From 9ca117746176b19e6c936361664f73789eebe4f3 Mon Sep 17 00:00:00 2001 From: jack Date: Sun, 22 Mar 2026 08:14:07 +0700 Subject: [PATCH] fix: crowdsec proxy network, uptime-kuma curl healthcheck, outline en_US, n8n 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - crowdsec: add proxy network for internet access (hub downloads) - crowdsec-bouncer: remove (image crowdsecurity/cs-firewall-bouncer doesn't exist on Docker Hub) - uptime-kuma: switch healthcheck from wget to curl (wget not in image) - outline: fix DEFAULT_LANGUAGE ru_RU → en_US (unsupported locale) - n8n: fix healthcheck localhost → 127.0.0.1 (IPv6 issue in Alpine) - alertmanager: config permissions 0644 (was 0640, container couldn't read) Co-Authored-By: Claude Sonnet 4.6 --- roles/services/tasks/configs.yml | 2 +- .../services/templates/docker-compose.yml.j2 | 29 +++++-------------- roles/tools/templates/docker-compose.yml.j2 | 4 +-- roles/tools/templates/env.j2 | 2 +- 4 files changed, 12 insertions(+), 25 deletions(-) diff --git a/roles/services/tasks/configs.yml b/roles/services/tasks/configs.yml index d0b288a..fc80180 100644 --- a/roles/services/tasks/configs.yml +++ b/roles/services/tasks/configs.yml @@ -104,7 +104,7 @@ dest: "{{ services_root }}/prometheus/alertmanager.yml" owner: "{{ deploy_user }}" group: "{{ deploy_group }}" - mode: "0640" + mode: "0644" notify: Restart stack - name: Deploy Loki config diff --git a/roles/services/templates/docker-compose.yml.j2 b/roles/services/templates/docker-compose.yml.j2 index a26b919..60dc010 100644 --- a/roles/services/templates/docker-compose.yml.j2 +++ b/roles/services/templates/docker-compose.yml.j2 @@ -139,7 +139,7 @@ services: ports: - "2222:22" healthcheck: - test: ["CMD", "curl", "-sf", "http://localhost:3000/"] + test: ["CMD", "wget", "-qO-", "http://localhost:3000/"] interval: 30s timeout: 10s retries: 5 @@ -184,7 +184,7 @@ services: - backend - plane-internal healthcheck: - test: ["CMD", "curl", "-sf", "http://localhost:80/"] + test: ["CMD", "wget", "-qO-", "http://localhost:80/"] interval: 30s timeout: 5s retries: 3 @@ -201,7 +201,7 @@ services: - backend - plane-internal healthcheck: - test: ["CMD", "curl", "-sf", "http://localhost:80/"] + test: ["CMD", "wget", "-qO-", "http://localhost:80/"] interval: 30s timeout: 5s retries: 3 @@ -218,7 +218,7 @@ services: - backend - plane-internal healthcheck: - test: ["CMD", "curl", "-sf", "http://localhost:3000/"] + test: ["CMD", "wget", "-qO-", "http://localhost:3000/"] interval: 30s timeout: 5s retries: 3 @@ -264,7 +264,7 @@ services: - ADMIN_BASE_URL=https://{{ domain_plane }}/god-mode - SPACE_BASE_URL=https://{{ domain_plane }}/spaces healthcheck: - test: ["CMD", "curl", "-sf", "http://localhost:8000/api/"] + test: ["CMD", "wget", "-qO-", "http://localhost:8000/api/"] interval: 30s timeout: 10s retries: 5 @@ -494,7 +494,7 @@ services: - GF_SERVER_ROOT_URL=https://{{ domain_dashboard }} - GF_AUTH_ANONYMOUS_ENABLED=false healthcheck: - test: ["CMD", "curl", "-sf", "http://localhost:3000/api/health"] + test: ["CMD", "wget", "-qO-", "http://localhost:3000/api/health"] interval: 30s timeout: 5s retries: 3 @@ -539,6 +539,7 @@ services: restart: unless-stopped networks: - monitoring + - proxy # needs internet for hub/threat-intel downloads environment: - COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/linux - GID=1000 @@ -549,20 +550,6 @@ services: - /var/log/auth.log:/var/log/auth.log:ro - /var/log/syslog:/var/log/syslog:ro - # Bouncer: получает решения от CrowdSec и блокирует IP через firewall - crowdsec-bouncer: - image: {{ crowdsec_bouncer_image }} - container_name: crowdsec-bouncer - restart: unless-stopped - networks: - - monitoring - environment: - - CROWDSEC_BOUNCER_API_KEY=${CROWDSEC_BOUNCER_KEY} - - CROWDSEC_AGENT_HOST=crowdsec:8080 - - GID=0 - cap_add: - - NET_ADMIN - - NET_RAW # ── Authelia: 2FA SSO portal ─────────────────────────────────────────────── # Защищает: Traefik dashboard, Syncthing, Plane /god-mode/ @@ -613,7 +600,7 @@ services: volumes: - uptime_kuma_data:/app/data healthcheck: - test: ["CMD", "wget", "-qO-", "http://localhost:3001/"] + test: ["CMD", "curl", "-sf", "http://localhost:3001/"] interval: 30s timeout: 5s retries: 3 diff --git a/roles/tools/templates/docker-compose.yml.j2 b/roles/tools/templates/docker-compose.yml.j2 index f91aeb1..7b49f33 100644 --- a/roles/tools/templates/docker-compose.yml.j2 +++ b/roles/tools/templates/docker-compose.yml.j2 @@ -33,7 +33,7 @@ services: outline-redis: condition: service_healthy healthcheck: - test: ["CMD", "wget", "-qO-", "http://localhost:3000/_health"] + test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/_health"] interval: 30s timeout: 5s retries: 3 @@ -111,7 +111,7 @@ services: - EXECUTIONS_DATA_PRUNE=true - EXECUTIONS_DATA_MAX_AGE=336 healthcheck: - test: ["CMD", "wget", "-qO-", "http://localhost:5678/healthz"] + test: ["CMD", "wget", "-qO-", "http://127.0.0.1:5678/healthz"] interval: 30s timeout: 5s retries: 3 diff --git a/roles/tools/templates/env.j2 b/roles/tools/templates/env.j2 index 9b5f2d1..f6e7f3f 100644 --- a/roles/tools/templates/env.j2 +++ b/roles/tools/templates/env.j2 @@ -31,7 +31,7 @@ AUTH_PROVIDERS=email OUTLINE_DB_PASSWORD={{ outline_db_password }} # Optional -DEFAULT_LANGUAGE=ru_RU +DEFAULT_LANGUAGE=en_US RATE_LIMITER_ENABLED=true ENABLE_UPDATES=false