HTTPS as an optional setting
This commit is contained in:
Sebastian Blasiak
parent
7962d5fd46
commit
1820d1119b
38
README.md
38
README.md
@ -17,18 +17,31 @@ If not - it will still take mentioned ~ 1 minute + time needed for docker instal
|
||||
|
||||
## Here is how to install:
|
||||
|
||||
### With certificates and HTTPS (optional):
|
||||
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
|
||||
|
||||
**If you want to have your Grafana insecure comment following lines in** *docker-compose.yml*:
|
||||
|
||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||
|
||||
|
||||
|
||||
Also comment these lines in "deploy_all.sh":
|
||||
Uncomment following lines in *docker-compose.yml*:
|
||||
|
||||
```bash
|
||||
...
|
||||
volumes:
|
||||
- grafana_lib:/var/lib/grafana
|
||||
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||
...
|
||||
environment:
|
||||
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
|
||||
...
|
||||
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||
...
|
||||
```
|
||||
|
||||
|
||||
Also uncomment these lines in "deploy_all.sh":
|
||||
|
||||
```bash
|
||||
## NOW LET'S SECURE GRAFANA
|
||||
# CHECKING OUT ORIGINAL FILE
|
||||
echo -e "checking out original docker-compose.yml"
|
||||
@ -48,10 +61,9 @@ echo -e "reverting: changing https to http"
|
||||
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||
```
|
||||
|
||||
Next execute:
|
||||
* $ clone the repository
|
||||
* $ cd to cloned dir
|
||||
* $ chmod +x ./deploy_all.sh; ./deploy_all.sh
|
||||
### Deployment:
|
||||
|
||||
$ ./deploy_all.sh
|
||||
|
||||
|
||||
Monitoring should be up and running http://_**hostname**_:3001/
|
||||
Monitoring should be up and running http://_**hostname**_:3001/ or https://_**hostname**_:3001/
|
||||
|
||||
@ -80,20 +80,20 @@ echo "adding dashboards..."
|
||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
||||
|
||||
|
||||
## NOW LET'S SECURE GRAFANA
|
||||
# CHECKING OUT ORIGINAL FILE
|
||||
echo -e "checking out original docker-compose.yml"
|
||||
git checkout docker-compose.yml
|
||||
|
||||
## STOPPING and REMOVING GRAFANA CONTAINER
|
||||
echo -e "stopping & removing grafana container"
|
||||
container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
||||
docker stop $container_id
|
||||
docker rm $container_id
|
||||
|
||||
# REPLACING HTTP with HTTPS
|
||||
echo -e "changing http to https"
|
||||
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
||||
docker-compose up -d grafana
|
||||
echo -e "reverting: changing https to http"
|
||||
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||
### NOW LET'S SECURE GRAFANA
|
||||
## CHECKING OUT ORIGINAL FILE
|
||||
#echo -e "checking out original docker-compose.yml"
|
||||
#git checkout docker-compose.yml
|
||||
#
|
||||
### STOPPING and REMOVING GRAFANA CONTAINER
|
||||
#echo -e "stopping & removing grafana container"
|
||||
#container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
||||
#docker stop $container_id
|
||||
#docker rm $container_id
|
||||
#
|
||||
## REPLACING HTTP with HTTPS
|
||||
#echo -e "changing http to https"
|
||||
#sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
||||
#docker-compose up -d grafana
|
||||
#echo -e "reverting: changing https to http"
|
||||
#sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||
|
||||
@ -35,8 +35,8 @@ services:
|
||||
- private
|
||||
volumes:
|
||||
- grafana_lib:/var/lib/grafana
|
||||
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
||||
environment:
|
||||
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||
@ -44,8 +44,8 @@ services:
|
||||
GF_SECURITY_ADMIN_USER: "admin"
|
||||
GF_SERVER_PROTOCOL: "http"
|
||||
GF_SERVER_DOMAIN: "sebson.ddns.net"
|
||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||
GF_SERVER_METRICS_ENABLED: "true"
|
||||
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
|
||||
INFLUXDB_URI: "http://influxdb:8086"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user