You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

535 lines
23 KiB

10 years ago
9 years ago
9 years ago
9 years ago
9 years ago
10 years ago
10 years ago
10 years ago
5 years ago
update Readme with pip install dependencies pip install will fail when you cannot compile some of the dependencies. one is gcc the other is the Python.h ``` Building wheels for collected packages: rcssmin, rjsmin Running setup.py bdist_wheel for rcssmin ... error Complete output from command /home/ubuntu/webapps/hc-venv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-ipfho29k/rcssmin/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/pip-wheel-u0q6mggl --python-tag cp36: running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-3.6 copying ./rcssmin.py -> build/lib.linux-x86_64-3.6 running build_ext building '_rcssmin' extension creating build/temp.linux-x86_64-3.6 x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DEXT_MODULE=_rcssmin -UEXT_PACKAGE -I_setup/include -I/usr/include/python3.6m -I/home/ubuntu/webapps/hc-venv/include/python3.6m -c rcssmin.c -o build/temp.linux-x86_64-3.6/rcssmin.o unable to execute 'x86_64-linux-gnu-gcc': No such file or directory error: command 'x86_64-linux-gnu-gcc' failed with exit status 1 ---------------------------------------- Failed building wheel for rcssmin Running setup.py clean for rcssmin Running setup.py bdist_wheel for rjsmin ... error Complete output from command /home/ubuntu/webapps/hc-venv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-ipfho29k/rjsmin/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/pip-wheel-axnaq3w9 --python-tag cp36: running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-3.6 copying ./rjsmin.py -> build/lib.linux-x86_64-3.6 running build_ext building '_rjsmin' extension creating build/temp.linux-x86_64-3.6 x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DEXT_MODULE=_rjsmin -UEXT_PACKAGE -I_setup/include -I/usr/include/python3.6m -I/home/ubuntu/webapps/hc-venv/include/python3.6m -c rjsmin.c -o build/temp.linux-x86_64-3.6/rjsmin.o unable to execute 'x86_64-linux-gnu-gcc': No such file or directory error: command 'x86_64-linux-gnu-gcc' failed with exit status 1 ``` ``` Running setup.py bdist_wheel for rjsmin ... error Complete output from command /home/ubuntu/webapps/hc-venv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-cfntw7bo/rjsmin/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/pip-wheel-ytqxu9_b --python-tag cp36: running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-3.6 copying ./rjsmin.py -> build/lib.linux-x86_64-3.6 running build_ext building '_rjsmin' extension creating build/temp.linux-x86_64-3.6 x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DEXT_MODULE=_rjsmin -UEXT_PACKAGE -I_setup/include -I/usr/include/python3.6m -I/home/ubuntu/webapps/hc-venv/include/python3.6m -c rjsmin.c -o build/temp.linux-x86_64-3.6/rjsmin.o In file included from rjsmin.c:18:0: _setup/include/cext.h:34:10: fatal error: Python.h: No such file or directory #include "Python.h" ^~~~~~~~~~ compilation terminated. ```
6 years ago
6 years ago
update Readme with pip install dependencies pip install will fail when you cannot compile some of the dependencies. one is gcc the other is the Python.h ``` Building wheels for collected packages: rcssmin, rjsmin Running setup.py bdist_wheel for rcssmin ... error Complete output from command /home/ubuntu/webapps/hc-venv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-ipfho29k/rcssmin/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/pip-wheel-u0q6mggl --python-tag cp36: running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-3.6 copying ./rcssmin.py -> build/lib.linux-x86_64-3.6 running build_ext building '_rcssmin' extension creating build/temp.linux-x86_64-3.6 x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DEXT_MODULE=_rcssmin -UEXT_PACKAGE -I_setup/include -I/usr/include/python3.6m -I/home/ubuntu/webapps/hc-venv/include/python3.6m -c rcssmin.c -o build/temp.linux-x86_64-3.6/rcssmin.o unable to execute 'x86_64-linux-gnu-gcc': No such file or directory error: command 'x86_64-linux-gnu-gcc' failed with exit status 1 ---------------------------------------- Failed building wheel for rcssmin Running setup.py clean for rcssmin Running setup.py bdist_wheel for rjsmin ... error Complete output from command /home/ubuntu/webapps/hc-venv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-ipfho29k/rjsmin/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/pip-wheel-axnaq3w9 --python-tag cp36: running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-3.6 copying ./rjsmin.py -> build/lib.linux-x86_64-3.6 running build_ext building '_rjsmin' extension creating build/temp.linux-x86_64-3.6 x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DEXT_MODULE=_rjsmin -UEXT_PACKAGE -I_setup/include -I/usr/include/python3.6m -I/home/ubuntu/webapps/hc-venv/include/python3.6m -c rjsmin.c -o build/temp.linux-x86_64-3.6/rjsmin.o unable to execute 'x86_64-linux-gnu-gcc': No such file or directory error: command 'x86_64-linux-gnu-gcc' failed with exit status 1 ``` ``` Running setup.py bdist_wheel for rjsmin ... error Complete output from command /home/ubuntu/webapps/hc-venv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-cfntw7bo/rjsmin/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/pip-wheel-ytqxu9_b --python-tag cp36: running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-3.6 copying ./rjsmin.py -> build/lib.linux-x86_64-3.6 running build_ext building '_rjsmin' extension creating build/temp.linux-x86_64-3.6 x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DEXT_MODULE=_rjsmin -UEXT_PACKAGE -I_setup/include -I/usr/include/python3.6m -I/home/ubuntu/webapps/hc-venv/include/python3.6m -c rjsmin.c -o build/temp.linux-x86_64-3.6/rjsmin.o In file included from rjsmin.c:18:0: _setup/include/cext.h:34:10: fatal error: Python.h: No such file or directory #include "Python.h" ^~~~~~~~~~ compilation terminated. ```
6 years ago
10 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
  1. # Healthchecks
  2. ![Build Status](https://github.com/healthchecks/healthchecks/workflows/Django%20CI/badge.svg)
  3. [![Coverage Status](https://coveralls.io/repos/healthchecks/healthchecks/badge.svg?branch=master&service=github)](https://coveralls.io/github/healthchecks/healthchecks?branch=master)
  4. ![Screenshot of Welcome page](/static/img/welcome.png?raw=true "Welcome Page")
  5. ![Screenshot of My Checks page](/static/img/my_checks.png?raw=true "My Checks Page")
  6. ![Screenshot of Period/Grace dialog](/static/img/period_grace.png?raw=true "Period/Grace Dialog")
  7. ![Screenshot of Cron dialog](/static/img/cron.png?raw=true "Cron Dialog")
  8. ![Screenshot of Integrations page](/static/img/channels.png?raw=true "Integrations Page")
  9. healthchecks is a watchdog for your cron jobs. It's a web server that listens for pings from your cron jobs, plus a web interface.
  10. It is live here: [http://healthchecks.io/](http://healthchecks.io/)
  11. The building blocks are:
  12. * Python 3.6+
  13. * Django 3
  14. * PostgreSQL or MySQL
  15. ## Setting Up for Development
  16. These are instructions for setting up healthchecks Django app
  17. in development environment.
  18. * install dependencies (Debian/Ubuntu)
  19. $ sudo apt-get update
  20. $ sudo apt-get install -y gcc python3-dev python3-venv
  21. * prepare directory for project code and virtualenv:
  22. $ mkdir -p ~/webapps
  23. $ cd ~/webapps
  24. * prepare virtual environment
  25. (with virtualenv you get pip, we'll use it soon to install requirements):
  26. $ python3 -m venv hc-venv
  27. $ source hc-venv/bin/activate
  28. * check out project code:
  29. $ git clone https://github.com/healthchecks/healthchecks.git
  30. * install requirements (Django, ...) into virtualenv:
