feat: clear unused env variables, update deployment scripts and add webhook auth

Author: m-dilorenzi

.env.example

@@ -8,10 +8,6 @@ ENVIRONMENT=production  # production or local
 TZ=Europe/Rome
 PHP_VERSION=8.3         # PHP version to use in containers
 
-# Podman socket path (running using user root or personal user)
-# Leave it blank, it will be generated automatically
-PODMAN_SOCKET=
-
 # ============================================
 # DOMAIN CONFIGURATION
 # ============================================

README.md

@@ -22,18 +22,7 @@ The middleware handles alert lifecycle (firing/resolved) and intelligently updat
 
 To deploy the infrastructure, ensure the following prerequisites are met:
 
-1. **Configured SSH Key**:
-   - The user must have an SSH key configured on their system.
-   - The key must be authorized to access private repositories on GitHub.
-
-2. **Add GitHub to known_hosts**:
-   - Run the following command to add GitHub's fingerprint to the `known_hosts` file:
-     ```bash
-     ssh-keyscan github.com >> ~/.ssh/known_hosts
-     ```
-   - This command should be executed inside the user's `.ssh` directory.
-
-3. **System Requirements**:
+1. **System Requirements**:
    - **Bash**: Ensure Bash is installed as the default shell.
    - **Podman**: Install Podman for container management.
    - **Podman-Compose**: Install Podman-Compose using the following commands to avoid issues with outdated versions:
@@ -143,7 +132,7 @@ nano middleware/config.json
 - `status_page_group`: Name of the group that will be created on the status page
 - `status_page_components`: Array of visible component names that belong to this group
 
-Each visible component referenced in your Prometheus labels must be mapped to a group in this configuration. The `setup.py` script will use this mapping to automatically create groups and organize components during initialization.
+Each visible component referenced in your Prometheus labels must be mapped to a group in this configuration. The `setup-components.py` script will use this mapping to automatically create groups and organize components during initialization.
 
 **Required Prometheus labels** for status page integration:
 
@@ -196,7 +185,6 @@ For local development (without HTTPS), ensure your `.env` is properly configured
 ENVIRONMENT=local
 CACHET_DOMAIN=localhost
 WEBHOOK_DOMAIN=localhost
-TRAEFIK_DOMAIN=localhost
 APP_ENV=local
 APP_DEBUG=true
 APP_URL=http://localhost:8080

deploy.sh

@@ -114,25 +114,22 @@ fi
 # Configure webhook authentication in Traefik middlewares
 echo ""
 echo "Configuring webhook authentication..."
-if [ -n "${WEBHOOK_USERNAME}" ] && [ -n "${WEBHOOK_PASSWORD}" ]; then
-    # Check if htpasswd is available
+if [ -n "${WEBHOOK_BASIC_AUTH}" ]; then
+    # Use the string specified in .env
+    sed -i "s|WEBHOOK_CREDENTIALS_PLACEHOLDER|${WEBHOOK_BASIC_AUTH}|g" traefik/dynamic/middlewares.yml
+    echo -e "${GREEN}✓${NC} Webhook authentication configured: ${WEBHOOK_BASIC_AUTH}"
+else
+    # Generate default authentication admin:admin
     if ! command -v htpasswd &> /dev/null; then
-        echo -e "${YELLOW}Warning: htpasswd not found. Installing apache2-utils...${NC}"
+        echo -e "${YELLOW}htpasswd not found. Installing apache2-utils...${NC}"
         sudo apt-get install -y apache2-utils || {
             echo -e "${RED}Error: Failed to install apache2-utils. Please install it manually.${NC}"
             exit 1
         }
     fi
-    
-    # Generate SHA hash for webhook credentials
-    WEBHOOK_HASH=$(htpasswd -nbs "${WEBHOOK_USERNAME}" "${WEBHOOK_PASSWORD}")
-    
-    # Update middlewares.yml with the generated hash
-    sed -i 's|.*WEBHOOK_CREDENTIALS_PLACEHOLDER.*|          - "'"${WEBHOOK_HASH}"'"|g' traefik/dynamic/middlewares.yml
-    
-    echo -e "${GREEN}✓${NC} Webhook authentication configured for user: ${WEBHOOK_USERNAME}"
-else
-    echo -e "${YELLOW}Warning: WEBHOOK_USERNAME or WEBHOOK_PASSWORD not set in .env${NC}"
+    DEFAULT_AUTH=$(htpasswd -nb admin admin | cut -d':' -f2)
+    sed -i "s|WEBHOOK_CREDENTIALS_PLACEHOLDER|admin:${DEFAULT_AUTH}|g" traefik/dynamic/middlewares.yml
+    echo -e "${YELLOW}Warning: WEBHOOK_BASIC_AUTH not set in .env. Using default admin:admin.${NC}"
 fi
 
 echo ""
@@ -214,8 +211,6 @@ echo "=========================================="
 echo "Starting Middleware, Initializing Components"
 echo "=========================================="
 
