HTTPS as an optional setting

This commit is contained in:
Sebastian Blasiak 2018-06-17 17:06:21 +02:00
parent 7962d5fd46
commit 1820d1119b
3 changed files with 46 additions and 34 deletions

View File

@ -17,18 +17,31 @@ If not - it will still take mentioned ~ 1 minute + time needed for docker instal
## Here is how to install:
### With certificates and HTTPS (optional):
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
**If you want to have your Grafana insecure comment following lines in** *docker-compose.yml*:
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
Also comment these lines in "deploy_all.sh":
Uncomment following lines in *docker-compose.yml*:
```bash
...
volumes:
- grafana_lib:/var/lib/grafana
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
...
environment:
GF_AUTH_ANONYMOUS_ENABLED: "false"
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
...
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
...
```
Also uncomment these lines in "deploy_all.sh":
```bash
## NOW LET'S SECURE GRAFANA
# CHECKING OUT ORIGINAL FILE
echo -e "checking out original docker-compose.yml"
@ -48,10 +61,9 @@ echo -e "reverting: changing https to http"
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
```
Next execute:
* $ clone the repository
* $ cd to cloned dir
* $ chmod +x ./deploy_all.sh; ./deploy_all.sh
### Deployment:
$ ./deploy_all.sh
Monitoring should be up and running http://_**hostname**_:3001/
Monitoring should be up and running http://_**hostname**_:3001/ or https://_**hostname**_:3001/

View File

@ -80,20 +80,20 @@ echo "adding dashboards..."
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
## NOW LET'S SECURE GRAFANA
# CHECKING OUT ORIGINAL FILE
echo -e "checking out original docker-compose.yml"
git checkout docker-compose.yml
## STOPPING and REMOVING GRAFANA CONTAINER
echo -e "stopping & removing grafana container"
container_id=$(docker container ls | grep grafana| awk '{print $1}')
docker stop $container_id
docker rm $container_id
# REPLACING HTTP with HTTPS
echo -e "changing http to https"
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
docker-compose up -d grafana
echo -e "reverting: changing https to http"
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
### NOW LET'S SECURE GRAFANA
## CHECKING OUT ORIGINAL FILE
#echo -e "checking out original docker-compose.yml"
#git checkout docker-compose.yml
#
### STOPPING and REMOVING GRAFANA CONTAINER
#echo -e "stopping & removing grafana container"
#container_id=$(docker container ls | grep grafana| awk '{print $1}')
#docker stop $container_id
#docker rm $container_id
#
## REPLACING HTTP with HTTPS
#echo -e "changing http to https"
#sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
#docker-compose up -d grafana
#echo -e "reverting: changing https to http"
#sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml

View File

@ -35,8 +35,8 @@ services:
- private
volumes:
- grafana_lib:/var/lib/grafana
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
- ${PWD}/grafana/:/var/lib/grafana/ds/
environment:
GF_AUTH_ANONYMOUS_ENABLED: "false"
@ -44,8 +44,8 @@ services:
GF_SECURITY_ADMIN_USER: "admin"
GF_SERVER_PROTOCOL: "http"
GF_SERVER_DOMAIN: "sebson.ddns.net"
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
GF_SERVER_METRICS_ENABLED: "true"
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
INFLUXDB_URI: "http://influxdb:8086"