  31. $ pip install -r healthchecks/requirements.txt
  32. * healthchecks is configured to use a SQLite database by default. To use
  33. PostgreSQL or MySQL database, create and edit `hc/local_settings.py` file.
  34. There is a template you can copy and edit as needed:
  35. $ cd ~/webapps/healthchecks
  36. $ cp hc/local_settings.py.example hc/local_settings.py
  37. * create database tables and the superuser account:
  38. $ cd ~/webapps/healthchecks
  39. $ ./manage.py migrate
  40. $ ./manage.py createsuperuser
  41. * run development server:
  42. $ ./manage.py runserver
  43. The site should now be running at `http://localhost:8000`.
  44. To access Django administration site, log in as a super user, then
  45. visit `http://localhost:8000/admin`
  46. ## Configuration
  47. Healthchecks prepares its configuration in `hc/settings.py`. It reads configuration
  48. from two places:
  49. * environment variables (see the variable names in the table below)
  50. * it imports configuration for `hc/local_settings.py` file, if it exists
  51. You can use either mechanism, depending on what is more convenient. Using
  52. `hc/local_settings.py` allows more flexibility: you can set
  53. each and every [Django setting](https://docs.djangoproject.com/en/3.1/ref/settings/),
  54. you can run Python code to load configuration from an external source.
  55. Healthchecks reads configuration from the following environment variables:
  56. | Environment variable | Default value | Notes
  57. | -------------------- | ------------- | ----- |
  58. | [SECRET_KEY](https://docs.djangoproject.com/en/3.1/ref/settings/#secret-key) | `"---"`
  59. | [DEBUG](https://docs.djangoproject.com/en/3.1/ref/settings/#debug) | `True` | Set to `False` for production
  60. | [ALLOWED_HOSTS](https://docs.djangoproject.com/en/3.1/ref/settings/#allowed-hosts) | `*` | Separate multiple hosts with commas
  61. | [DEFAULT_FROM_EMAIL](https://docs.djangoproject.com/en/3.1/ref/settings/#default-from-email) | `"[email protected]"`
  62. | USE_PAYMENTS | `False`
  63. | REGISTRATION_OPEN | `True`
  64. | DB | `"sqlite"` | Set to `"postgres"` or `"mysql"`
  65. | [DB_HOST](https://docs.djangoproject.com/en/3.1/ref/settings/#host) | `""` *(empty string)*
  66. | [DB_PORT](https://docs.djangoproject.com/en/3.1/ref/settings/#port) | `""` *(empty string)*
  67. | [DB_NAME](https://docs.djangoproject.com/en/3.1/ref/settings/#name) | `"hc"` (PostgreSQL, MySQL) or `"/path/to/project/hc.sqlite"` (SQLite) | For SQLite, specify the full path to the database file.
  68. | [DB_USER](https://docs.djangoproject.com/en/3.1/ref/settings/#user) | `"postgres"` or `"root"`
  69. | [DB_PASSWORD](https://docs.djangoproject.com/en/3.1/ref/settings/#password) | `""` *(empty string)*
  70. | [DB_CONN_MAX_AGE](https://docs.djangoproject.com/en/3.1/ref/settings/#conn-max-age) | `0`
  71. | DB_SSLMODE | `"prefer"` | PostgreSQL-specific, [details](https://blog.github.com/2018-10-21-october21-incident-report/)
  72. | DB_TARGET_SESSION_ATTRS | `"read-write"` | PostgreSQL-specific, [details](https://www.postgresql.org/docs/10/static/libpq-connect.html#LIBPQ-CONNECT-TARGET-SESSION-ATTRS)
  73. | [EMAIL_HOST](https://docs.djangoproject.com/en/3.1/ref/settings/#email-host) | `""` *(empty string)*
