Influxdb 2 - SSL

hobbit666

I've been running influx 1.7 and older versions of Telegraf and Grafana fine (non https). So thought it time to upgrade.

So i've installed influxdb 2.02 and Telegraf 1.16.2 on CentOS8 using the RPM packages from the site.
Then running the normal

systemctl start influxdb

I can log in fine http://dnsname:8086

But i now want to add SSL

I've installed and got some Certs and Keys via Letsncrypt but had to play with the permissions to get this command to work:-

influxd --tls-cert="/etc/letsencrypt/live/<domain>/fullchain.pem" --tls-key="/etc/letsencrypt/live/<domain>/privkey.pem"

That runs and i get influxdb on https://dnsname:8086 now

But how do I get that command to run as the influxdb service?

scottalanmiller

su -c

hobbit666

@scottalanmiller said in Influxdb 2 - SSL:

su -c

Me being a linux newbie where do i put that?

marcinozga

@hobbit666 said in Influxdb 2 - SSL:

@scottalanmiller said in Influxdb 2 - SSL:

su -c

Me being a linux newbie where do i put that?

On the same line as the command you're running, before it. So su -c command
But I think you're approaching this from wrong angle. Why don't you put reverse proxy in front of your services, like Nginx, Traefik, or Caddy and handle SSL certs there, and leave services as they are.

hobbit666

@marcinozga said in Influxdb 2 - SSL:

On the same line as the command you're running, before it. So su -c command
But I think you're approaching this from wrong angle. Why don't you put reverse proxy in front of your services, like Nginx, Traefik, or Caddy and handle SSL certs there, and leave services as they are.

I did consider it, but that's the easy way out

But if I want this to run as a service so after reboots it just works, where am I putting that?

As I've looked at the influxdb.service file and it has the exec line, but putting the whole command in there it doesn't run.

travisdh1

@hobbit666 said in Influxdb 2 - SSL:

@marcinozga said in Influxdb 2 - SSL:

On the same line as the command you're running, before it. So su -c command
But I think you're approaching this from wrong angle. Why don't you put reverse proxy in front of your services, like Nginx, Traefik, or Caddy and handle SSL certs there, and leave services as they are.

I did consider it, but that's the easy way out

But if I want this to run as a service so after reboots it just works, where am I putting that?

As I've looked at the influxdb.service file and it has the exec line, but putting the whole command in there it doesn't run.

Any modern linux based system, the command to turn on a service and start it at boot is systemctl enable --now thing.service. So in your case you should run sudo systemctl enable --now influxdb.service

hobbit666

So been looking into this a bit more and influx have changed the way they handle stuff.

From the documents. looks like you can do a .yaml file
https://docs.influxdata.com/influxdb/v2.0/reference/config-options/

But they also mention creating a config file
https://docs.influxdata.com/influxdb/v2.0/reference/cli/influx/config/create/

So i'm a bit confused how to get these working as i've tried both and when i restart the service "systemctl restart influxdb" i can get onto the UI with http:// but not https://