Merge pull request #1 from blasebast/feature_optional_https
Feature optional https
This commit is contained in:
sebastian blasiak
GitHub
commit
8409cbe751
3
.gitignore
vendored
3
.gitignore
vendored
@ -71,3 +71,6 @@ monitoring/monitoring_*_dir
|
|||||||
**/*.bak_remove
|
**/*.bak_remove
|
||||||
**/*.wrapped
|
**/*.wrapped
|
||||||
data
|
data
|
||||||
|
|
||||||
|
# Keys
|
||||||
|
**/*.pem
|
||||||
|
|||||||
38
README.md
38
README.md
@ -17,18 +17,31 @@ If not - it will still take mentioned ~ 1 minute + time needed for docker instal
|
|||||||
|
|
||||||
## Here is how to install:
|
## Here is how to install:
|
||||||
|
|
||||||
|
### With certificates and HTTPS (optional):
|
||||||
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
|
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
|
||||||
|
|
||||||
**If you want to have your Grafana insecure comment following lines in** *docker-compose.yml*:
|
Uncomment following lines in *docker-compose.yml*:
|
||||||
|
|
||||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
|
||||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Also comment these lines in "deploy_all.sh":
|
|
||||||
|
|
||||||
|
```bash
|
||||||
|
...
|
||||||
|
volumes:
|
||||||
|
- grafana_lib:/var/lib/grafana
|
||||||
|
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||||
|
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||||
|
...
|
||||||
|
environment:
|
||||||
|
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||||
|
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
|
||||||
|
...
|
||||||
|
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||||
|
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||||
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Also uncomment these lines in "deploy_all.sh":
|
||||||
|
|
||||||
|
```bash
|
||||||
## NOW LET'S SECURE GRAFANA
|
## NOW LET'S SECURE GRAFANA
|
||||||
# CHECKING OUT ORIGINAL FILE
|
# CHECKING OUT ORIGINAL FILE
|
||||||
echo -e "checking out original docker-compose.yml"
|
echo -e "checking out original docker-compose.yml"
|
||||||
@ -48,10 +61,9 @@ echo -e "reverting: changing https to http"
|
|||||||
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
Next execute:
|
### Deployment:
|
||||||
* $ clone the repository
|
|
||||||
* $ cd to cloned dir
|
$ ./deploy_all.sh
|
||||||
* $ chmod +x ./deploy_all.sh; ./deploy_all.sh
|
|
||||||
|
|
||||||
|
|
||||||
Monitoring should be up and running http://_**hostname**_:3001/
|
Monitoring should be up and running http://_**hostname**_:3001/ or https://_**hostname**_:3001/
|
||||||
|
|||||||
@ -80,20 +80,17 @@ echo "adding dashboards..."
|
|||||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
||||||
|
|
||||||
|
|
||||||
## NOW LET'S SECURE GRAFANA
|
### NOW LET'S SECURE GRAFANA
|
||||||
# CHECKING OUT ORIGINAL FILE
|
### STOPPING and REMOVING GRAFANA CONTAINER
|
||||||
echo -e "checking out original docker-compose.yml"
|
#echo -e "stopping & removing grafana container"
|
||||||
git checkout docker-compose.yml
|
#container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
||||||
|
#docker stop $container_id
|
||||||
## STOPPING and REMOVING GRAFANA CONTAINER
|
#docker rm $container_id
|
||||||
echo -e "stopping & removing grafana container"
|
#find grafana -name '*.pem' -exec chmod 666 {} \;
|
||||||
container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
#
|
||||||
docker stop $container_id
|
## REPLACING HTTP with HTTPS
|
||||||
docker rm $container_id
|
#echo -e "changing http to https"
|
||||||
|
#sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
||||||
# REPLACING HTTP with HTTPS
|
#docker-compose up -d grafana
|
||||||
echo -e "changing http to https"
|
#echo -e "reverting: changing https to http"
|
||||||
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
#sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||||
docker-compose up -d grafana
|
|
||||||
echo -e "reverting: changing https to http"
|
|
||||||
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
|
||||||
|
|||||||
@ -35,8 +35,8 @@ services:
|
|||||||
- private
|
- private
|
||||||
volumes:
|
volumes:
|
||||||
- grafana_lib:/var/lib/grafana
|
- grafana_lib:/var/lib/grafana
|
||||||
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
# - ${PWD}/grafana/privkey1.pem:/privkey1.pem:ro
|
||||||
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
# - ${PWD}/grafana/fullchain1.pem:/fullchain1.pem:ro
|
||||||
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
||||||
environment:
|
environment:
|
||||||
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||||
@ -44,8 +44,8 @@ services:
|
|||||||
GF_SECURITY_ADMIN_USER: "admin"
|
GF_SECURITY_ADMIN_USER: "admin"
|
||||||
GF_SERVER_PROTOCOL: "http"
|
GF_SERVER_PROTOCOL: "http"
|
||||||
GF_SERVER_DOMAIN: "sebson.ddns.net"
|
GF_SERVER_DOMAIN: "sebson.ddns.net"
|
||||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
# GF_SERVER_CERT_FILE: "/fullchain1.pem"
|
||||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
# GF_SERVER_CERT_KEY: "/privkey1.pem"
|
||||||
GF_SERVER_METRICS_ENABLED: "true"
|
GF_SERVER_METRICS_ENABLED: "true"
|
||||||
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
|
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
|
||||||
INFLUXDB_URI: "http://influxdb:8086"
|
INFLUXDB_URI: "http://influxdb:8086"
|
||||||
@ -102,7 +102,7 @@ services:
|
|||||||
- /var/run:/var/run:rw
|
- /var/run:/var/run:rw
|
||||||
- /sys:/sys:ro
|
- /sys:/sys:ro
|
||||||
- /var/lib/docker/:/var/lib/docker:ro
|
- /var/lib/docker/:/var/lib/docker:ro
|
||||||
#- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
|
- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
expose:
|
expose:
|
||||||
- 8080
|
- 8080
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user