  74. | [EMAIL_PORT](https://docs.djangoproject.com/en/3.1/ref/settings/#email-port) | `"587"`
  75. | [EMAIL_HOST_USER](https://docs.djangoproject.com/en/3.1/ref/settings/#email-host-user) | `""` *(empty string)*
  76. | [EMAIL_HOST_PASSWORD](https://docs.djangoproject.com/en/3.1/ref/settings/#email-host-password) | `""` *(empty string)*
  77. | [EMAIL_USE_TLS](https://docs.djangoproject.com/en/3.1/ref/settings/#email-use-tls) | `"True"`
  78. | EMAIL_USE_VERIFICATION | `"True"` | Whether to send confirmation links when adding email integrations
  79. | SITE_ROOT | `"http://localhost:8000"`
  80. | SITE_NAME | `"Mychecks"`
  81. | RP_ID | `None` | Enables WebAuthn support
  82. | MASTER_BADGE_LABEL | `"Mychecks"`
  83. | PING_ENDPOINT | `"http://localhost:8000/ping/"`
  84. | PING_EMAIL_DOMAIN | `"localhost"`
  85. | PING_BODY_LIMIT | 10000 | In bytes. Set to `None` to always log full request body
  86. | APPRISE_ENABLED | `"False"`
  87. | DISCORD_CLIENT_ID | `None`
  88. | DISCORD_CLIENT_SECRET | `None`
  89. | LINENOTIFY_CLIENT_ID | `None`
  90. | LINENOTIFY_CLIENT_SECRET | `None`
  91. | MATRIX_ACCESS_TOKEN | `None`
  92. | MATRIX_HOMESERVER | `None`
  93. | MATRIX_USER_ID | `None`
  94. | PD_VENDOR_KEY | `None`
  95. | PUSHBULLET_CLIENT_ID | `None`
  96. | PUSHBULLET_CLIENT_SECRET | `None`
  97. | PUSHOVER_API_TOKEN | `None`
  98. | PUSHOVER_EMERGENCY_EXPIRATION | `86400`
  99. | PUSHOVER_EMERGENCY_RETRY_DELAY | `300`
  100. | PUSHOVER_SUBSCRIPTION_URL | `None`
  101. | REMOTE_USER_HEADER | `None` | See [External Authentication](#external-authentication) for details.
  102. | SHELL_ENABLED | `"False"`
  103. | SIGNAL_CLI_USERNAME | `None`
  104. | SIGNAL_CLI_CMD | `signal-cli` | Path to the signal-cli executable
  105. | SLACK_CLIENT_ID | `None`
  106. | SLACK_CLIENT_SECRET | `None`
  107. | TELEGRAM_BOT_NAME | `"ExampleBot"`
  108. | TELEGRAM_TOKEN | `None`
  109. | TRELLO_APP_KEY | `None`
  110. | TWILIO_ACCOUNT | `None`
  111. | TWILIO_AUTH | `None`
  112. | TWILIO_FROM | `None`
  113. | TWILIO_USE_WHATSAPP | `"False"`
  114. Some useful settings keys to override are:
  115. `SITE_ROOT` is used to build fully qualified URLs for pings, and for use in
  116. emails and notifications. Example:
  117. ```python
  118. SITE_ROOT = "https://my-monitoring-project.com"
  119. ```
  120. `SITE_NAME` has the default value of "Mychecks" and is used throughout
  121. the templates. Replace it with your own name to personalize your installation.
  122. Example:
  123. ```python
  124. SITE_NAME = "My Monitoring Project"
  125. ```
  126. `REGISTRATION_OPEN` controls whether site visitors can create new accounts.
  127. Set it to `False` if you are setting up a private healthchecks instance, but
  128. it needs to be publicly accessible (so, for example, your cloud services
  129. can send pings).
  130. If you close new user registration, you can still selectively invite users
  131. to your team account.
  132. `EMAIL_USE_VERIFICATION` enables/disables the sending of a verification
  133. link when an email address is added to the list of notification methods.
  134. Set it to `False` if you are setting up a private healthchecks instance where
  135. you trust your users and want to avoid the extra verification step.
  136. `PING_BODY_LIMIT` sets the size limit in bytes for logged ping request bodies.
