Skip to content

Refactor: IP 화이트 리스트 설정으로 모니터링 도구 접근 제한 #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Bumnote merged 1 commit into from
Jul 20, 2025
Merged

Refactor: IP 화이트 리스트 설정으로 모니터링 도구 접근 제한 #49

Bumnote merged 1 commit into from
Jul 20, 2025

Conversation

@Bumnote
Copy link
Member

@Bumnote Bumnote commented Jul 20, 2025

#️⃣ 연관된 이슈

issue #32

📝 작업 내용

  • 프로메테우스, 그라파나 모니터링 도구의 접근을 IP 기반 접근 제한을 두었습니다.
  • 2명의 개발자의 작업공간 공인 IP 에서만 접근이 가능합니다.
  • deploy.sh 자동화 쉘 스크립트를 실행했을 때, 화이트 리스트를 적용하기 위해서 동작을 수정했습니다.
  • deploy.sh 실행 시, Permission denied 오류를 해결하기 위해서 sudo 명령어를 추가했습니다.

💬 리뷰 요구사항

리뷰어가 특별히 봐주었으면 하는 부분이 있다면 작성해주세요

@Bumnote
Refactor: IP 화이트 리스트 설정으로 모니터링 도구 접근 제한 (#32)
ddc7f7f 
- 프로메테우스, 그라파나 모니터링 도구의 접근을 IP 기반 접근 제한을 두었습니다.
- 2명의 개발자의 작업공간 공인 IP 에서만 접근이 가능합니다.
- deploy.sh 자동화 쉘 스크립트를 실행했을 때, 화이트 리스트를 적용하기 위해서 동작을 수정했습니다.
- deploy.sh 실행 시, Permission denied 오류를 해결하기 위해서 sudo 명령어를 추가했습니다.

issue #32
@Bumnote Bumnote requested review from Oilwoo and Copilot July 20, 2025 16:05
@Bumnote Bumnote self-assigned this Jul 20, 2025
Copilot AI reviewed Jul 20, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements IP-based access control for monitoring tools (Prometheus and Grafana) by introducing a whitelist configuration system. The changes restrict access to these monitoring tools to only specified developer IPs and address permission issues in the deployment script.

  • Refactored whitelist file naming from allowed_ips.conf to allowed_ips.rules
  • Modified deployment script to use sudo commands for file operations to resolve permission errors
  • Updated Nginx configuration to apply IP whitelist restrictions to Grafana and Prometheus endpoints
  • Enhanced Docker Compose configuration with persistent volumes and dependency management

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
scripts/deploy.sh Updated whitelist file name and added sudo commands for file operations
nginx/nginx-prod.conf Applied IP whitelist restrictions to monitoring endpoints and updated include path
docker-compose.yml Added persistent volumes for monitoring data and improved service dependencies
Comments suppressed due to low confidence (3)

docker-compose.yml
image: prom/prometheus
container_name: prometheus
volumes:
- ./data/prometheus:/prometheus
Copy link

Copilot AI Jul 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The volume mapping ./data/prometheus:/prometheus may conflict with Prometheus's default data directory. Consider using /prometheus/data as the container path or ensure the host directory has proper permissions for the prometheus user (UID 65534).

Suggested change
- ./data/prometheus:/prometheus
- ./data/prometheus:/prometheus/data

Copilot uses AI. Check for mistakes.
docker-compose.yml
ports:
- "3000:3000"
volumes:
- ./data/grafana:/var/lib/grafana
Copy link

Copilot AI Jul 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have both ./data/grafana:/var/lib/grafana and grafana-storage:/var/lib/grafana mounting to the same container path. This will cause the named volume to be ignored. Consider removing one of these volume mappings to avoid conflicts.

Suggested change
- ./data/grafana:/var/lib/grafana

Copilot uses AI. Check for mistakes.
@github-actions
Copy link

github-actions bot commented Jul 20, 2025

Test Results

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit ddc7f7f. ± Comparison against base commit 8a23701.

@Bumnote Bumnote merged commit c510b53 into dev Jul 20, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Oilwoo Oilwoo Awaiting requested review from Oilwoo

Assignees

@Bumnote Bumnote

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Bumnote