Merge pull request #1 from blasebast/feature_optional_https

Feature optional https
This commit is contained in:
sebastian blasiak 2018-06-19 17:14:02 +02:00 committed by GitHub
commit 8409cbe751
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 47 additions and 35 deletions

3
.gitignore vendored
View File

@ -71,3 +71,6 @@ monitoring/monitoring_*_dir
**/*.bak_remove **/*.bak_remove
**/*.wrapped **/*.wrapped
data data
# Keys
**/*.pem

View File

@ -17,18 +17,31 @@ If not - it will still take mentioned ~ 1 minute + time needed for docker instal
## Here is how to install: ## Here is how to install:
### With certificates and HTTPS (optional):
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem). Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
**If you want to have your Grafana insecure comment following lines in** *docker-compose.yml*: Uncomment following lines in *docker-compose.yml*:
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
Also comment these lines in "deploy_all.sh":
```bash
...
volumes:
- grafana_lib:/var/lib/grafana
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
...
environment:
GF_AUTH_ANONYMOUS_ENABLED: "false"
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
...
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
...
``` ```
Also uncomment these lines in "deploy_all.sh":
```bash
## NOW LET'S SECURE GRAFANA ## NOW LET'S SECURE GRAFANA
# CHECKING OUT ORIGINAL FILE # CHECKING OUT ORIGINAL FILE
echo -e "checking out original docker-compose.yml" echo -e "checking out original docker-compose.yml"
@ -48,10 +61,9 @@ echo -e "reverting: changing https to http"
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
``` ```
Next execute: ### Deployment:
* $ clone the repository
* $ cd to cloned dir $ ./deploy_all.sh
* $ chmod +x ./deploy_all.sh; ./deploy_all.sh
Monitoring should be up and running http://_**hostname**_:3001/ Monitoring should be up and running http://_**hostname**_:3001/ or https://_**hostname**_:3001/

View File

@ -80,20 +80,17 @@ echo "adding dashboards..."
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
## NOW LET'S SECURE GRAFANA ### NOW LET'S SECURE GRAFANA
# CHECKING OUT ORIGINAL FILE ### STOPPING and REMOVING GRAFANA CONTAINER
echo -e "checking out original docker-compose.yml" #echo -e "stopping & removing grafana container"
git checkout docker-compose.yml #container_id=$(docker container ls | grep grafana| awk '{print $1}')
#docker stop $container_id
## STOPPING and REMOVING GRAFANA CONTAINER #docker rm $container_id
echo -e "stopping & removing grafana container" #find grafana -name '*.pem' -exec chmod 666 {} \;
container_id=$(docker container ls | grep grafana| awk '{print $1}') #
docker stop $container_id ## REPLACING HTTP with HTTPS
docker rm $container_id #echo -e "changing http to https"
#sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
# REPLACING HTTP with HTTPS #docker-compose up -d grafana
echo -e "changing http to https" #echo -e "reverting: changing https to http"
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml #sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
docker-compose up -d grafana
echo -e "reverting: changing https to http"
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml

View File

@ -35,8 +35,8 @@ services:
- private - private
volumes: volumes:
- grafana_lib:/var/lib/grafana - grafana_lib:/var/lib/grafana
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro # - ${PWD}/grafana/privkey1.pem:/privkey1.pem:ro
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro # - ${PWD}/grafana/fullchain1.pem:/fullchain1.pem:ro
- ${PWD}/grafana/:/var/lib/grafana/ds/ - ${PWD}/grafana/:/var/lib/grafana/ds/
environment: environment:
GF_AUTH_ANONYMOUS_ENABLED: "false" GF_AUTH_ANONYMOUS_ENABLED: "false"
@ -44,8 +44,8 @@ services:
GF_SECURITY_ADMIN_USER: "admin" GF_SECURITY_ADMIN_USER: "admin"
GF_SERVER_PROTOCOL: "http" GF_SERVER_PROTOCOL: "http"
GF_SERVER_DOMAIN: "sebson.ddns.net" GF_SERVER_DOMAIN: "sebson.ddns.net"
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem" # GF_SERVER_CERT_FILE: "/fullchain1.pem"
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem" # GF_SERVER_CERT_KEY: "/privkey1.pem"
GF_SERVER_METRICS_ENABLED: "true" GF_SERVER_METRICS_ENABLED: "true"
GF_SERVER_METRICS_INTERVAL_SECONDS: "10" GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
INFLUXDB_URI: "http://influxdb:8086" INFLUXDB_URI: "http://influxdb:8086"
@ -102,7 +102,7 @@ services:
- /var/run:/var/run:rw - /var/run:/var/run:rw
- /sys:/sys:ro - /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro - /var/lib/docker/:/var/lib/docker:ro
#- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux - /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
restart: unless-stopped restart: unless-stopped
expose: expose:
- 8080 - 8080