lovebeat icon indicating copy to clipboard operation
lovebeat copied to clipboard

Published 20 hours ago verified publisher icon boivie

Can't proxy in a sub-directory

Open unsync opened this issue 7 years ago • 7 comments

I'm trying to use your (awesome) lovebeat in a nginx/proxy/docker configuration, one major issue is that dashboard/assets/app.html is refering to bundle.js as

<script src="/bundle.js"></script>

The trailing slash prevent from using lovebeat in a subdirectory, all paths should be relative, not absolute (at least i think so).

Did anyone manage to use it in a subdirectory successfully ?

unsync avatar May 22 '17 16:05 unsync

You're right, and it's actually a regression. I have stumbled upon this problem before (used to proxy it using undergang - another of my projects here on github), and fixed it in f1fb963d71915abf98c210f4a30a10613ab5a16a but that was a long time ago, and evidently it's broken again.

I'll probably find some time to fix it during this week unless you want to have a stab at it yourself.

2017-05-22 18:54 GMT+02:00 any1one [email protected]:

I'm trying to use your (awesome) lovebeat in a nginx/proxy/docker configuration, one major issue is that dashboard/assets/app.html is refering to bundle.js as

The trailing slash prevent from using lovebeat in a subdirectory, all paths should be relative, not absolute (at least i think so).

Did anyone manage to use it in a subdirectory successfully ?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/boivie/lovebeat/issues/31, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGgeyV2wkCObcc-ekCduc3ku21tJ5Gdks5r8b3QgaJpZM4Ninwp .

boivie avatar May 22 '17 18:05 boivie

Thanks for the quick answer ! I tried to compile it but it failed, I'll have another try tomorrow and will give you an update if it works. I have the same interrogation about the others API call (like /alarms), can't they be broken in a sub directory ? Anyway, thank a lot if you can fix it !!

unsync avatar May 22 '17 18:05 unsync

Yes, I'll fix all the endpoints so that they can be served under a subdirectory.

boivie avatar May 22 '17 18:05 boivie

great.

While i'm here, have you ever thought about managing an application secret ? The idea is that if anyone finds my lovebeat instance, there is nothing preventing him to flood my lovebeat with dummy notifications. If i could set a secret in my config file and then pass it with curl, i could be sure that my notifications are safe.

I'm not a go dev but i'll see if i can submit some pull request in the future !

unsync avatar May 23 '17 07:05 unsync

It is certainly something I've thought about.

Right now, lovebeat is assumed to be only accessible by trusted clients - preferably running exposed only to an internal network (or VPN).

Security is difficult, and there are many protocols and interfaces that lovebeat provide. The HTTP REST API is fairly simple to protect (e.g. with some sort of API key), but the statsd-compatible UDP protocol would be more difficult. And the web UI would have to be protected as well.

So instead of trying to make it really secure (which is difficult), it's "insecure by default", and should be treated as such.

What I've done is typically to add e.g. "Basic Auth" to the web UI using the nginx reverse proxy. The same could be done with the lovebeat REST API, if you would want it to be exposed externally. So please add the security layer in your reverse proxy instead!

boivie avatar May 23 '17 10:05 boivie

Make sense... i didn't think about all the ramifications ! Would you be interested by some configuration examples ? I've setup a config with a bash script to send alerts to pagerduty.

I'm also interested by some informations that i can't find in the docs :

  • Store the database in s3 : does it upload it automaticaly ? The file must be world writable on s3 ?
  • How to setup multiple alarms in the config file ? I've done this :
[[alarms]]
name = "backup"
pattern = "backups.*"
alerts = ["pagerduty", "mail-alert"]

[alerts.mail-alert]
mail = "[email protected]"
[alerts.pagerduty]
script = "alert-pagerduty.sh"

but i can't figure out the syntax to add another alarm. Thanks

unsync avatar May 23 '17 19:05 unsync

Found my answer about alarms reading the docs of https://github.com/BurntSushi/toml

[[alarms]]
name = "backup"
pattern = "backups.*"
alerts = ["pagerduty"]

[[alarms]]
name = "uptime"
pattern = "uptime.*"
alerts = ["pagerduty"]

[alerts.pagerduty]
script = "alert-pagerduty.sh"

[alerts.mail-alert]
mail = "[email protected]"

unsync avatar May 23 '17 20:05 unsync