HTTPS as an optional setting
This commit is contained in:
Sebastian Blasiak
parent
7962d5fd46
commit
1820d1119b
38
README.md
38
README.md
@ -17,18 +17,31 @@ If not - it will still take mentioned ~ 1 minute + time needed for docker instal
|
|||||||
|
|
||||||
## Here is how to install:
|
## Here is how to install:
|
||||||
|
|
||||||
|
### With certificates and HTTPS (optional):
|
||||||
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
|
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
|
||||||
|
|
||||||
**If you want to have your Grafana insecure comment following lines in** *docker-compose.yml*:
|
Uncomment following lines in *docker-compose.yml*:
|
||||||
|
|
||||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
|
||||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Also comment these lines in "deploy_all.sh":
|
|
||||||
|
|
||||||
|
```bash
|
||||||
|
...
|
||||||
|
volumes:
|
||||||
|
- grafana_lib:/var/lib/grafana
|
||||||
|
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||||
|
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||||
|
...
|
||||||
|
environment:
|
||||||
|
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||||
|
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
|
||||||
|
...
|
||||||
|
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||||
|
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||||
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Also uncomment these lines in "deploy_all.sh":
|
||||||
|
|
||||||
|
```bash
|
||||||
## NOW LET'S SECURE GRAFANA
|
## NOW LET'S SECURE GRAFANA
|
||||||
# CHECKING OUT ORIGINAL FILE
|
# CHECKING OUT ORIGINAL FILE
|
||||||
echo -e "checking out original docker-compose.yml"
|
echo -e "checking out original docker-compose.yml"
|
||||||
@ -48,10 +61,9 @@ echo -e "reverting: changing https to http"
|
|||||||
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
Next execute:
|
### Deployment:
|
||||||
* $ clone the repository
|
|
||||||
* $ cd to cloned dir
|
$ ./deploy_all.sh
|
||||||
* $ chmod +x ./deploy_all.sh; ./deploy_all.sh
|
|
||||||
|
|
||||||
|
|
||||||
Monitoring should be up and running http://_**hostname**_:3001/
|
Monitoring should be up and running http://_**hostname**_:3001/ or https://_**hostname**_:3001/
|
||||||
|
|||||||
@ -80,20 +80,20 @@ echo "adding dashboards..."
|
|||||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
||||||
|
|
||||||
|
|
||||||
## NOW LET'S SECURE GRAFANA
|
### NOW LET'S SECURE GRAFANA
|
||||||
# CHECKING OUT ORIGINAL FILE
|
## CHECKING OUT ORIGINAL FILE
|
||||||
echo -e "checking out original docker-compose.yml"
|
#echo -e "checking out original docker-compose.yml"
|
||||||
git checkout docker-compose.yml
|
#git checkout docker-compose.yml
|
||||||
|
#
|
||||||
## STOPPING and REMOVING GRAFANA CONTAINER
|
### STOPPING and REMOVING GRAFANA CONTAINER
|
||||||
echo -e "stopping & removing grafana container"
|
#echo -e "stopping & removing grafana container"
|
||||||
container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
#container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
||||||
docker stop $container_id
|
#docker stop $container_id
|
||||||
docker rm $container_id
|
#docker rm $container_id
|
||||||
|
#
|
||||||
# REPLACING HTTP with HTTPS
|
## REPLACING HTTP with HTTPS
|
||||||
echo -e "changing http to https"
|
#echo -e "changing http to https"
|
||||||
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
#sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
||||||
docker-compose up -d grafana
|
#docker-compose up -d grafana
|
||||||
echo -e "reverting: changing https to http"
|
#echo -e "reverting: changing https to http"
|
||||||
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
#sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||||
|
|||||||
@ -35,8 +35,8 @@ services:
|
|||||||
- private
|
- private
|
||||||
volumes:
|
volumes:
|
||||||
- grafana_lib:/var/lib/grafana
|
- grafana_lib:/var/lib/grafana
|
||||||
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||||
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||||
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
||||||
environment:
|
environment:
|
||||||
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||||
@ -44,8 +44,8 @@ services:
|
|||||||
GF_SECURITY_ADMIN_USER: "admin"
|
GF_SECURITY_ADMIN_USER: "admin"
|
||||||
GF_SERVER_PROTOCOL: "http"
|
GF_SERVER_PROTOCOL: "http"
|
||||||
GF_SERVER_DOMAIN: "sebson.ddns.net"
|
GF_SERVER_DOMAIN: "sebson.ddns.net"
|
||||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||||
GF_SERVER_METRICS_ENABLED: "true"
|
GF_SERVER_METRICS_ENABLED: "true"
|
||||||
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
|
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
|
||||||
INFLUXDB_URI: "http://influxdb:8086"
|
INFLUXDB_URI: "http://influxdb:8086"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user