Self-signed SSL certificates
On the host, create a directory for storing the self signed SSL certificates. This directory will be mounted in the Grafana container as well as in the InfluxDB container to /var/ssl . Create the self signed SSL certificates as follows:
mkdir -p /docker/ssl cd /docker/ssl/ # Generate a private key openssl genrsa -des3 -out server.key 1024 # Generate CSR openssl req -new -key server.key -out server.csr # Remove password openssl rsa -in server.key -out server.key # Generate self signed cert openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # Set permissions sudo chmod 644 server.crt sudo chmod 600 server.key
Next, create a config directory and create individual configuration files for Grafana and InfluxB: mkdir conf
Grafana
In the file ./conf/grafana/defaults.ini set the protocol to https and provide the paths to the mounted ssl directory in the container.
#################################### Server ############################## [server] # Protocol (http, https, socket) protocol = https ... ... # https certs & key file cert_file = /var/ssl/server.crt cert_key = /var/ssl/server.key ...
InfluxDB
The file ./conf/influxdb/influxdb.conf is also pretty simple. Add a [http] category and add the settings:
[meta] dir = "/var/lib/influxdb/meta" [data] dir = "/var/lib/influxdb/data" engine = "tsm1" wal-dir = "/var/lib/influxdb/wal" [http] https-enabled = true https-certificate ="/var/ssl/server.crt" https-private-key ="/var/ssl/server.key"
Environment
You can set environment variables in env files for the services.
env.grafana
GF_INSTALL_PLUGINS=grafana-clock-panel,briangann-gauge-panel,natel-plotly-panel,grafana-simple-json-datasource
env.influxdb
INFLUXDB_REPORTING_DISABLED=true INFLUXDB_DB= INFLUXDB_HTTP_AUTH_ENABLED=true INFLUXDB_ADMIN_USER=admin INFLUXDB_ADMIN_PASSWORD= INFLUXDB_USER= INFLUXDB_USER_PASSWORD= INFLUXDB_WRITE_USER= INFLUXDB_WRITE_USER_PASSWORD=
Docker Compose
Now you can launch the service by using docker-compose up for the following file. Note
version: '2' services: influxdb: image: influxdb:latest container_name: influxdb ports: - "8083:8083" - "8086:8086" - "8090:8090" env_file: - 'env.influxdb' volumes: - data-influxdb:/var/lib/influxdb - /docker/ssl:/var/ssl - /docker/conf/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf grafana: image: grafana/grafana:latest container_name: grafana ports: - "3000:3000" links: - influxdb env_file: - 'env.grafana' volumes: - data-grafana:/var/lib/grafana - /docker/ssl:/var/ssl - /docker/conf/grafana/defaults.ini:/usr/share/grafana/conf/defaults.ini volumes: data-influxdb: data-grafana:
Lets Encrypt Setup
If you require valid certificates, you can also use certificates from lets encrypt.
First, create the certificates on the host:
certbot certonly --standalone --preferred-challenges http --renew-by-default -d iot.example.org
Then use this docker-compose file.
version: '2' services: influxdb: image: influxdb:latest container_name: influxdb ports: - "8083:8083" - "8086:8086" - "8090:8090" env_file: - 'env.influxdb' volumes: - data-influxdb:/var/lib/influxdb - /etc/letsencrypt/live/iot.example.org/fullchain.pem:/var/ssl/server.crt - /etc/letsencrypt/live/iot.example.org/privkey.pem:/var/ssl/server.key - /docker/conf/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf grafana: image: grafana/grafana:latest container_name: grafana ports: - "3000:3000" links: - influxdb env_file: - 'env.grafana' volumes: - data-grafana:/var/lib/grafana - /etc/letsencrypt/live/iot.example.org/fullchain.pem:/var/ssl/server.crt - /etc/letsencrypt/live/iot.example.org/privkey.pem:/var/ssl/server.key - /docker/conf/defaults.ini:/usr/share/grafana/conf/defaults.ini volumes: data-influxdb: data-grafana: