This config will enable Nginx to listen on port 80, and act as a reverse proxy for grafana (refer to the custom ini root_url section below), and Influx DB. Influx DB has a problem where it is using root path on admin UII (refer issue#5352) and this config handles it via referrer and api end point redirects.
Last active
January 19, 2025 13:38
-
-
Save mvadu/5fbb7f5676ce31f2b1e6 to your computer and use it in GitHub Desktop.
nginx config for using grafana, Influxdb via reverse proxy with authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The full public facing url | |
| #root_url = %(protocol)s://%(domain)s:%(http_port)s/ | |
| root_url = http://localhost:80/grafana/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #user nobody | |
| worker_processes 1; | |
| error_log /var/log/nginx/error.log warn; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| #gzip setup | |
| gzip on; | |
| gzip_http_version 1.1; | |
| gzip_vary on; | |
| gzip_comp_level 6; | |
| gzip_proxied any; | |
| gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js; | |
| gzip_buffers 16 8k; | |
| sendfile on; | |
| tcp_nopush on; | |
| tcp_nodelay on; | |
| keepalive_timeout 65; | |
| types_hash_max_size 2048; | |
| server_tokens off; | |
| #log formats | |
| log_format grafana '$time_iso8601 $remote_addr - $remote_user $proxy_host$request$cookie_grafanasess "$request" $status $body_bytes_sent $request_time' ; | |
| log_format influx '$time_iso8601 $remote_addr - $remote_user "$scheme://$server_name/$uri" $status $body_bytes_sent $request_time' ; | |
| #proxy cache formats | |
| proxy_cache_path temp/grafana_cache levels=1:2 keys_zone=grafana_cache:25m max_size=500m inactive=5m use_temp_path=off; | |
| proxy_cache_path temp/influx_cache levels=1:2 keys_zone=influx_cache:25m max_size=50m inactive=15m use_temp_path=off; | |
| ##################################Maps to detect Influx hardcoded traffic############################ | |
| #check the referer to identify requests originated by Influx Web UI | |
| map $http_referer $proxyloc { | |
| ~*influx influx; | |
| } | |
| #Influx Web API end points | |
| map $request_uri $backend { | |
| ~*query influxdb; | |
| ~*write influxdb; | |
| ~*ping influxdb; | |
| } | |
| #We will enable caching for only queries, not for regular UI pages of grafana | |
| map $request_uri $nonquery { | |
| ~*query 0; | |
| default 1; | |
| } | |
| ##################################################################################################### | |
| ######################################Upstream servers############################################### | |
| upstream grafana { | |
| server localhost:3000; | |
| keepalive 15; | |
| } | |
| upstream influx { | |
| server localhost:8083; | |
| keepalive 10; | |
| } | |
| upstream influxdb { | |
| server localhost:8086; | |
| keepalive 10; | |
| } | |
| ##################################################################################################### | |
| server { | |
| listen 80; | |
| server_name grafana.adystech.com; | |
| ############################### proxy grafana################################################### | |
| location /grafana/ { | |
| proxy_buffering on; | |
| proxy_buffers 8 128k; | |
| proxy_buffer_size 128k; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| access_log /var/log/nginx/grafana-access.log grafana buffer=1024 flush=5m; | |
| proxy_pass http://grafana/; | |
| proxy_redirect default; | |
| proxy_cache_key "$request_uri"; | |
| proxy_cache_min_uses 1; | |
| proxy_cache grafana_cache; | |
| proxy_cache_bypass $nonquery; | |
| proxy_cache_valid 200 302 120s; | |
| proxy_cache_valid 404 1m; | |
| add_header X-Cache-Status $upstream_cache_status; | |
| #proxy_cache_key $proxy_host$request$cookie_grafanasess; | |
| #proxy_ignore_headers X-Accel-Expires Expires Cache-Control; | |
| } | |
| ################################################################################################ | |
| ############################### proxy influx db################################################# | |
| #proxy influxDB | |
| location /influx/ { | |
| auth_basic "Needs Autherization to visit"; | |
| auth_basic_user_file influx.conf; | |
| root /inflx/; | |
| access_log /var/log/nginx/influx-access.log influx buffer=1024 flush=5m; | |
| proxy_pass http://influx/; | |
| proxy_redirect default; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Authorization ""; | |
| #for keep alive to work | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| #handle upstream timeout | |
| proxy_max_temp_file_size 0; | |
| proxy_connect_timeout 240; | |
| proxy_send_timeout 240; | |
| proxy_read_timeout 240; | |
| #cache the static content | |
| expires 1d; | |
| add_header Pragma public; | |
| add_header Cache-Control "public"; | |
| #cahce dynamic data | |
| proxy_cache influx_cache; | |
| proxy_cache_min_uses 1; | |
| proxy_cache_valid 200 302 30s; | |
| proxy_cache_valid 404 1m; | |
| add_header X-Cache-Status $upstream_cache_status; | |
| } | |
| location /influxdb/ { | |
| auth_basic "Needs Autherization to visit"; | |
| auth_basic_user_file influx.conf; | |
| root /influxdb/; | |
| access_log /var/log/nginx/influx-access.log influx buffer=1024 flush=5m; | |
| proxy_pass http://influxdb/; | |
| proxy_redirect default; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| proxy_set_header Authorization ""; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_max_temp_file_size 0; | |
| proxy_connect_timeout 240; | |
| proxy_send_timeout 240; | |
| proxy_read_timeout 240; | |
| expires -1; | |
| add_header Cache-Control private; | |
| } | |
| ################################################################################################ | |
| ###################Default location also handles the Influx redirects########################### | |
| location /{ | |
| if ($backend) { | |
| return 302 /$backend/$request_uri; | |
| } | |
| if ($proxyloc) { | |
| return 302 /$proxyloc/$uri; | |
| } | |
| return 302 /grafana/; | |
| } | |
| ################################################################################################ | |
| } | |
| } |
Hi.
Thanks for sharing your configuration.
Generally, I connect to an InfluxDB instance by specifying its host and, optionally, its port. With the InfluxDB HTTP endpoint served at the subdirectory/influxdb/, how to connect to it via theinfluxCLi tool?
you can try:
influx -host <<your_host>> -path-prefix /influxdb/ -ssl -port 443
👍
If you're stumbling across this gist because you have issues running InfluxDB2 behind a reverse proxy here's the issue you can look into: influxdata/influxdb#15721
Hi is this applicable too on InfluxDB1.8 + ?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi.
Thanks for sharing your configuration.
Generally, I connect to an InfluxDB instance by specifying its host and, optionally, its port. With the InfluxDB HTTP endpoint served at the subdirectory
/influxdb/, how to connect to it via theinfluxCLi tool?