[Up]常用資訊

[重點文章] 重點文章 [重點文章] 重點文章

2020年5月29日 星期五

[Debian] 使用 Nginx Reverse Proxy 開啟 GRAFANA SERVER

[Debian] 使用 Nginx Reverse Proxy 開啟 GRAFANA SERVER

 
#Step: 01 – Grafana 設定檔在 Debian 10 上
說明 


[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# vi /etc/grafana/grafana.ini
[...]
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = http://localhost:3000/grafana/
[...]

– After any modification to the file grafana.ini you should restart Grafana Server

[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# systemctl restart grafana-server
 
#Step: 02 – Nginx 設定檔在 Debian 10 上
說明 


[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# mkdir /etc/nginx/sites-available/ /etc/nginx/sites-enabled


– Let’s create a new nginx block named Grafanalabs.local.conf:

[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# vi /etc/nginx/sites-available/Grafanalabs.local.conf
server {
  listen      80;
  listen      [::]:80 ipv6only=on;
  server_name Grafanalabs.local www.Grafanalabs.local;
  root /usr/share/nginx/www;
  index index.html index.htm;

  location /grafana/ {
   proxy_pass http://localhost:3000/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-Host $host;
   proxy_set_header X-Forwarded-Server $host;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

– Now that we have created our server block file, we need to enable it. To do this, we have to create a symbolic link for the server block in the sites-enabled directory.

[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# ln -s /etc/nginx/sites-available/Grafanalabs.local.conf /etc/nginx/sites-enabled/Grafanalabs.local.conf


– To check the use the bolow command:

[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

– 重新確認設定沒問題後 reload Nginx using the following command:

[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# systemctl reload nginx
 
#Step: 03 – Grafana 使用 sub 目錄 在 Nginx 設定檔 Debian 10 上
說明 


– In grafana.ini file add the below line

[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# vi /etc/grafana/grafana.ini
[...]
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
[server]
#domain = example.com #如果需要才需要開啟
root_url = %(protocol)s://%(domain)s:%(http_port)s/grafana/
serve_from_sub_path = true
[...]

– After any modification to the file grafana.ini you should restart Grafana Server

[ root@Debian10-4-InfluxDB-Telegraf-Grafana ~]# systemctl restart grafana-server

– Let’s create a new nginx block file as below:

[root@ylclgrfas01 ~]# vi /etc/nginx/sites-available/grafana.yallalabs.local.conf
server {
  listen      80;
  listen      [::]:80 ipv6only=on;
  server_name grafana.yallalabs.local www.grafana.yallalabs.local;

  location / {
   proxy_pass http://localhost:3000;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-Host $host;
   proxy_set_header X-Forwarded-Server $host;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}
 
#Step: 04 – 附件
說明 


=====================================================================================================

# The full public facing url
#root_url = %(protocol)s://%(domain)s:%(http_port)s/
root_url = http://localhost:3000/grafana/

=====================================================================================================

#user  nobody
worker_processes  1;

error_log  /var/log/nginx/error.log warn;

events {
	worker_connections  1024;
}

http {

	include	   mime.types;
	default_type  application/octet-stream;

	#gzip setup
	gzip on; 
	gzip_http_version 1.1; 
	gzip_vary on; 
	gzip_comp_level 6; 
	gzip_proxied any; 
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js; 
	gzip_buffers 16 8k; 
	
	
	sendfile		on;	
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	#log formats
	log_format grafana '$time_iso8601 $remote_addr - $remote_user $proxy_host$request$cookie_grafanasess "$request" $status $body_bytes_sent $request_time' ;	
	log_format influx '$time_iso8601 $remote_addr - $remote_user "$scheme://$server_name/$uri" $status $body_bytes_sent $request_time' ;
	
	#proxy cache formats
	proxy_cache_path temp/grafana_cache levels=1:2 keys_zone=grafana_cache:25m max_size=500m inactive=5m use_temp_path=off;
	proxy_cache_path temp/influx_cache levels=1:2 keys_zone=influx_cache:25m max_size=50m inactive=15m use_temp_path=off;
	
	##################################Maps to detect Influx hardcoded traffic############################
	#check the referer to identify requests originated by Influx Web UI
	map $http_referer $proxyloc {	
		~*influx influx;
	}
	