  137. The default value is 10000 (10 kilobytes). You can remove the limit altogether by
  138. setting this value to `None`.
  139. ## Database Configuration
  140. Database configuration is loaded from environment variables. If you
  141. need to use a non-standard configuration, you can override the
  142. database configuration in `hc/local_settings.py` like so:
  143. ```python
  144. DATABASES = {
  145. 'default': {
  146. 'ENGINE': 'django.db.backends.postgresql',
  147. 'NAME': 'your-database-name-here',
  148. 'USER': 'your-database-user-here',
  149. 'PASSWORD': 'your-database-password-here',
  150. 'TEST': {'CHARSET': 'UTF8'},
  151. 'OPTIONS': {
  152. ... your custom options here ...
  153. }
  154. }
  155. }
  156. ```
  157. ## Accessing Administration Panel
  158. healthchecks comes with Django's administration panel where you can manually
  159. view and modify user accounts, projects, checks, integrations etc. To access it,
  160. * if you haven't already, create a superuser account: `./manage.py createsuperuser`
  161. * log into the site using superuser credentials
  162. * in the top navigation, "Account" dropdown, select "Site Administration"
  163. ## Sending Emails
  164. healthchecks must be able to send email messages, so it can send out login
  165. links and alerts to users. Environment variables can be used to configure
  166. SMTP settings, or your may put your SMTP server configuration in
  167. `hc/local_settings.py` like so:
  168. ```python
  169. EMAIL_HOST = "your-smtp-server-here.com"
  170. EMAIL_PORT = 587
  171. EMAIL_HOST_USER = "username"
  172. EMAIL_HOST_PASSWORD = "password"
  173. EMAIL_USE_TLS = True
  174. ```
  175. For more information, have a look at Django documentation,
  176. [Sending Email](https://docs.djangoproject.com/en/1.10/topics/email/) section.
  177. ## Receiving Emails
  178. healthchecks comes with a `smtpd` management command, which starts up a
  179. SMTP listener service. With the command running, you can ping your
  180. checks by sending email messages
  181. to `[email protected]` email addresses.
  182. Start the SMTP listener on port 2525:
  183. $ ./manage.py smtpd --port 2525
  184. Send a test email:
  185. $ curl --url 'smtp://127.0.0.1:2525' \
  186. --mail-from '[email protected]' \
  187. --mail-rcpt '[email protected]' \
  188. -F '='
  189. ## Sending Status Notifications
  190. healtchecks comes with a `sendalerts` management command, which continuously
  191. polls database for any checks changing state, and sends out notifications as
  192. needed. Within an activated virtualenv, you can manually run
  193. the `sendalerts` command like so:
  194. $ ./manage.py sendalerts
  195. In a production setup, you will want to run this command from a process
  196. manager like [supervisor](http://supervisord.org/) or systemd.
  197. ## Database Cleanup
  198. With time and use the healthchecks database will grow in size. You may
  199. decide to prune old data: inactive user accounts, old checks not assigned
  200. to users, records of outgoing email messages and records of received pings.
  201. There are separate Django management commands for each task:
  202. * Remove old records from `api_ping` table. For each check, keep 100 most
  203. recent pings:
  204. ```
  205. $ ./manage.py prunepings
  206. ```
  207. * Remove old records of sent notifications. For each check, remove
  208. notifications that are older than the oldest stored ping for same check.
  209. ```
  210. $ ./manage.py prunenotifications
  211. ```
  212. * Remove user accounts that match either of these conditions:
  213. * Account was created more than 6 months ago, and user has never logged in.
  214. These can happen when user enters invalid email address when signing up.
  215. * Last login was more than 6 months ago, and the account has no checks.
  216. Assume the user doesn't intend to use the account any more and would
  217. probably *want* it removed.
  218. ```
  219. $ ./manage.py pruneusers
  220. ```
  221. * Remove old records from the `api_tokenbucket` table. The TokenBucket
  222. model is used for rate-limiting login attempts and similar operations.
