Self-signed SSL certificates
On the host, create a directory for storing the self signed SSL certificates. This directory will be mounted in the Grafana container as well as in the InfluxDB container to /var/ssl . Create the self signed SSL certificates as follows:
mkdir -p /docker/ssl cd /docker/ssl/ # Generate a private key openssl genrsa -des3 -out server.key 1024 # Generate CSR openssl req -new -key server.key -out server.csr # Remove password openssl rsa -in server.key -out server.key # Generate self signed cert openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # Set permissions sudo chmod 644 server.crt sudo chmod 600 server.key
Next, create a config directory and create individual configuration files for Grafana and InfluxB: mkdir conf
Grafana
In the file ./conf/grafana/defaults.ini set the protocol to https and provide the paths to the mounted ssl directory in the container.
#################################### Server ############################## [server] # Protocol (http, https, socket) protocol = https ... ... # https certs & key file cert_file = /var/ssl/server.crt cert_key = /var/ssl/server.key ...
InfluxDB
The file ./conf/influxdb/influxdb.conf is also pretty simple. Add a [http] category and add the settings:
[meta] dir = "/var/lib/influxdb/meta" [data] dir = "/var/lib/influxdb/data" engine = "tsm1" wal-dir = "/var/lib/influxdb/wal" [http] https-enabled = true https-certificate ="/var/ssl/server.crt" https-private-key ="/var/ssl/server.key"
Environment
You can set environment variables in env files for the services.
env.grafana
GF_INSTALL_PLUGINS=grafana-clock-panel,briangann-gauge-panel,natel-plotly-panel,grafana-simple-json-datasource
env.influxdb
INFLUXDB_REPORTING_DISABLED=true INFLUXDB_DB= INFLUXDB_HTTP_AUTH_ENABLED=true INFLUXDB_ADMIN_USER=admin INFLUXDB_ADMIN_PASSWORD= INFLUXDB_USER= INFLUXDB_USER_PASSWORD= INFLUXDB_WRITE_USER= INFLUXDB_WRITE_USER_PASSWORD=
Docker Compose
Now you can launch the service by using docker-compose up for the following file. Note
version: '2'
services:
influxdb:
image: influxdb:latest
container_name: influxdb
ports:
- "8083:8083"
- "8086:8086"
- "8090:8090"
env_file:
- 'env.influxdb'
volumes:
- data-influxdb:/var/lib/influxdb
- /docker/ssl:/var/ssl
- /docker/conf/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf
grafana:
image: grafana/grafana:latest
container_name: grafana
ports:
- "3000:3000"
links:
- influxdb
env_file:
- 'env.grafana'
volumes:
- data-grafana:/var/lib/grafana
- /docker/ssl:/var/ssl
- /docker/conf/grafana/defaults.ini:/usr/share/grafana/conf/defaults.ini
volumes:
data-influxdb:
data-grafana:
Lets Encrypt Setup
If you require valid certificates, you can also use certificates from lets encrypt.
First, create the certificates on the host:
certbot certonly --standalone --preferred-challenges http --renew-by-default -d iot.example.org
Then use this docker-compose file.
version: '2'
services:
influxdb:
image: influxdb:latest
container_name: influxdb
ports:
- "8083:8083"
- "8086:8086"
- "8090:8090"
env_file:
- 'env.influxdb'
volumes:
- data-influxdb:/var/lib/influxdb
- /etc/letsencrypt/live/iot.example.org/fullchain.pem:/var/ssl/server.crt
- /etc/letsencrypt/live/iot.example.org/privkey.pem:/var/ssl/server.key
- /docker/conf/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf
grafana:
image: grafana/grafana:latest
container_name: grafana
ports:
- "3000:3000"
links:
- influxdb
env_file:
- 'env.grafana'
volumes:
- data-grafana:/var/lib/grafana
- /etc/letsencrypt/live/iot.example.org/fullchain.pem:/var/ssl/server.crt
- /etc/letsencrypt/live/iot.example.org/privkey.pem:/var/ssl/server.key
- /docker/conf/defaults.ini:/usr/share/grafana/conf/defaults.ini
volumes:
data-influxdb:
data-grafana: