HTTPS as an optional setting

This commit is contained in:
Sebastian Blasiak 2018-06-17 17:06:21 +02:00
parent 7962d5fd46
commit 1820d1119b
3 changed files with 46 additions and 34 deletions

View File

@ -17,18 +17,31 @@ If not - it will still take mentioned ~ 1 minute + time needed for docker instal
## Here is how to install: ## Here is how to install:
### With certificates and HTTPS (optional):
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem). Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
**If you want to have your Grafana insecure comment following lines in** *docker-compose.yml*: Uncomment following lines in *docker-compose.yml*:
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
Also comment these lines in "deploy_all.sh":
```bash
...
volumes:
- grafana_lib:/var/lib/grafana
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
...
environment:
GF_AUTH_ANONYMOUS_ENABLED: "false"
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
...
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
...
``` ```
Also uncomment these lines in "deploy_all.sh":
```bash
## NOW LET'S SECURE GRAFANA ## NOW LET'S SECURE GRAFANA
# CHECKING OUT ORIGINAL FILE # CHECKING OUT ORIGINAL FILE
echo -e "checking out original docker-compose.yml" echo -e "checking out original docker-compose.yml"
@ -48,10 +61,9 @@ echo -e "reverting: changing https to http"
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
``` ```
Next execute: ### Deployment:
* $ clone the repository
* $ cd to cloned dir $ ./deploy_all.sh
* $ chmod +x ./deploy_all.sh; ./deploy_all.sh
Monitoring should be up and running http://_**hostname**_:3001/ Monitoring should be up and running http://_**hostname**_:3001/ or https://_**hostname**_:3001/

View File

@ -80,20 +80,20 @@ echo "adding dashboards..."
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
## NOW LET'S SECURE GRAFANA ### NOW LET'S SECURE GRAFANA
# CHECKING OUT ORIGINAL FILE ## CHECKING OUT ORIGINAL FILE
echo -e "checking out original docker-compose.yml" #echo -e "checking out original docker-compose.yml"
git checkout docker-compose.yml #git checkout docker-compose.yml
#
## STOPPING and REMOVING GRAFANA CONTAINER ### STOPPING and REMOVING GRAFANA CONTAINER
echo -e "stopping & removing grafana container" #echo -e "stopping & removing grafana container"
container_id=$(docker container ls | grep grafana| awk '{print $1}') #container_id=$(docker container ls | grep grafana| awk '{print $1}')
docker stop $container_id #docker stop $container_id
docker rm $container_id #docker rm $container_id
#
# REPLACING HTTP with HTTPS ## REPLACING HTTP with HTTPS
echo -e "changing http to https" #echo -e "changing http to https"
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml #sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
docker-compose up -d grafana #docker-compose up -d grafana
echo -e "reverting: changing https to http" #echo -e "reverting: changing https to http"
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml #sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml

View File

@ -35,8 +35,8 @@ services:
- private - private
volumes: volumes:
- grafana_lib:/var/lib/grafana - grafana_lib:/var/lib/grafana
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro # - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro # - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
- ${PWD}/grafana/:/var/lib/grafana/ds/ - ${PWD}/grafana/:/var/lib/grafana/ds/
environment: environment:
GF_AUTH_ANONYMOUS_ENABLED: "false" GF_AUTH_ANONYMOUS_ENABLED: "false"
@ -44,8 +44,8 @@ services:
GF_SECURITY_ADMIN_USER: "admin" GF_SECURITY_ADMIN_USER: "admin"
GF_SERVER_PROTOCOL: "http" GF_SERVER_PROTOCOL: "http"
GF_SERVER_DOMAIN: "sebson.ddns.net" GF_SERVER_DOMAIN: "sebson.ddns.net"
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem" # GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem" # GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
GF_SERVER_METRICS_ENABLED: "true" GF_SERVER_METRICS_ENABLED: "true"
GF_SERVER_METRICS_INTERVAL_SECONDS: "10" GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
INFLUXDB_URI: "http://influxdb:8086" INFLUXDB_URI: "http://influxdb:8086"