  223. Any records older than one day can be safely removed.
  224. ```
  225. $ ./manage.py prunetokenbucket
  226. ```
  227. * Remove old records from the `api_flip` table. The Flip
  228. objects are used to track status changes of checks, and to calculate
  229. downtime statistics month by month. Flip objects from more than 3 months
  230. ago are not used and can be safely removed.
  231. ```
  232. $ ./manage.py pruneflips
  233. ```
  234. When you first try these commands on your data, it is a good idea to
  235. test them on a copy of your database, not on the live database right away.
  236. In a production setup, you should also have regular, automated database
  237. backups set up.
  238. ## Two-factor Authentication
  239. Healthchecks optionally supports two-factor authentication using the WebAuthn
  240. standard. To enable WebAuthn support, set the `RP_ID` (relying party identifier )
  241. setting to a non-null value. Set its value to your site's domain without scheme
  242. and without port. For example, if your site runs on `https://my-hc.example.org`,
  243. set `RP_ID` to `my-hc.example.org`.
  244. Note that WebAuthn requires HTTPS, even if running on localhost. To test WebAuthn
  245. locally with a self-signed certificate, you can use the `runsslserver` command
  246. from the `django-sslserver` package.
  247. ## External Authentication
  248. HealthChecks supports external authentication by means of HTTP headers set by
  249. reverse proxies or the WSGI server. This allows you to integrate it into your
  250. existing authentication system (e.g., LDAP or OAuth) via an authenticating proxy.
  251. When this option is enabled, **healtchecks will trust the header's value implicitly**,
  252. so it is **very important** to ensure that attackers cannot set the value themselves
  253. (and thus impersonate any user). How to do this varies by your chosen proxy,
  254. but generally involves configuring it to strip out headers that normalize to the
  255. same name as the chosen identity header.
  256. To enable this feature, set the `REMOTE_USER_HEADER` value to a header you wish to
  257. authenticate with. HTTP headers will be prefixed with `HTTP_` and have any dashes
  258. converted to underscores. Headers without that prefix can be set by the WSGI server
  259. itself only, which is more secure.
  260. When `REMOTE_USER_HEADER` is set, Healthchecks will:
  261. - assume the header contains user's email address
  262. - look up and automatically log in the user with a matching email address
  263. - automatically create an user account if it does not exist
  264. - disable the default authentication methods (login link to email, password)
  265. ## Integrations
  266. ### Slack
  267. To enable the Slack "self-service" integration, you will need to create a "Slack App".
  268. To do so:
  269. * Create a _new Slack app_ on https://api.slack.com/apps/
  270. * Add at least _one scope_ in the permissions section to be able to deploy the app in your workspace (By example `incoming-webhook` for the `Bot Token Scopes`
  271. https://api.slack.com/apps/APP_ID/oauth?).
  272. * Add a _redirect url_ in the format `SITE_ROOT/integrations/add_slack_btn/`.
  273. For example, if your SITE_ROOT is `https://my-hc.example.org` then the redirect URL would be
  274. `https://my-hc.example.org/integrations/add_slack_btn/`.
  275. * Look up your Slack app for the Client ID and Client Secret at https://api.slack.com/apps/APP_ID/general? . Put them
  276. in `SLACK_CLIENT_ID` and `SLACK_CLIENT_SECRET` environment
  277. variables.
  278. ### Discord
  279. To enable Discord integration, you will need to:
  280. * register a new application on https://discordapp.com/developers/applications/me
  281. * add a redirect URI to your Discord application. The URI format is
  282. `SITE_ROOT/integrations/add_discord/`. For example, if you are running a
  283. development server on `localhost:8000` then the redirect URI would be
  284. `http://localhost:8000/integrations/add_discord/`
  285. * Look up your Discord app's Client ID and Client Secret. Put them
  286. in `DISCORD_CLIENT_ID` and `DISCORD_CLIENT_SECRET` environment
  287. variables.
  288. ### Pushover
  289. Pushover integration works by creating an application on Pushover.net which
  290. is then subscribed to by Healthchecks users. The registration workflow is as follows:
  291. * On Healthchecks, the user adds a "Pushover" integration to a project
  292. * Healthchecks redirects user's browser to a Pushover.net subscription page
  293. * User approves adding the Healthchecks subscription to their Pushover account
  294. * Pushover.net HTTP redirects back to Healthchecks with a subscription token
  295. * Healthchecks saves the subscription token and uses it for sending Pushover
  296. notifications
  297. To enable the Pushover integration, you will need to:
  298. * Register a new application on Pushover via https://pushover.net/apps/build.
  299. * Within the Pushover 'application' configuration, enable subscriptions.
  300. Make sure the subscription type is set to "URL". Also make sure the redirect
  301. URL is configured to point back to the root of the Healthchecks instance
  302. (e.g., `http://healthchecks.example.com/`).
  303. * Put the Pushover application API Token and the Pushover subscription URL in
  304. `PUSHOVER_API_TOKEN` and `PUSHOVER_SUBSCRIPTION_URL` environment
  305. variables. The Pushover subscription URL should look similar to
  306. `https://pushover.net/subscribe/yourAppName-randomAlphaNumericData`.
  307. ### Signal
  308. Healthchecks uses [signal-cli](https://github.com/AsamK/signal-cli) to send Signal
  309. notifications. It requires the `signal-cli` program to be installed and available on
  310. the local machine.
  311. To send notifications, healthchecks executes "signal-cli send" calls.
  312. It does not handle phone number registration and verification. You must do that
  313. manually, before using the integration.
  314. To enable the Signal integration:
  315. * Download and install signal-cli in your preferred location
  316. (for example, in `/srv/signal-cli-0.7.2/`).
  317. * Register and verify phone number, or [link it](https://github.com/AsamK/signal-cli/wiki/Linking-other-devices-(Provisioning))
  318. to an existing registration.
  319. * Test your signal-cli configuration by sending a message manually from command line.
  320. * Put the sender phone number in the `SIGNAL_CLI_USERNAME` environment variable.
  321. Example: `SIGNAL_CLI_USERNAME=+123456789`.
  322. * If `signal-cli` is not in the system path, specify its path in `SIGNAL_CLI_CMD`.
  323. Example: `SIGNAL_CLI_CMD=/srv/signal-cli-0.7.2/bin/signal-cli`
  324. It is possible to use a separate system user for running signal-cli:
  325. * Create a separate system user, (for example, "signal-user").
  326. * Configure signal-cli while logged in as signal-user.
  327. * Change `SIGNAL_CLI_CMD` to run signal-cli through sudo:
  328. `sudo -u signal-user /srv/signal-cli-0.7.2/bin/signal-cli`.
  329. * Configure sudo to not require password. For example, if healthchecks
  330. runs under the www-data system user, the sudoers rule would be:
  331. `www-data ALL=(signal-user) NOPASSWD: /srv/signal-cli-0.7.2/bin/signal-cli`.
  332. ### Telegram
  333. * Create a Telegram bot by talking to the
  334. [BotFather](https://core.telegram.org/bots#6-botfather). Set the bot's name,
  335. description, user picture, and add a "/start" command.
  336. * After creating the bot you will have the bot's name and token. Put them
  337. in `TELEGRAM_BOT_NAME` and `TELEGRAM_TOKEN` environment variables.
  338. * Run `settelegramwebhook` management command. This command tells Telegram
  339. where to forward channel messages by invoking Telegram's
  340. [setWebhook](https://core.telegram.org/bots/api#setwebhook) API call:
  341. ```
  342. $ ./manage.py settelegramwebhook
  343. Done, Telegram's webhook set to: https://my-monitoring-project.com/integrations/telegram/bot/
  344. ```
  345. For this to work, your `SITE_ROOT` needs to be correct and use "https://"
  346. scheme.
  347. ### Apprise
  348. To enable Apprise integration, you will need to:
  349. * ensure you have apprise installed in your local environment:
  350. ```bash
  351. pip install apprise
  352. ```
  353. * enable the apprise functionality by setting the `APPRISE_ENABLED` environment variable.
  354. ### Shell Commands
  355. The "Shell Commands" integration runs user-defined local shell commands when checks
  356. go up or down. This integration is disabled by default, and can be enabled by setting
  357. the `SHELL_ENABLED` environment variable to `True`.
  358. Note: be careful when using "Shell Commands" integration, and only enable it when
  359. you fully trust the users of your Healthchecks instance. The commands will be executed
  360. by the `manage.py sendalerts` process, and will run with the same system permissions as
  361. the `sendalerts` process.
  362. ### Matrix
  363. To enable the Matrix integration you will need to:
  364. * Register a bot user (for posting notifications) in your preferred homeserver.
  365. * Use the [Login API call](https://www.matrix.org/docs/guides/client-server-api#login)
  366. to retrieve bot user's access token. You can run it as shown in the documentation,
  367. using curl in command shell.
  368. * Set the `MATRIX_` environment variables. Example:
  369. ```
  370. MATRIX_HOMESERVER=https://matrix.org
  371. MATRIX_USER_ID=@mychecks:matrix.org
  372. MATRIX_ACCESS_TOKEN=[a long string of characters returned by the login call]
  373. ```
  374. ## Running in Production
  375. Here is a non-exhaustive list of pointers and things to check before launching a Healthchecks instance
  376. in production.
  377. * Environment variables, settings.py and local_settings.py.
  378. * [DEBUG](https://docs.djangoproject.com/en/2.2/ref/settings/#debug). Make sure it is set to `False`.
  379. * [ALLOWED_HOSTS](https://docs.djangoproject.com/en/2.2/ref/settings/#allowed-hosts). Make sure it
  380. contains the correct domain name you want to use.
  381. * Server Errors. When DEBUG=False, Django will not show detailed error pages, and will not print exception
  382. tracebacks to standard output. To receive exception tracebacks in email,
  383. review and edit the [ADMINS](https://docs.djangoproject.com/en/2.2/ref/settings/#admins) and
  384. [SERVER_EMAIL](https://docs.djangoproject.com/en/2.2/ref/settings/#server-email) settings.
  385. Another good option for receiving exception tracebacks is to use [Sentry](https://sentry.io/for/django/).
  386. * Management commands that need to be run during each deployment.
  387. * This project uses [Django Compressor](https://django-compressor.readthedocs.io/en/stable/)
  388. to combine the CSS and JS files. It is configured for offline compression – run the
  389. `manage.py compress` command whenever files in the `/static/` directory change.
  390. * This project uses Django's [staticfiles app](https://docs.djangoproject.com/en/2.2/ref/contrib/staticfiles/).
  391. Run the `manage.py collectstatic` command whenever files in the `/static/`
  392. directory change. This command collects all the static files inside the `static-collected` directory.
  393. Configure your web server to serve files from this directory under the `/static/` prefix.
  394. * Database migration should be run after each update to make sure the database schemas are up to date. You can do that with `./manage.py migrate`.
  395. * Processes that need to be running constantly.
  396. * `manage.py runserver` is intended for development only. Do not use it in production,
  397. instead consider using [uWSGI](https://uwsgi-docs.readthedocs.io/en/latest/) or
  398. [gunicorn](https://gunicorn.org/).
  399. * Make sure the `manage.py sendalerts` command is running and can survive server restarts.
  400. On modern linux systems, a good option is to
  401. [define a systemd service](https://github.com/healthchecks/healthchecks/issues/273#issuecomment-520560304) for it.
  402. * General
  403. * Make sure the database is secured well and is getting backed up regularly
  404. * Make sure the TLS certificates are secured well and are getting refreshed regularly
  405. * Have monitoring in place to be sure the Healthchecks instance itself is operational
  406. (is accepting pings, is sending out alerts, is not running out of resources).