Merge pull request #1 from blasebast/feature_optional_https
Feature optional https
This commit is contained in:
sebastian blasiak
3
.gitignore
vendored
3
.gitignore
vendored
@@ -71,3 +71,6 @@ monitoring/monitoring_*_dir
|
||||
**/*.bak_remove
|
||||
**/*.wrapped
|
||||
data
|
||||
|
||||
# Keys
|
||||
**/*.pem
|
||||
|
||||
38
README.md
38
README.md
@@ -17,18 +17,31 @@ If not - it will still take mentioned ~ 1 minute + time needed for docker instal
|
||||
|
||||
## Here is how to install:
|
||||
|
||||
### With certificates and HTTPS (optional):
|
||||
Prepare certificate in /etc/grafana/ (privkey1.pem, fullchain1.pem).
|
||||
|
||||
**If you want to have your Grafana insecure comment following lines in** *docker-compose.yml*:
|
||||
|
||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||
|
||||
|
||||
|
||||
Also comment these lines in "deploy_all.sh":
|
||||
Uncomment following lines in *docker-compose.yml*:
|
||||
|
||||
```bash
|
||||
...
|
||||
volumes:
|
||||
- grafana_lib:/var/lib/grafana
|
||||
# - /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||
# - /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||
...
|
||||
environment:
|
||||
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||
GF_SECURITY_ADMIN_PASSWORD: "nimda321"
|
||||
...
|
||||
# GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||
# GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||
...
|
||||
```
|
||||
|
||||
|
||||
Also uncomment these lines in "deploy_all.sh":
|
||||
|
||||
```bash
|
||||
## NOW LET'S SECURE GRAFANA
|
||||
# CHECKING OUT ORIGINAL FILE
|
||||
echo -e "checking out original docker-compose.yml"
|
||||
@@ -48,10 +61,9 @@ echo -e "reverting: changing https to http"
|
||||
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||
```
|
||||
|
||||
Next execute:
|
||||
* $ clone the repository
|
||||
* $ cd to cloned dir
|
||||
* $ chmod +x ./deploy_all.sh; ./deploy_all.sh
|
||||
### Deployment:
|
||||
|
||||
$ ./deploy_all.sh
|
||||
|
||||
|
||||
Monitoring should be up and running http://_**hostname**_:3001/
|
||||
Monitoring should be up and running http://_**hostname**_:3001/ or https://_**hostname**_:3001/
|
||||
|
||||
@@ -80,20 +80,17 @@ echo "adding dashboards..."
|
||||
docker exec -it -u 0 grafana /var/lib/grafana/ds/add_dashboards.sh
|
||||
|
||||
|
||||
## NOW LET'S SECURE GRAFANA
|
||||
# CHECKING OUT ORIGINAL FILE
|
||||
echo -e "checking out original docker-compose.yml"
|
||||
git checkout docker-compose.yml
|
||||
|
||||
## STOPPING and REMOVING GRAFANA CONTAINER
|
||||
echo -e "stopping & removing grafana container"
|
||||
container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
||||
docker stop $container_id
|
||||
docker rm $container_id
|
||||
|
||||
# REPLACING HTTP with HTTPS
|
||||
echo -e "changing http to https"
|
||||
sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
||||
docker-compose up -d grafana
|
||||
echo -e "reverting: changing https to http"
|
||||
sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||
### NOW LET'S SECURE GRAFANA
|
||||
### STOPPING and REMOVING GRAFANA CONTAINER
|
||||
#echo -e "stopping & removing grafana container"
|
||||
#container_id=$(docker container ls | grep grafana| awk '{print $1}')
|
||||
#docker stop $container_id
|
||||
#docker rm $container_id
|
||||
#find grafana -name '*.pem' -exec chmod 666 {} \;
|
||||
#
|
||||
## REPLACING HTTP with HTTPS
|
||||
#echo -e "changing http to https"
|
||||
#sed -i 's/GF_SERVER_PROTOCOL: "http"/GF_SERVER_PROTOCOL: "https"/g' docker-compose.yml
|
||||
#docker-compose up -d grafana
|
||||
#echo -e "reverting: changing https to http"
|
||||
#sed -i 's/GF_SERVER_PROTOCOL: "https"/GF_SERVER_PROTOCOL: "http"/g' docker-compose.yml
|
||||
|
||||
@@ -35,8 +35,8 @@ services:
|
||||
- private
|
||||
volumes:
|
||||
- grafana_lib:/var/lib/grafana
|
||||
- /etc/grafana/privkey1.pem:/etc/grafana/privkey1.pem:ro
|
||||
- /etc/grafana/fullchain1.pem:/etc/grafana/fullchain1.pem:ro
|
||||
# - ${PWD}/grafana/privkey1.pem:/privkey1.pem:ro
|
||||
# - ${PWD}/grafana/fullchain1.pem:/fullchain1.pem:ro
|
||||
- ${PWD}/grafana/:/var/lib/grafana/ds/
|
||||
environment:
|
||||
GF_AUTH_ANONYMOUS_ENABLED: "false"
|
||||
@@ -44,8 +44,8 @@ services:
|
||||
GF_SECURITY_ADMIN_USER: "admin"
|
||||
GF_SERVER_PROTOCOL: "http"
|
||||
GF_SERVER_DOMAIN: "sebson.ddns.net"
|
||||
GF_SERVER_CERT_FILE: "/etc/grafana/fullchain1.pem"
|
||||
GF_SERVER_CERT_KEY: "/etc/grafana/privkey1.pem"
|
||||
# GF_SERVER_CERT_FILE: "/fullchain1.pem"
|
||||
# GF_SERVER_CERT_KEY: "/privkey1.pem"
|
||||
GF_SERVER_METRICS_ENABLED: "true"
|
||||
GF_SERVER_METRICS_INTERVAL_SECONDS: "10"
|
||||
INFLUXDB_URI: "http://influxdb:8086"
|
||||
@@ -102,7 +102,7 @@ services:
|
||||
- /var/run:/var/run:rw
|
||||
- /sys:/sys:ro
|
||||
- /var/lib/docker/:/var/lib/docker:ro
|
||||
#- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
|
||||
- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- 8080
|
||||
|
||||
Reference in New Issue
Block a user