TARDIS Project

User Tools

Site Tools

Trace:
hosts:architecture

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hosts:architecture [2023/08/30 17:48] tcmalhosts:architecture [2023/11/25 19:44] (current) – [Grafana, Prometheus, Loki (monitoring)] tcmal
Line 21: Line 21:
   * [[hosts:virtual_machines:enclave:keycloak|Keycloak]], which provides SSO for most of our web services.   * [[hosts:virtual_machines:enclave:keycloak|Keycloak]], which provides SSO for most of our web services.
   * [[hosts:virtual_machines:enclave:vaultwarden|Vaultwarden]], which we use to store admin credentials, etc.   * [[hosts:virtual_machines:enclave:vaultwarden|Vaultwarden]], which we use to store admin credentials, etc.
 +  * [[hosts:virtual_machines:enclave:tardis_console|The Tardis Console]], our web account management interface.
  
 We aim to store passwords only in Kerberos. This is possible even if the client doesn't support Kerberos using LDAP passthrough authentication, see [[hosts:virtual_machines:enclave:ldap|here]]. We aim to store passwords only in Kerberos. This is possible even if the client doesn't support Kerberos using LDAP passthrough authentication, see [[hosts:virtual_machines:enclave:ldap|here]].
Line 32: Line 33:
   * [[hosts:virtual_machines:web:reverse_proxy|Caddy]], our primary reverse proxy   * [[hosts:virtual_machines:web:reverse_proxy|Caddy]], our primary reverse proxy
   * [[hosts:virtual_machines:web:dokuwiki|Dokuwiki]], which you're reading this on   * [[hosts:virtual_machines:web:dokuwiki|Dokuwiki]], which you're reading this on
-  * [[hosts:virtual_machines:web:userhomes|Userhomes]] nginx server, which serves ''www/'' directories. Note that this isn't actually exposed through Caddy.+  * [[hosts:virtual_machines:web:userhomes_hosting|Userhomes]] nginx server, which serves ''www/'' directories. Note that this isn't actually exposed through Caddy.
  
 Caddy is the reverse proxy that most of the tardisproject.uk domain goes through, except for gitlab. It doesn't host any user-services: Those are all handled by a seperate reverse proxy detailed [[hosts:user_hosting|here]]. Caddy is the reverse proxy that most of the tardisproject.uk domain goes through, except for gitlab. It doesn't host any user-services: Those are all handled by a seperate reverse proxy detailed [[hosts:user_hosting|here]].
Line 39: Line 40:
  
   * [[hosts:virtual_machines:web:wordpress_civicrm|Our donation infrastructure]]   * [[hosts:virtual_machines:web:wordpress_civicrm|Our donation infrastructure]]
-  * [[hosts:virtual_machines:web:flame|A service directory]], on https://tard.is+  * [[hosts:virtual_machines:web:oauth2proxy|An OAuth2 proxy]]
  
-===== Grafana, Prometheus, Loki (monitoring) =====+===== Monitoring =====
  
-[[hosts:virtual_machines:monitoring:grafana|Monitoring]] hosts a pretty good observability stack, composed of: +[[hosts:virtual_machines:monitoring:start|Monitoring]] hosts the parent node for [[https://www.netdata.cloud/|Netdata]], and does some health checks of our services.
- +
-  * [[hosts:virtual_machines:monitoring:grafana|Grafana]], which handles alerting and making dashboards +
-  * [[hosts:virtual_machines:monitoring:prometheus|Prometheus]], which pulls metrics from different sources and stores them +
-  * [[hosts:virtual_machines:monitoring:loki|Loki]], which aggregates logs.+
  
 It sends configured alerts to the ''#tardis-bots'' discord channel.  It sends configured alerts to the ''#tardis-bots'' discord channel. 
hosts/architecture.1693417707.txt.gz · Last modified: 2023/08/30 17:48 by tcmal