chore: update VPN routing configuration and add Grafana VPN documentation

2025-11-02 18:10:04 +01:00
parent 2dd8468d70
commit 7b7f0b41d2
41 changed files with 3727 additions and 11 deletions
--- a/deployment/ansible/playbooks/test-grafana-vpn-access.yml
+++ b/deployment/ansible/playbooks/test-grafana-vpn-access.yml
@@ -0,0 +1,99 @@
+---
+- name: Test Grafana VPN Access - Final Verification
+  hosts: production
+  gather_facts: no
+  become: no
+
+  tasks:
+    - name: Clear instruction
+      debug:
+        msg:
+          - "=== WICHTIG ==="
+          - "Bitte f?hre diese Tests auf Windows aus (mit VPN verbunden):"
+          - ""
+          - "1. Pr?fe ob Hosts-Datei korrekt ist:"
+          - "   type C:\\Windows\\System32\\drivers\\etc\\hosts | findstr grafana"
+          - "   Sollte zeigen: 10.8.0.1 grafana.michaelschiemer.de"
+          - ""
+          - "2. Pr?fe ob VPN verbunden ist:"
+          - "   ping 10.8.0.1"
+          - "   Sollte funktionieren (wenn VPN verbunden ist)"
+          - ""
+          - "3. Teste Grafana-Zugriff:"
+          - "   ?ffne https://grafana.michaelschiemer.de im Browser"
+          - ""
+          - "Dann pr?fe ich die Logs..."
+
+    - name: Wait for test
+      pause:
+        seconds: 15
+
+    - name: Check Traefik logs for Grafana access
+      shell: |
+        cd ~/deployment/stacks/traefik
+        echo "=== Last 10 Grafana Access Attempts ==="
+        tail -200 logs/access.log | grep -i grafana | tail -10 | while read line; do
+          client=$(echo "$line" | grep -oP '"ClientHost":"[^"]*"' | head -1)
+          time=$(echo "$line" | grep -oP '"time":"[^"]*"' | head -1)
+          status=$(echo "$line" | grep -oP '"DownstreamStatus":[0-9]+' | head -1)
+          echo "$time | $client | $status"
+        done
+      args:
+        executable: /bin/bash
+      register: recent_logs
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display recent logs
+      debug:
+        msg: "{{ recent_logs.stdout_lines }}"
+
+    - name: Extract unique client IPs
+      shell: |
+        cd ~/deployment/stacks/traefik
+        tail -50 logs/access.log | grep -i grafana | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | sort -u
+      args:
+        executable: /bin/bash
+      register: unique_ips
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display unique client IPs
+      debug:
+        msg: "{{ unique_ips.stdout_lines }}"
+
+    - name: Analyze client IPs
+      shell: |
+        cd ~/deployment/stacks/traefik
+        tail -20 logs/access.log | grep -i grafana | tail -5 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | while read ip; do
+          if [[ -z "$ip" ]]; then
+            continue
+          fi
+          if [[ "$ip" =~ ^10\.8\.0\.[0-9]+$ ]]; then
+            echo "? $ip -> VPN IP (10.8.0.0/24) - Traffic kommt ?ber VPN!"
+          elif [[ "$ip" == "89.246.96.244" ]]; then
+            echo "? $ip -> Deine ?ffentliche IP - Traffic kommt NICHT ?ber VPN (Hosts-Datei funktioniert, aber VPN-Routing nicht)"
+          else
+            echo "? $ip -> Unbekannte IP"
+          fi
+        done
+      args:
+        executable: /bin/bash
+      register: ip_analysis
+      ignore_errors: yes
+      failed_when: false
+
+    - name: Display IP analysis
+      debug:
+        msg: "{{ ip_analysis.stdout_lines }}"
+
+    - name: Final recommendations
+      debug:
+        msg:
+          - ""
+          - "=== ERGEBNIS ==="
+          - "Wenn ClientHost: 10.8.0.7 ? Traffic kommt ?ber VPN ?"
+          - "? Dann k?nnen wir die tempor?re IP-Erlaubnis entfernen!"
+          - ""
+          - "Wenn ClientHost: 89.246.96.244 ? Traffic kommt NICHT ?ber VPN ?"
+          - "? Dann m?ssen wir pr?fen warum Hosts-Datei nicht ?ber VPN-Routing funktioniert"