Skip to content

Instantly share code, notes, and snippets.

@rigwild

rigwild/netdata.md

Last active April 15, 2022 19:27
Show Gist options
  • Save rigwild/a46de3b9003eb4fda0b1fa03adb237bb to your computer and use it in GitHub Desktop.
Save rigwild/a46de3b9003eb4fda0b1fa03adb237bb to your computer and use it in GitHub Desktop.
Download ZIP
Tutorial to install the Netdata host monitoring agent - Behind a NGINX virtual host and password protected + TLS
Raw
netdata.md

Install Netdata

Netdata is a distributed and real-time health monitoring and performance troubleshooting toolkit for monitoring your systems and applications.

Install required packages

sudo apt install -y nginx snapd
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

wget -O /tmp/netdata-kickstart.sh https://my-netdata.io/kickstart.sh \
  && sh /tmp/netdata-kickstart.sh --disable-telemetry --disable-cloud

Configure NGINX virtual host

# Domain where you will access your Netdata dashboard
my_monitoring_domain=my-cool.domain.example.com

# Create a login and password to protect the endpoint with basic authentication
sudo sh -c "echo -n 'your_username:' >> /etc/nginx/.htpasswd"
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd" # will prompt for password

sudo bash -c "cat >> /etc/nginx/sites-available/$my_monitoring_domain" << EOL
upstream backend {
    # the Netdata server
    server 127.0.0.1:19999;
    keepalive 64;
}

server {
    # nginx listens to this
    listen 80;
    # uncomment the line if you want nginx to listen on IPv6 address
    #listen [::]:80;

    # the virtual host name of this
    server_name $my_monitoring_domain;
    auth_basic "Protected";
    auth_basic_user_file /etc/nginx/.htpasswd;

    location / {
        proxy_set_header X-Forwarded-Host \$host;
        proxy_set_header X-Forwarded-Server \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
    }
}
EOL

Install a TLS certificate

sudo certbot

Activate the NGINX virtual host

sudo ln -s "/etc/nginx/sites-available/$my_monitoring_domain" "/etc/nginx/sites-enabled/$my_monitoring_domain"
sudo service nginx restart

Do not let Netdata expose the dashboard to the internet using IP:port (bypasses password protection)

sudo /etc/netdata/edit-config netdata.conf

Append this at the end of the file:

[web]
    # stop netdata from being accessible with ip:port
    bind to = 127.0.0.1 ::1

You may also change the name of the node in the Netdata panel

[global]
    hostname = my-node-name
sudo service netdata restart

Voilà! Netdata should be accessible at the URL you defined, protected by a password and a TLS certificate. ✌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment