soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add Uptime Kuma monitoring template
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex Agent
2026-01-30 11:12:15 +01:00
parent 6ca0b50403
commit 9a8305d986
7 changed files with 767 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/ops/deployment/public-api-incident-playbook.md
View File

@@ -17,7 +17,7 @@ The playbook focuses on abuse, availability loss, and leaked content.
| 4xx/5xx spikes | Application logs (`storage/logs/laravel.log`), centralized logging | Look for repeated `Join token access denied` / `token_rate_limited` or unexpected 5xx. |
| Rate-limit triggers | Laravel log lines emitted from `EventPublicController::handleTokenFailure` | Contains IP + truncated token preview. |
| CDN/WAF alerts | Reverse proxy (if enabled) | Ensure 429/403 anomalies are forwarded to incident channel. |
| Synthetic monitors | Planned via `SEC-API-03` | Placeholder until monitors exist. |
| Synthetic monitors | Uptime Kuma (SEC-API-03) | Public uptime + guest API + support API health checks. |
Manual check commands:
@@ -26,6 +26,32 @@ php artisan log:tail --lines=200 | grep "Join token"
php artisan log:tail --lines=200 | grep "gallery"
```
## 1.1 Synthetic Monitors (Uptime Kuma)
Primary uptime:
- `GET /` (base domain) — HTTP 200-399.
Guest API (stable synthetic event tokens required):
- `GET /api/v1/events/{token}` — expect JSON containing `"slug"` or `"engagement_mode"`.
- `GET /api/v1/gallery/{token}` — expect JSON containing `"event"` or `"branding"`.
- `GET /api/v1/gallery/{token}/photos` — expect JSON containing `"data"`.
- `GET /api/v1/events/{token}/photos` — expect JSON containing `"data"`.
Support API health metrics (read-only token stored in Kuma):
- `GET /api/v1/support/tenants?per_page=1`
- `GET /api/v1/support/events?per_page=1`
- `GET /api/v1/support/photos?per_page=1`
Defaults:
- Interval: 60s
- Timeout: 10s
- Retries before alert: 2
Notes:
- Do not store bearer tokens in the repo; configure them directly in Kuma.
- If synthetic tokens rotate, guest monitors will flap. Keep a dedicated synthetic event/token.
- Import template: `docs/ops/deployment/uptime-kuma-import.template.json` (replace placeholders before import).
## 2. Severity Classification
| Level | Criteria | Examples |