Influxdb 2 - SSL
-
I've been running influx 1.7 and older versions of Telegraf and Grafana fine (non https). So thought it time to upgrade.
So i've installed influxdb 2.02 and Telegraf 1.16.2 on CentOS8 using the RPM packages from the site.
Then running the normalsystemctl start influxdb
I can log in fine http://dnsname:8086
But i now want to add SSL
I've installed and got some Certs and Keys via Letsncrypt but had to play with the permissions to get this command to work:-
influxd --tls-cert="/etc/letsencrypt/live/<domain>/fullchain.pem" --tls-key="/etc/letsencrypt/live/<domain>/privkey.pem"
That runs and i get influxdb on https://dnsname:8086 now
But how do I get that command to run as the influxdb service?
-
su -c
-
-
@hobbit666 said in Influxdb 2 - SSL:
@scottalanmiller said in Influxdb 2 - SSL:
su -c
Me being a linux newbie where do i put that?
On the same line as the command you're running, before it. So su -c command
But I think you're approaching this from wrong angle. Why don't you put reverse proxy in front of your services, like Nginx, Traefik, or Caddy and handle SSL certs there, and leave services as they are. -
@marcinozga said in Influxdb 2 - SSL:
On the same line as the command you're running, before it. So su -c command
But I think you're approaching this from wrong angle. Why don't you put reverse proxy in front of your services, like Nginx, Traefik, or Caddy and handle SSL certs there, and leave services as they are.I did consider it, but that's the easy way out
But if I want this to run as a service so after reboots it just works, where am I putting that?
As I've looked at the influxdb.service file and it has the exec line, but putting the whole command in there it doesn't run.
-
@hobbit666 said in Influxdb 2 - SSL:
@marcinozga said in Influxdb 2 - SSL:
On the same line as the command you're running, before it. So su -c command
But I think you're approaching this from wrong angle. Why don't you put reverse proxy in front of your services, like Nginx, Traefik, or Caddy and handle SSL certs there, and leave services as they are.I did consider it, but that's the easy way out
But if I want this to run as a service so after reboots it just works, where am I putting that?
As I've looked at the influxdb.service file and it has the exec line, but putting the whole command in there it doesn't run.
Any modern linux based system, the command to turn on a service and start it at boot is
systemctl enable --now thing.service
. So in your case you should runsudo systemctl enable --now influxdb.service
-
So been looking into this a bit more and influx have changed the way they handle stuff.
From the documents. looks like you can do a .yaml file
https://docs.influxdata.com/influxdb/v2.0/reference/config-options/But they also mention creating a config file
https://docs.influxdata.com/influxdb/v2.0/reference/cli/influx/config/create/So i'm a bit confused how to get these working as i've tried both and when i restart the service "systemctl restart influxdb" i can get onto the UI with http:// but not https://