-fi
-
 # Start middleware container
 echo "Starting middleware container..."
 podman-compose up -d middleware
@@ -239,7 +234,7 @@ if [ $attempt -eq $max_attempts ]; then
     echo "If middleware keeps failing, check logs with: podman logs cachet-middleware"
 fi
 
-# Setup components (run setup.py) with user prompt
+# Setup components (run setup-components.py) with user prompt
 echo ""
 echo "Initializing Cachet components from Prometheus configuration..."
 if [ ! -f middleware/prometheus.yml ]; then
@@ -256,16 +251,16 @@ echo "  - Component groups: middleware/config.json"
 target_count=$(grep -c "status_page_alert: true" middleware/prometheus.yml || echo "0")
 echo "Found approximately ${target_count} targets with status_page_alert enabled"
 echo ""
-read -p "Do you want to run setup.py to create components? This will DELETE all existing components! (y/n) " -n 1 -r
+read -p "Do you want to run setup-components.py to create components? This will DELETE all existing components! (y/n) " -n 1 -r
 echo
 if [[ $REPLY =~ ^[Yy]$ ]]; then
-    echo "Running setup.py inside middleware container..."
-    if podman exec cachet-middleware python3 /app/setup.py --file /app/prometheus.yml; then
+    echo "Running setup-components.py inside middleware container..."
+    if podman exec cachet-middleware python3 /app/setup-components.py --file /app/prometheus.yml; then
         echo -e "${GREEN}✓${NC} Components created successfully!"
     else
         echo -e "${RED}❌${NC} Failed to create components"
-        echo "You can run setup.py manually with:"
-        echo "  podman exec cachet-middleware python3 /app/setup.py --file /app/prometheus.yml"
+        echo "You can run setup-components.py manually with:"
+        echo "  podman exec cachet-middleware python3 /app/setup-components.py --file /app/prometheus.yml"
         exit 1
     fi
 else

middleware/Dockerfile

@@ -30,7 +30,7 @@ WORKDIR /app
 # Copy application files
 COPY alerts-middleware.py .
 COPY healthcheck.py .
-COPY setup.py .
+COPY setup-components.py .
 
 # Make healthcheck script executable
 RUN chmod +x healthcheck.py

middleware/README.md

@@ -10,7 +10,7 @@ Python Flask middleware that receives webhook notifications from Prometheus Aler
 - **Critical Targets**: Special logic for critical targets (force Major Outage on visible components)
 - **Smart Status Calculation**: Calculates visible component status by aggregating invisible component statuses
 - **Intelligent Incident Management**: Creates incidents only when visible component goes to Major Outage
-- **YAML Configuration**: Automatic component setup from Prometheus file with `setup.py`
+- **YAML Configuration**: Automatic component setup from Prometheus file with `setup-components.py`
 
 ## Architecture
 

middleware/setup.py middleware/setup-components.pymiddleware/setup.py renamed to middleware/setup-components.py

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    webhook-auth:
+      basicAuth:
+        users:
+          - "WEBHOOK_CREDENTIALS_PLACEHOLDER"

traefik/dynamic/middlewares.yml.example

@@ -8,9 +8,6 @@ http:
         - websecure
       tls:
         certResolver: '{{ env "CERT_RESOLVER" | default "letsencrypt" }}'
-      middlewares:
-        - https-headers
-        - redirect-to-https
       {{ else }}
       entryPoints:
         - web
@@ -26,8 +23,9 @@ http:
         certResolver: '{{ env "CERT_RESOLVER" | default "letsencrypt" }}'
       middlewares:
         - webhook-auth
-        - redirect-to-https
       {{ else }}
       entryPoints:
         - web
+      middlewares:
+        - webhook-auth
       {{ end }}