api.conf @@ -97,6 +97,17 @@ server { server_tokens off; + # ───────────────────────────────────────────────────────────────────────────── + # Docker DNS Resolution (CRITICAL for service name upstreams) + # + # Enables runtime DNS resolution for Docker service names (e.g., grafana:3000). + # Without this, Nginx fails at config-load with: "host not found in upstream". + # Docker's embedded resolver is at 127.0.0.11:53. + # valid=10s caches DNS lookups for 10 seconds. + # ───────────────────────────────────────────────────────────────────────────── + resolver 127.0.0.11 valid=10s; + resolver_timeout 5s; + # safer host validation (still simple) if ($host !~* ^(__API_HOSTNAME__|localhost|127\.0\.0\.1)$) { return 444; @@ -217,10 +228,11 @@ server { proxy_buffering on; } - # Grafana (Cloudflare + localhost only) + # Grafana (Cloudflare + localhost only, via Docker service DNS) location /monitor/ { if ($is_trusted_source = 0) { return 403; } - proxy_pass http://127.0.0.1:3333/monitor/; + set $grafana_upstream "http://grafana:3000"; + proxy_pass $grafana_upstream; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade;