From 1820d1119b646d9462785f5ff1297a4701447403 Mon Sep 17 00:00:00 2001
From: Sebastian Blasiak <sebastian.blasiak@zoomint.com>
Date: Sun, 17 Jun 2018 17:06:21 +0200
Subject: [PATCH 1/2] HTTPS as an optional setting

---
 README.md          | 38 +++++++++++++++++++++++++-------------
 deploy_all.sh      | 34 +++++++++++++++++-----------------
 docker-compose.yml |  8 ++++----
 3 files changed, 46 insertions(+), 34 deletions(-)

diff --git a/README.md b/README.md
index ecca8c0..5ac8cb8 100644
--- a/README.md
+++ b/README.md
@@ -17,18 +17,31 @@ If not - it will still take mentioned ~ 1 minute + time needed for docker instal
 
 ## Here is how to install:
 
+### With certificates and HTTPS (optional):
 Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
 
-**If you want to have your Grafana insecure comment following lines in** *docker-compose.yml*:
-
-        GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
-        GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
-
-
-
-Also comment these lines in "deploy_all.sh":
+Uncomment following lines in *docker-compose.yml*:
 
+```bash
+...
+      volumes:
+        - grafana_lib:/var/lib/grafana
+#        - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
+#        - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
+...
+       environment:
+         GF_AUTH_ANONYMOUS_ENABLED: "false"
+         GF_SECURITY_ADMIN_PASSWORD: "nimda321"
+...
+#        GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
+#        GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
+...
 ```
+
+
+Also uncomment these lines in "deploy_all.sh":
+
+```bash
 ## NOW LET'S SECURE GRAFANA
 # CHECKING OUT ORIGINAL FILE
 echo -e "checking out original docker-compose.yml"
@@ -48,10 +61,9 @@ echo -e "reverting: changing https to http"
 sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
 ```
 
-Next execute:
-* $ clone the repository
-* $ cd to cloned dir
-* $ chmod +x ./deploy_all.sh; ./deploy_all.sh
+### Deployment: 
+
+$ ./deploy_all.sh
 
 
-    Monitoring should be up and running http://_**hostname**_:3001/
+    Monitoring should be up and running http://_**hostname**_:3001/ or https://_**hostname**_:3001/ 
diff --git a/deploy_all.sh b/deploy_all.sh
index 5aec4a2..ff54641 100755
--- a/deploy_all.sh
+++ b/deploy_all.sh
@@ -80,20 +80,20 @@ echo "adding dashboards..."
 docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
 
 
-## NOW LET'S SECURE GRAFANA
-# CHECKING OUT ORIGINAL FILE
-echo -e "checking out original docker-compose.yml"
-git checkout docker-compose.yml
-
-## STOPPING and REMOVING GRAFANA CONTAINER
-echo -e "stopping & removing grafana container"
-container_id=$(docker container ls | grep grafana| awk '{print $1}')
-docker stop $container_id
-docker rm $container_id
-
-# REPLACING HTTP with HTTPS
-echo -e "changing http to https"
-sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
-docker-compose up -d grafana
-echo -e "reverting: changing https to http"
-sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
+### NOW LET'S SECURE GRAFANA
+## CHECKING OUT ORIGINAL FILE
+#echo -e "checking out original docker-compose.yml"
+#git checkout docker-compose.yml
+#
+### STOPPING and REMOVING GRAFANA CONTAINER
+#echo -e "stopping & removing grafana container"
+#container_id=$(docker container ls | grep grafana| awk '{print $1}')
+#docker stop $container_id
+#docker rm $container_id
+#
+## REPLACING HTTP with HTTPS
+#echo -e "changing http to https"
+#sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
+#docker-compose up -d grafana
+#echo -e "reverting: changing https to http"
+#sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
diff --git a/docker-compose.yml b/docker-compose.yml
index b5a5710..37ffff2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,8 +35,8 @@ services:
         - private
       volumes:
         - grafana_lib:/var/lib/grafana
-        - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
-        - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
+#        - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
+#        - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
         - ${PWD}/grafana/:/var/lib/grafana/ds/
       environment:
         GF_AUTH_ANONYMOUS_ENABLED: "false"
@@ -44,8 +44,8 @@ services:
         GF_SECURITY_ADMIN_USER: "admin"
         GF_SERVER_PROTOCOL: "http"
         GF_SERVER_DOMAIN: "sebson.ddns.net"
-        GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
-        GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
+#        GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
+#        GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
         GF_SERVER_METRICS_ENABLED: "true"
         GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
         INFLUXDB_URI: "http://influxdb:8086"

From 8cbe6ecd5b75cad542f85b8211e45627f9fea493 Mon Sep 17 00:00:00 2001
From: seba <sebastian.blasiak@gmail.com>
Date: Tue, 19 Jun 2018 17:12:39 +0200
Subject: [PATCH 2/2] optional https

---
 .gitignore         |  3 +++
 deploy_all.sh      |  5 +----
 docker-compose.yml | 10 +++++-----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index 4e3c714..6843d35 100644
--- a/.gitignore
+++ b/.gitignore
@@ -71,3 +71,6 @@ monitoring/monitoring_*_dir
 **/*.bak_remove
 **/*.wrapped
 data
+
+# Keys
+**/*.pem
diff --git a/deploy_all.sh b/deploy_all.sh
index ff54641..4885908 100755
--- a/deploy_all.sh
+++ b/deploy_all.sh
@@ -81,15 +81,12 @@ docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
 
 
 ### NOW LET'S SECURE GRAFANA
-## CHECKING OUT ORIGINAL FILE
-#echo -e "checking out original docker-compose.yml"
-#git checkout docker-compose.yml
-#
 ### STOPPING and REMOVING GRAFANA CONTAINER
 #echo -e "stopping & removing grafana container"
 #container_id=$(docker container ls | grep grafana| awk '{print $1}')
 #docker stop $container_id
 #docker rm $container_id
+#find grafana -name '*.pem' -exec chmod 666 {} \;
 #
 ## REPLACING HTTP with HTTPS
 #echo -e "changing http to https"
diff --git a/docker-compose.yml b/docker-compose.yml
index 37ffff2..383e3e3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,8 +35,8 @@ services:
         - private
       volumes:
         - grafana_lib:/var/lib/grafana
-#        - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
-#        - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
+#        - ${PWD}/grafana/privkey1.pem:/privkey1.pem:ro
+#        - ${PWD}/grafana/fullchain1.pem:/fullchain1.pem:ro
         - ${PWD}/grafana/:/var/lib/grafana/ds/
       environment:
         GF_AUTH_ANONYMOUS_ENABLED: "false"
@@ -44,8 +44,8 @@ services:
         GF_SECURITY_ADMIN_USER: "admin"
         GF_SERVER_PROTOCOL: "http"
         GF_SERVER_DOMAIN: "sebson.ddns.net"
-#        GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
-#        GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
+#        GF_SERVER_CERT_FILE: "/fullchain1.pem"
+#        GF_SERVER_CERT_KEY: "/privkey1.pem"
         GF_SERVER_METRICS_ENABLED: "true"
         GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
         INFLUXDB_URI: "http://influxdb:8086"
@@ -102,7 +102,7 @@ services:
       - /var/run:/var/run:rw
       - /sys:/sys:ro
       - /var/lib/docker/:/var/lib/docker:ro
-      #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
+      - /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
     restart: unless-stopped
     expose:
       - 8080