	#Influx Web API end points
	map $request_uri $backend {	
		~*query influxdb;
		~*write influxdb;
		~*ping  influxdb;
	}
	
	#We will enable caching for only queries, not for regular UI pages of grafana
	map $request_uri $nonquery {	
		~*query 0;
		default 1;
	}
	#####################################################################################################
	
	######################################Upstream servers###############################################
	
	upstream grafana {
		server localhost:3000;
		keepalive 15;
	}
	
	upstream influx {
		server localhost:8083;
		keepalive 10;
	}
	
	upstream influxdb {
		server localhost:8086;
		keepalive 10;
	}
	#####################################################################################################
	
	
	server {
		listen	   80;
		server_name  grafana.adystech.com;
		
		############################### proxy grafana################################################### 
		location /grafana/ {
			proxy_buffering on;
			proxy_buffers 8 128k;
			proxy_buffer_size 128k;
			
			proxy_set_header   Host             $host;
			proxy_set_header   X-Real-IP        $remote_addr;
			proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
 			proxy_http_version 1.1;
			proxy_set_header Connection "";
			
			access_log /var/log/nginx/grafana-access.log grafana buffer=1024 flush=5m;
			proxy_pass http://grafana/;
			proxy_redirect     default;				
			
			proxy_cache_key "$request_uri";
			proxy_cache_min_uses 1;			
			proxy_cache grafana_cache;
			proxy_cache_bypass $nonquery;
			proxy_cache_valid 200 302 120s;
			proxy_cache_valid 404 1m;
			add_header X-Cache-Status $upstream_cache_status;
			
			#proxy_cache_key $proxy_host$request$cookie_grafanasess;
			#proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
		}
		################################################################################################
		
		############################### proxy influx db#################################################
		#proxy influxDB
		location /influx/ {
			auth_basic		   "Needs Autherization to visit";
			auth_basic_user_file influx.conf;

			root /inflx/;
			access_log /var/log/nginx/influx-access.log influx buffer=1024 flush=5m;
			proxy_pass http://influx/;
			proxy_redirect default;
			proxy_set_header   Host			 $host;
			proxy_set_header   X-Real-IP		$remote_addr;
			proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
			proxy_set_header Authorization "";

			#for keep alive to work
			proxy_http_version 1.1;
			proxy_set_header Connection "";

			#handle upstream timeout
			proxy_max_temp_file_size 0;
			proxy_connect_timeout	  240;
			proxy_send_timeout		 240;
			proxy_read_timeout		 240;

			#cache the static content
			expires 1d;
			add_header Pragma public;
			add_header Cache-Control "public";

			#cahce dynamic data
			proxy_cache influx_cache;
			proxy_cache_min_uses 1;
			proxy_cache_valid 200 302 30s;
			proxy_cache_valid 404 1m;		
			add_header X-Cache-Status $upstream_cache_status;
		}
		
		location /influxdb/ {
			auth_basic "Needs Autherization to visit";
			auth_basic_user_file influx.conf;

			root /influxdb/;
			access_log /var/log/nginx/influx-access.log influx buffer=1024 flush=5m;
			proxy_pass http://influxdb/;
			proxy_redirect default;
			proxy_http_version 1.1;
			proxy_set_header Connection "";
			proxy_set_header Authorization "";

			proxy_set_header   Host			 $host;
			proxy_set_header   X-Real-IP		$remote_addr;
			proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
			proxy_max_temp_file_size 0;
			proxy_connect_timeout	  240;
			proxy_send_timeout		 240;
			proxy_read_timeout		 240;
			expires -1;
			add_header Cache-Control private;
		}
		################################################################################################
		
		###################Default location also handles the Influx redirects###########################
		location /{
			if ($backend) {
				return 302 /$backend/$request_uri;
			}

			if ($proxyloc) {
				return 302 /$proxyloc/$uri;
			}
			return 302 /grafana/;
		}
		################################################################################################
	}
}

vi /etc/grafana/grafana.ini

root_url = http://localhost:3000/grafana/

root_url = %(protocol)s://%(domain)s/grafana/

Step 3: Install Nginx

apt install nginx -y

編輯 /etc/nginx/sites-available/default


  location /grafana/ {
   proxy_pass http://localhost:3000/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-Host $host;
   proxy_set_header X-Forwarded-Server $host;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
標籤: , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)