mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 09:33:25 +00:00 
			
		
		
		
	Revert "security** node-exporter data & port publicly exposed"
This reverts commit d0cd709c08.
			
			
This commit is contained in:
		| @@ -18,5 +18,5 @@ matrix_prometheus_node_exporter_systemd_wanted_services_list: [] | ||||
|  | ||||
| # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). | ||||
| # | ||||
| # Takes an "<ip>:<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose. | ||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose. | ||||
| matrix_prometheus_node_exporter_container_http_host_bind_port: '' | ||||
|   | ||||
| @@ -22,6 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod | ||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--read-only \ | ||||
| 			{% if matrix_prometheus_node_exporter_container_http_host_bind_port %} | ||||
| 			-p {{ matrix_prometheus_node_exporter_container_http_host_bind_port }}:9100 \ | ||||
| 			{% endif %} | ||||
| 			{% for arg in matrix_prometheus_node_exporter_container_extra_arguments %} | ||||
| 			{{ arg }} \ | ||||
| 			{% endfor %} | ||||
| @@ -29,12 +32,6 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod | ||||
| 			--pid=host \ | ||||
| 			--mount type=bind,src=/,dst=/host,ro,bind-propagation=rslave \ | ||||
| 			{{ matrix_prometheus_node_exporter_docker_image }} \ | ||||
|                         {{ matrix_prometheus_node_exporter_docker_image }} \ | ||||
|                         {% if matrix_prometheus_node_exporter_container_http_host_bind_port %} | ||||
|                         --web.listen-address={{ matrix_prometheus_node_exporter_container_http_host_bind_port }} \ | ||||
|                         {% else %} | ||||
|                         --web.listen-address=localhost:9100 \ | ||||
|                         {% endif %} | ||||
| 			--path.rootfs=/host | ||||
|  | ||||
| ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' | ||||
|   | ||||
		Reference in New Issue
	
	Block a user